Redhat7 配置https

Redhat7 配置https


分为自签名证书和第3方证书(此时实验为第3方,自签名略)

 

安装:

# yum install httpd mod_ssl

 

生成key

# openssl genrsa 2048 > www.key

 

生成请求csr:

# openssl req –new –key www.key –out www.csr  (下面看着写,主机名处要准确,其它可准可不准)

 

CA端(将.csr转换为.crt):

# openssl ca –in /var/www.csr –out /var/www.crt

 

 

针对考试(会有3个文件:www.keywww.crtexample-ca.crt

 

# vi /etc/httpd/conf.d/ssl.conf  (将默认的改掉即可)

 

Servername www.example.com:443

 

SSLCertificateFile   /etc/pki/tls/certs/www.crt

SSLCertificateKeyFile   /etc/pki/tls/certs/www.key

SSLCertificateChainFile   /etc/pki/tls/certs/exsample-ca.crt

 

:wq

 

# systemctl start httpd

# systemctl enable httpd

 

# restorcon /etc/pki/tls/certs/*.crt

# restorcon /etc/pki/tls/certs/*.key

 

# firewall-cmd –permanet –add-service=http

# firewall-cmd –permanet –add-service=https

 

客户端访问(若在公网有做第3方认证可不用做下面操作):

 

导入根证书:浏览器-Edit-Preferences-Advanced-Cerificates-ViewCertificates-Authorities—Import-勾选Trust this CA to identify websites –OK

 

# vi /etc/hosts

10.0.0.2  www.example.com

:wq

 

访问:https://www.example.com(必须用域名访问,ip不行)

本文转自linux博客51CTO博客,原文链接http://blog.51cto.com/yangzhiming/1721751如需转载请自行联系原作者


yangzhimingg

上一篇:26、深入浅出MFC学习笔记,消息映射与命令传递


下一篇:nginx配置https