Linux+Apache+openssl实现https验证
2010-11-29 16:21
549 查看
apache2.0 https
首先安装SSL,再编译安装APACHE,再配置证书即可
1.下载apache和openssl
网址:http://www.apache.org
http://www.openssl.org
2.解压
#tar zxvf httpd-2.0.54.tar.gz
#tar zxvf openssl-0.9.7g.tar.gz
3.编译安装openssl,这个软件主要是用来生成证书:
#cd openssl-0.9.7g
#./config
#make
#make test
#make install
把openssl放进内核目录下,使其在任何目录下都能运行。
#cd /usr/local/bin
#ln -s /usr/local/ssl/bin/openssl openssl
4.编译安装apache
#cd /opt/httpd-2.0.54
#./configure --prefix="/opt/apache2" --enable-so --enable-ssl --with-ssl="/usr/local/ssl/bin"
#make
#make install
5.安装完毕,生成证书:
在/opt/apache2/conf下建立一个ssl.key目录
#cd ../apache2/
#cd conf/
#mkdir ssl.key
然后在该目录下生成证书:
#cd ssl.key/
生成服务器私钥:
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
生成服务器证书请求,并按要求填些相关证书信息:
#openssl req -new -key server.key -out server.csr
如果要生成中文证书用
#openssl req -utf8 -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:tangyl@ruyi.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
签证:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
Signature ok
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tangyl@ruyi.com
Getting Private key
Enter pass phrase for server.key:
为了安全,然后我们把这些文件的权限都设为400
chmod 400 server.key
chmod 400 server.cert
最后对/opt/apache2/conf/ssl.conf 进行修改:
vi /opt/apache2/conf/ssl.conf
修改的地方如下几处:
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt #108行
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key #116行
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key
这样我们就基本配好了ssl现在我们来让apache启动ssl
/opt/apache2/bin/apachectl startssl
然后要求输入证书密码,正确输入后ssl就连同apache一起启动
在浏览器中输入:https://210.75.18.36
要求下载证书,OK~好了~结束~就是这么简单。
参考:http://www.szlangxing.com/Article/gyw/200504/524.html
http://www.chinaunix.net/jh/13/469276.html
Keytool应用实例:
1.产生一个keystore:
keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks
运行这个命令,系统提示:
Enter keystore password:(输入keystore密码:)
yourpassword(输入密码)
What is your first and last name?(您的名字与姓氏是什么?)
[Unknown]: www.myssl.cn(输入申请的证书的域名)
What is the name of your organizational unit? (您的组织单位名称是什么?)
[Unknown]:Fastcom(输入你所在组织单位的名字)
What is the name of your organization? (您的组织名称是什么?)
[Unknown]:Fastcom (输入你所在组织的名字)
What is the name of your City or Locality?(您所在的城市或区域名称是什么?)
[Unknown]:Shanghai(输入所在城市的名字)
What is the name of your State or Province? (您所在的州或省份名称是什么?)
[Unknown]:Shanghai(输入所在省份名字)
What is the two-letter country code for this unit?(该单位的两字母国家代码是什么?)
