準備
yum install mod_ssl openssl
生成一個自簽名證書
cd /etc/pki/CA
1.生成2048位的加密私鑰
openssl genrsa -out server.key 2048
2.生成證書籤名請求
openssl req -new -key server.key -out server.csrYou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:test.com
Email Address []:[email protected]Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456An optional company name []:test
3.生成型別為X509的自簽名證書(有效期36500天)
openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt
3.配置Apache服務
vim /etc/httpd/conf.d/ssl.conf
1.修改下面的內容
SSLCertificateFile /etc/pki/CA/server.crt
SSLCertificateKeyFile /etc/pki/CA/server.key
2.重啟Apache
/etc/init.d/httpd restart
4.調整虛擬主機
cd /etc/httpd/conf.d
vim test.conf
新增以下內容
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/CA/server.crt
SSLCertificateKeyFile /etc/pki/CA/server.key
<Directory /var/www/html/>
AllowOverride All
</Directory>
ServerAdmin [email protected]
DocumentRoot /var/www/html/
ServerName www.test.com
</VirtualHost>
5.測試訪問
1.因為域名只是一個測試的,所以需要再Windows下繫結hosts,自定繫結
2.訪問測試
https://Ip