########https#######

1.https定義

Hyper text transfer protocol over Secure socker layer

通過ssl

如果加密的通信非常重要,而經過驗證的身份不重要,管理員可以通過生成self-

signed certificate來避免與認證機構進行交互所帶來的復雜性。

使用genkey實用程序(通過crypto-utils軟件包分發),生成自簽名證書及其關聯的

私鑰。為了簡化起見,genkey將在“正確”的位置(/etc/pki/tls目錄)創建證書及其

關聯的密鑰。相應地,必須以授權用戶(root)身份運行該實用程序。

2.配置

yum install mod_ssl -y

yum install crypto-utils -y

genkey www.westos.com

[[email protected] virtual]# genkey www.westos.com ##配置鑰匙

@@@@@@@

/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.6165 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key

cmdstr: makecert

cmd_CreateNewCert

command: makecert

keysize = 1024 bits

subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.6165

output will be written to /etc/pki/tls/certs/www.westos.com.crt

output key written to /etc/pki/tls/private/www.westos.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key

Wrote the key to:

/etc/pki/tls/private/www.westos.com.key

@@@@@@@@

/etc/pki/tls/private/www.westos.com.key

/etc/pki/tls/certs/www.westos.com.crt

vim /etc/httpd/conf.d/login.conf

[[email protected] conf.d]# ls

autoindex.conf login.conf php.conf squid.conf userdir.conf

default.conf news.conf README ssl.conf welcome.conf

[[email protected] conf.d]# vim ssl.conf ##添加加密字符文件

@@@@@@

# pass phrase. Note that a kill -HUP will prompt again. A new

# certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

# Server Private Key:

# If the key is not combined with the certificate, use this

# directive to point at the key file. Keep in mind that if

# you‘ve both a RSA and a DSA private key you can configure

# both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

# Server Certificate Chain:

# Point SSLCertificateChainFile at a file containing the

# concatenation of PEM encoded CA certificates which form the

# certificate chain for the server certificate. Alternatively

@@@@@@@

[[email protected] conf.d]# vim login.conf

<Virtualhost *:443>

ServerName "login.westos.com"

DocumentRoot "/var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on ##開啟https功能

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##證書

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密鑰

</Virtualhost>

<Directory "/var/www/virtual/login.westos.com/html">

Require all granted

</Directory>

</Virtualhost *:80> ##網頁重寫實現自動訪問（把所有80端口的請求全部重定向由https來處理）

ServerName login.westos.com

RewriteEngine on

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</Virtualhost>

^(/.*)$ http://%{HTTP_HOST}$1 [redirect=301]

^(/.*)$ ##客戶主機在地址欄中寫入的所有字符，除過換行符

http:// ##定向成為的訪問協議

%{HTTP_HOST} ##客戶請求主機

$1##$1的值就表示^(/.*)$ 的值

[redirect=301] ##臨時重定向 302表示永久定向

mkdir /var/www/virtual/login.westos.com/html -p

vim /var/www/virtual/login.westos.com/html/index.html

systemctl restart httpd

測試：

在客戶主機中添加解析

172.25.254.113 login.westos.com

訪問http://login.westos.com 會實現自動調轉

https://login.westos.com 實現網頁數據加密傳送

本文出自 “AELY木” 博客，請務必保留此出處http://12768057.blog.51cto.com/12758057/1926547

https