[Unknown]:CN(输入国家名字,如果是中国,请输入CN)
Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:
yes
https使用的是443端口需要防火墙设置
设置防火墙,打开https访问端口
一旦出现Ip ping得通,到ip访问不了的情况就是防火墙阻止注意设置
首先安装SSL,再编译安装APACHE,再配置证书即可
1.下载apache和openssl
网址:http://www.apache.org
http://www.openssl.org
2.解压
#tar zxvf httpd-2.0.54.tar.gz
#tar zxvf openssl-0.9.7g.tar.gz
3.编译安装openssl,这个软件主要是用来生成证书:
#cd openssl-0.9.7g
#./config
#make
#make test
#make install
把openssl放进内核目录下,使其在任何目录下都能运行。
#cd /usr/local/bin
#ln -s /usr/local/ssl/bin/openssl openssl
4.编译安装apache
#cd /opt/httpd-2.0.54
#./configure --prefix="/opt/apache2" --enable-so --enable-ssl --with-ssl="/usr/local/ssl/bin"
#make
#make install
5.安装完毕,生成证书:
在/opt/apache2/conf下建立一个ssl.key目录
#cd ../apache2/
#cd conf/
#mkdir ssl.key
然后在该目录下生成证书:
#cd ssl.key/
生成服务器私钥:
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
生成服务器证书请求,并按要求填些相关证书信息:
#openssl req -new -key server.key -out server.csr
如果要生成中文证书用
#openssl req -utf8 -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:tangyl@ruyi.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
签证:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
Signature ok
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tangyl@ruyi.com
Getting Private key
Enter pass phrase for server.key:
为了安全,然后我们把这些文件的权限都设为400
chmod 400 server.key
chmod 400 server.cert
最后对/opt/apache2/conf/ssl.conf 进行修改:
vi /opt/apache2/conf/ssl.conf
修改的地方如下几处:
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt #108行
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key #116行
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key
这样我们就基本配好了ssl现在我们来让apache启动ssl
/opt/apache2/bin/apachectl startssl
然后要求输入证书密码,正确输入后ssl就连同apache一起启动
在浏览器中输入:https://210.75.18.36
要求下载证书,OK~好了~结束~就是这么简单。
参考:http://www.szlangxing.com/Article/gyw/200504/524.html
http://www.chinaunix.net/jh/13/469276.html
Keytool应用实例:
1.产生一个keystore:
keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks
运行这个命令,系统提示:
Enter keystore password:(输入keystore密码:)
yourpassword(输入密码)
What is your first and last name?(您的名字与姓氏是什么?)
[Unknown]: www.myssl.cn(输入申请的证书的域名)
What is the name of your organizational unit? (您的组织单位名称是什么?)
[Unknown]:Fastcom(输入你所在组织单位的名字)
What is the name of your organization? (您的组织名称是什么?)
[Unknown]:Fastcom (输入你所在组织的名字)
What is the name of your City or Locality?(您所在的城市或区域名称是什么?)
[Unknown]:Shanghai(输入所在城市的名字)
What is the name of your State or Province? (您所在的州或省份名称是什么?)
[Unknown]:Shanghai(输入所在省份名字)
What is the two-letter country code for this unit?(该单位的两字母国家代码是什么?)
[Unknown]:CN(输入国家名字,如果是中国,请输入CN)
Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:
yes
https使用的是443端口需要防火墙设置
设置防火墙,打开https访问端口
一旦出现Ip ping得通,到ip访问不了的情况就是防火墙阻止注意设置
[root@yzctc.com conf]# vi /etc/sysconfig/iptables ← 编辑防火墙配置文件 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT ← 找到这一行,接着添加如下行: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT ← 开放443号端口,允许SSL [root@sample conf]# /etc/rc.d/init.d/iptables restart ← 重新启动防火墙,使设置生效 Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ]
相关文章推荐
- Linux+Apache2.2+openssl实现https验证
- linux 下部署 openssl+apache 配置https
- Linux+Apache2+openssl实现https验证
- Linux+Apache2+openssl实现https验证
- linux-apache安装实现登陆身份验证-023
- Linux+Apache2+openssl实现https验证
- linux-apache安装实现用户登录身份验证
- openssl实现https验证
- Openssl 自签证书实现nginx双端验证的https
- Linux+Apache2+openssl实现https验证
- Linux下Apache服务器实现用户验证
- Apache+OpenSSL实现证书服务器提供HTTPS
- CentOS5.5+Apache2+openssl0.9.8o实现https验证
- Linux 下实现 Apache服务器用户验证
- apache+tomcat+jk+ssl实现tomcat集群https服务(linux)
- 一步一步实现linux系统apache实现https详解
- 在linux(centos)使用openssl生成https证书并配置到nginx的实现过程
- 基于OpenSSL实现C/S架构中的https会话
- openssl函数开启,应用于QQ登陆等需要https验证的行为
- Linux+Apache+openssl