RHEL4下配置HTTPS
2008-09-09 20:38
344 查看
为了简单明了,先采用RPM包的方式安装Apache服务器。
# cd /misc/cd/RedHat/RPMS/ //进入光盘的包存放目录
# rpm -ivh rpmdb-redhat-4-0.20070421.i386.rpm //安装这个包的目的是便于解决有些程序的依赖性关系
# rpm -ivh --aid httpd-2.0.52-32.ent.i386.rpm //加--aid自动解决包的依赖性关系,因此前面已经安装了rpmdb包
# rpm -ivh mod_ssl-2.0.52-32.ent.i386.rpm //安装这个包的目的是实现https
# echo 'this is my first page!' > /var/www/html/index.html //新建一个默认主页放到apache定义的默认主目录中
# service httpd start //启动服务器
在浏览器中输入 https://服务器IP 安装证书就可以实现安全的HTTP了。
但是这时候的证书是mod_ssl自动生成的,信息并不是我们自己想要的!所以我们可以用下面的方法制作自己的证书。
# cd /etc/httpd/conf //进入apache配置文件存放目录
# rm -f ssl.*/server.* //将mod_ssl自动安装的相关证书和签名文件删除
# openssl genrsa -des3 1024 > ssl.key/server.key //生成私钥文件(Private Key)该文件要求输入口令。
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key //如果不想使用口令可以去掉,这时会要求输入生成时设置的口令。
# openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr //生成证书签名请求文件(Certificate Signing Request)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH //输入国家名称
State or Province Name (full name) [Berkshire]:BeiJing //省名
Locality Name (eg, city) [Newbury]:Beijing //城市
Organization Name (eg, company) [My Company Ltd]:XHCE //组织名称
Organizational Unit Name (eg, section) []:BJXH //单位名称
Common Name (eg, your name or your server's hostname) //根据具体情况填写
Email Address []:weisheng213@126.com //邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //质询密码,可以不写
An optional company name []: //可以不写
# openssl x509 -in ssl.csr/server.csr -out ssl.crt/server.crt -req -signkey ssl.key/server.key -days 365 //让服务器自己当证书签名服务器,安全电子商务中需要向第三方商业机构申请。
Signature ok
subject=/C=CH/ST=BeiJing/L=Beijing/O=XHCE/OU=BJXH/CN=
Getting Private key
# vi ../conf.d/ssl.conf //编辑mod_ssl的主配置文件将
#DocumentRoot "/var/www/html" 前面的#号去掉
# service httpd restart //重启apache服务器以读取新的证书信息
# cd /misc/cd/RedHat/RPMS/ //进入光盘的包存放目录
# rpm -ivh rpmdb-redhat-4-0.20070421.i386.rpm //安装这个包的目的是便于解决有些程序的依赖性关系
# rpm -ivh --aid httpd-2.0.52-32.ent.i386.rpm //加--aid自动解决包的依赖性关系,因此前面已经安装了rpmdb包
# rpm -ivh mod_ssl-2.0.52-32.ent.i386.rpm //安装这个包的目的是实现https
# echo 'this is my first page!' > /var/www/html/index.html //新建一个默认主页放到apache定义的默认主目录中
# service httpd start //启动服务器
在浏览器中输入 https://服务器IP 安装证书就可以实现安全的HTTP了。
但是这时候的证书是mod_ssl自动生成的,信息并不是我们自己想要的!所以我们可以用下面的方法制作自己的证书。
# cd /etc/httpd/conf //进入apache配置文件存放目录
# rm -f ssl.*/server.* //将mod_ssl自动安装的相关证书和签名文件删除
# openssl genrsa -des3 1024 > ssl.key/server.key //生成私钥文件(Private Key)该文件要求输入口令。
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key //如果不想使用口令可以去掉,这时会要求输入生成时设置的口令。
# openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr //生成证书签名请求文件(Certificate Signing Request)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH //输入国家名称
State or Province Name (full name) [Berkshire]:BeiJing //省名
Locality Name (eg, city) [Newbury]:Beijing //城市
Organization Name (eg, company) [My Company Ltd]:XHCE //组织名称
Organizational Unit Name (eg, section) []:BJXH //单位名称
Common Name (eg, your name or your server's hostname) //根据具体情况填写
Email Address []:weisheng213@126.com //邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //质询密码,可以不写
An optional company name []: //可以不写
# openssl x509 -in ssl.csr/server.csr -out ssl.crt/server.crt -req -signkey ssl.key/server.key -days 365 //让服务器自己当证书签名服务器,安全电子商务中需要向第三方商业机构申请。
Signature ok
subject=/C=CH/ST=BeiJing/L=Beijing/O=XHCE/OU=BJXH/CN=
Getting Private key
# vi ../conf.d/ssl.conf //编辑mod_ssl的主配置文件将
#DocumentRoot "/var/www/html" 前面的#号去掉
# service httpd restart //重启apache服务器以读取新的证书信息
相关文章推荐
- RHEL4下配置HTTPS
- RHEL4下 squid-2.7.STABLE9安装配置
- RHEL4下配置DNS服务器
- rhel4下配置squid
- RHEL4下配置***连接
- rhel5.5_Apache配置openssl支持https服务
- RHEL6.3下配置简单Apache https
- RHEL6.0下yum源的配置
- win2003 IIS 6.0实现全站https访问的配置方法
- tomcat6配置https (双向认证/单向认证)
- RHEL7配置本地yum源
- RHEL5 DNS文件配置
- Appache配置https
- linux nginx 证书配置 https
- apache中使用mod_gnutls模块实现多个SSL站点配置(多个HTTPS协议的虚拟主机)
- linux基础(3)--可用实验环境配置--RHEL6.5
- rhel5 LAMP配置详解
- RHEL7 在不同的环境中使用不同的网络配置文件
- RHEL5.5使用SAMBA配置简单文件共享