Apache https服务器配置笔记
环境:centos6.5
两台主机,一个是CA签证 一个是apache服务器
第一步:apache上安装ssl支持
yum install -y mod_ssl
然后httpd -M就能看到ssl模块了
ssl_module (shared)
第二步:在CA机器上生成自签证书
先生成私钥
[root@slave CA]# cd /etc/pki/CA
[root@slave CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
..........................................................+++
...................................................................+++
e is 65537 (0x10001)
这样就是成功了
生成自签证书
[root@slave CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:hu
Organizational Unit Name (eg, section) []:hu
Common Name (eg, your name or your server's hostname) []:ca.8.com
Email Address []:a
[root@slave CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:hu
Organizational Unit Name (eg, section) []:hu
Common Name (eg, your name or your server's hostname) []:ca.920.com
Email Address []:admin@920.com
到这里,自签证书就生成完毕了
第三步:新建证书数据库
[root@slave CA]# touch index.txt #证书数据库
[root@slave CA]# echo 01 serial #序列号
第四步:在apache机器上生成一堆密钥
[root@nginx ~]# mkdir /etc/httpd/ssl
[root@nginx ~]# (umask 077;openssl genrsa 1024 > httpd.key)
Generating RSA private key, 1024 bit long modulus
....++++++
.......++++++
e is 65537 (0x10001)
生成CA证书请求
注意,这里一定要跟CA上面输入的一直,hostname例外
[root@nginx ssl]# openssl req -new -key httpd.key -out http.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:^C
[root@nginx ssl]# openssl req -new -key httpd.key -out http.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:hu
Organizational Unit Name (eg, section) []:hu
Common Name (eg, your name or your server's hostname) []:qq.com
Email Address []:admin@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
然后将此http.csr拷贝到CA服务器上签名
第五步:在CA上签名
[root@slave CA]# openssl ca -in /tmp/http.csr -out /tmp/http.rt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Feb 13 10:03:52 2015 GMT
Not After : Feb 10 10:03:52 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = gd
organizationName = hu
organizationalUnitName = hu
commonName = qq.com
emailAddress = admin@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A5:7E:50:2A:8C:4D:B5:E3:DB:72:D7:F8:CE:E2:20:B0:F9:FD:18:0D
X509v3 Authority Key Identifier:
keyid:45:71:85:FA:99:EE:F1:0E:0F:EC:AB:6D:8C:F7:1F:A2:32:DF:31:6A
Certificate is to be certified until Feb 10 10:03:52 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
签名成功
[root@slave CA]# cat /etc/pki/CA/index.txt
V 250210100352Z 01 unknown /C=CN/ST=gd/O=hu/OU=hu/CN=qq.com/emailAddress=admin@qq.com
可以看到数据库更新了
转载于:https://blog.51cto.com/niubdada/1750637
Apache https服务器配置笔记相关推荐
- iOS app 企业内部发布及HTTPS服务器配置
转自: http://www.cnblogs.com/cocoajin/p/4082488.html iOS企业内部发布及HTTPS服务器配置 一:所需的条件 1. 苹果开发者证书,企业版 299$ ...
- CentOS生成自签名证书配置Apache https
CentOS生成自签名证书配置Apache https apache的安装就不用说了 1.安装完apache之后,安装mod_ssl和openssl yum install mod_ssl opens ...
- 华为RH2285 服务器配置笔记
华为RH2285 服务器配置笔记 五月份在咸鱼上花四百块买了一台战损版华为RH2285,注意不是2285 V2,是2285 刚到时简单的开机运行了一下,体验了一把直升机起飞的感觉(卖家附送了一个CPU ...
- Linux 环境 Apache Web 服务器配置详解
Linux 环境 Apache Web 服务器配置详解 文章目录 Linux 环境 Apache Web 服务器配置详解 一.安装 http 服务软件 1.查看 http 服务软件是否安装 2.下载 ...
- Mac Apache WebDav 服务器配置
1.WebDav 服务器 基于 http 协议的 "文件" 服务器. 实现文件的上传/下载/修改/删除. WebDav 权限 授权信息的格式 BASIC (用户名:口令)base6 ...
- Apache Log4j 学习笔记
Apache Logging Project Homepage: http://logging.apache.org Log4j的类图 Logger - 日志写出器,供程序员输出日志信息 Append ...
- Apache服务器学习笔记
Apache服务器知识 首先我们要知道一共有那几个程序在监听网络端口,即与网络保持活跃连接,打开CMD命令窗口 输入: netstat –an 指令就能显示出所有与网络保持连接的程序,输入net s ...
- PHP环境搭建和Apache HTTP服务器配置
所需软件: 需要准备Apache HTTP 服务器: http://httpd.apache.org/download.cgi PHP环境下载: http://www.php.net/download ...
- HTTPS学习笔记一----HTTPS的基础理论知识
首先推荐一本书,<HTTP权威指南>我就是看这本书入门的,对http协议有了更好的理解,学习https的理论知识我认为需要了解以下几点,需要一步步的深入学习: 1.HTTPS的基本概念? ...
最新文章
- Apache Jackrabbit源码研究(五)
- python中list与array互相转换
- 转行学python后悔了-转行学Python可以吗?
- iOS开发之时间格式的转化
- 分页控件 实战 Post篇
- java 推送消息页面_Notification API,为你的网页添加桌面通知推送
- 2014-06-29 Web-Front的学习(5)-----DOM学习及JavaScript的扩展
- 每周一刷——从斐波那契数列到动态规划
- Java--工厂模式
- VS2005 SP1补丁下载与安装
- 摄像头设计工程师面试技巧_系统设计面试准备的5个技巧
- 二手不是垃圾,回收再生才是主流——GRS
- 炼数成金 课件整理数据分析与R语言 第1周
- Ps怎么做火焰字 PS火焰字制作图文教程
- bps(bits per second)
- 阿里云企业版云服务器如何选择及部署策略
- 51CTO学院三周年-51cto学院伴我成长
- ROS2进行人脸识别face_recognition
- VSPD虚拟串口软件的一些使用说明
- cadence绘制二极管