为站点 http://system1.group8.example.com 配置TLS加密:
1、一个已签名证书从 http://server.group8.example.com/pub/tls/certs/system1.crt 获取
2、此证书的密钥从 http://server.group8.example.com/pub/tls/private/system1.key 获取
3、此证书的签名授权信息从 http://server.group8.example.com/pub/tls/certs/ssl-ca.crt 获取
答:
再system1上执行:
1、安装 ssl 模块
yum install mod_ssl -y
2、修改配置文件
vim /etc/httpd/conf.d/httd-vhosts.conf
<VirtualHost *:80> DocumentRoot "/var/www/html" ServerName system1.group8.example.com <Directory "/var/www/html"> <RequireAll> Require all granted Require not host .my133t.org </RequireAll> </Directory> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateKeyFile /etc/pki/tls/certs/system1.crt SSLCertificateKeyFile /etc/pki/tls/private/system1.key SSLCACertificateFile /etc/pki/tls/certs/ssl-ca.crt </VirtualHost>
3、下载证书
# 下载证书到指定目录内 wget -O /etc/pki/tls/certs/system1.crt http://server.group8.example.com/pub/tls/certs/system1.crt wget -O /etc/pki/tls/private/system1.key http://server.group8.example.com/pub/tls/private/system1.key wget -O /etc/pki/tls/certs/ssl-ca.crt http://server.group8.example.com/pub/tls/certs/ssl-ca.crt
4、添加防火墙
firewall-cmd --permanent --add-service=https firewall-cmd --reload
5、重启web服务
systemctl restart httpd
验证:再system2上验证
curl -k https://system1.group8.example.com
更多详情:https://www.cnblogs.com/xiangsikai/p/9810290.html