配置安全web服务

2024-01-19 14:03:52

为站点 http://system1.group8.example.com 配置TLS加密:

1、一个已签名证书从 http://server.group8.example.com/pub/tls/certs/system1.crt 获取

2、此证书的密钥从 http://server.group8.example.com/pub/tls/private/system1.key 获取

3、此证书的签名授权信息从 http://server.group8.example.com/pub/tls/certs/ssl-ca.crt 获取

答:

再system1上执行:

1、安装 ssl 模块

yum install mod_ssl -y

2、修改配置文件

vim /etc/httpd/conf.d/httd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName system1.group8.example.com
    
    <Directory "/var/www/html">
        <RequireAll>
            Require all granted
            Require not host .my133t.org
        </RequireAll>
    </Directory>

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateKeyFile /etc/pki/tls/certs/system1.crt
    SSLCertificateKeyFile /etc/pki/tls/private/system1.key
    SSLCACertificateFile /etc/pki/tls/certs/ssl-ca.crt

</VirtualHost>

3、下载证书

# 下载证书到指定目录内
wget -O /etc/pki/tls/certs/system1.crt http://server.group8.example.com/pub/tls/certs/system1.crt
wget -O /etc/pki/tls/private/system1.key http://server.group8.example.com/pub/tls/private/system1.key
wget -O /etc/pki/tls/certs/ssl-ca.crt http://server.group8.example.com/pub/tls/certs/ssl-ca.crt

4、添加防火墙

firewall-cmd --permanent  --add-service=https
firewall-cmd --reload

5、重启web服务

systemctl restart httpd

验证:再system2上验证

curl -k https://system1.group8.example.com

 

更多详情:https://www.cnblogs.com/xiangsikai/p/9810290.html

 

上一篇:5 搭建apiserver


下一篇:报错:error setting certificate verify locations: CAfile: D:/Git/anz/Git/mingw64/ssl/certs/ca-bundle.cr