CentOS系统上配置https服务
2017-06-11 20:44
381 查看
在CentOS6.9(http2.2)配置https
在[b]CentOS6.9和CentOS7分别实现配置[/b]
在CentOS6.9(http2.2)配置https
创建前准备:
安装opensssl包 和 http2.2
1、在主机(192.168.109.100)创建私有CA
(1)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191124_17343.png)
注意:1、私钥保存路径是按/etc/pki/tls/openssl.cnf配置文件规定的即/etc/pki/CA/private/
2、做成的私钥的权限必须是600
3、文件名必须以.pem结尾
(2)制作自签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191218_97518.png)
注意:1、自签证书路径按/etc/pki/tls/openssl.cnf配置文件规定的即/etc/pki/CA/
2、文件名必须以.pem结尾
3、-x509 选项只能是自己给自己发证时才用
这时自己的主机就是CA了
(3)为CA提供所需的目录及文件
~]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}(如果没有这些文件就创建,如果有就不用了)
~]# touch /etc/pki/CA/{serial,index.txt}
~]# echo 01 > /etc/pki/CA/serial
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191247_39010.png)
2、在主机(192.168.109.103)做https
创建一个虚拟主机
因为是http2.2
需要先关闭中心服务器
注意(专用于httpd-2.2):一般虚拟机不要与中心主机混用;因此,要使用虚拟主机,得先禁用'main'主机; 禁用方法:注释中心主机的DocumentRoot指令即可;
(1)创建一个虚拟主机和安装mod_ssl模块 安装模块:
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191356_37549.png)
vim /etc/httpd/conf.d/vir1.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191412_94383.png)
(2)切换至/etc/httpd/ssl目录
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
(3)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191430_64611.png)
(4)生成证书签署请求
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191444_18510.png)
(5)将请求发送给CA
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191458_48017.png)
(6)CA 签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191519_62429.png)
(7)CA将证书发给客户 scp /etc/pki/CA/certs/http.crt root@192.168.109.103:/etc/httpd/ssl (8)修改ssl配置文件 vim /etc/httpd//conf.d/ssl.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191537_46558.png)
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191552_80761.png)
(9)检测语法和重启服务 httpd -t
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191610_53205.png)
(10)将CA证书导入客户端浏览器 (11)测试 用web浏览器 输入URL : https://www.lyy.com![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191622_23419.png)
测试成功
CentOS7(http2.4)上配置https
一、安装httpd和mod_ssl服务
yum intall httpd mod_ssl本主机IP:192.168.109.106二、创建虚拟主机和获取CA证书
1、vim /etc/httpd/conf.d/vir1.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192405_45675.png)
2、获取证书(在主机192.168.109.103 私有CA机构)
(1)切换至/etc/httpd/ssl目录
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
(2)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192418_26865.png)
(3)生成证书签署请求
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192435_46313.png)
(4)将请求发送给CA
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192446_71382.png)
(5)CA签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192500_74214.png)
(6)CA将证书发给本地主机(192.168.109.106)
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192521_81758.png)
(7)语法检测和重启服务
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192532_58593.png)
三、测试
1、将证书导入客户端浏览器2、访问https://www.zq.com
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192546_24315.png)
配置成功
在[b]CentOS6.9和CentOS7分别实现配置[/b]
在CentOS6.9(http2.2)配置https
创建前准备:
安装opensssl包 和 http2.2
1、在主机(192.168.109.100)创建私有CA
(1)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191124_17343.png)
注意:1、私钥保存路径是按/etc/pki/tls/openssl.cnf配置文件规定的即/etc/pki/CA/private/
2、做成的私钥的权限必须是600
3、文件名必须以.pem结尾
(2)制作自签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191218_97518.png)
注意:1、自签证书路径按/etc/pki/tls/openssl.cnf配置文件规定的即/etc/pki/CA/
2、文件名必须以.pem结尾
3、-x509 选项只能是自己给自己发证时才用
这时自己的主机就是CA了
(3)为CA提供所需的目录及文件
~]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}(如果没有这些文件就创建,如果有就不用了)
~]# touch /etc/pki/CA/{serial,index.txt}
~]# echo 01 > /etc/pki/CA/serial
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191247_39010.png)
2、在主机(192.168.109.103)做https
创建一个虚拟主机
因为是http2.2
需要先关闭中心服务器
注意(专用于httpd-2.2):一般虚拟机不要与中心主机混用;因此,要使用虚拟主机,得先禁用'main'主机; 禁用方法:注释中心主机的DocumentRoot指令即可;
(1)创建一个虚拟主机和安装mod_ssl模块 安装模块:
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191356_37549.png)
vim /etc/httpd/conf.d/vir1.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191412_94383.png)
(2)切换至/etc/httpd/ssl目录
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
(3)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191430_64611.png)
(4)生成证书签署请求
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191444_18510.png)
(5)将请求发送给CA
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191458_48017.png)
(6)CA 签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191519_62429.png)
(7)CA将证书发给客户 scp /etc/pki/CA/certs/http.crt root@192.168.109.103:/etc/httpd/ssl (8)修改ssl配置文件 vim /etc/httpd//conf.d/ssl.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191537_46558.png)
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191552_80761.png)
(9)检测语法和重启服务 httpd -t
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191610_53205.png)
(10)将CA证书导入客户端浏览器 (11)测试 用web浏览器 输入URL : https://www.lyy.com
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604191622_23419.png)
测试成功
CentOS7(http2.4)上配置https
一、安装httpd和mod_ssl服务
yum intall httpd mod_ssl本主机IP:192.168.109.106二、创建虚拟主机和获取CA证书
1、vim /etc/httpd/conf.d/vir1.conf
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192405_45675.png)
2、获取证书(在主机192.168.109.103 私有CA机构)
(1)切换至/etc/httpd/ssl目录
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
(2)获取私钥
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192418_26865.png)
(3)生成证书签署请求
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192435_46313.png)
(4)将请求发送给CA
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192446_71382.png)
(5)CA签证
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192500_74214.png)
(6)CA将证书发给本地主机(192.168.109.106)
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192521_81758.png)
(7)语法检测和重启服务
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192532_58593.png)
三、测试
1、将证书导入客户端浏览器2、访问https://www.zq.com
![](http://www.178linux.com/wp-content/uploads/2017/06/20170604192546_24315.png)
配置成功
相关文章推荐
- ECS CentOS 6.5系统下Apache配置https服务
- 给新centos系统虚拟机配置网络服务
- CentOS 6.5系统下安装和配置NFS服务
- 如何在CentOS配置Apache的HTTPS服务
- 如何在CentOS配置Apache的HTTPS服务
- CentOS 7上安装nsq,并配置系统服务、开机启动
- Centos 6.5上Apache + PAM + SVN服务安装配置(使用本地系统用户认证)
- CentOS 6.5 系统配置nfs服务
- 【Centos】系统服务自启动配置
- CentOS 6.5系统下安装和配置NFS服务
- CentOS 7 系列(四)系统服务配置 服务(Service)
- CentOS 7 Linux下配置Oracle 11gR2为系统服务自动启动
- Centos 7系统配置tomcat 7为系统服务
- centos配置apache的https服务
- CentOS Linux下配置Oracle 11gR2为系统服务自动启动
- CentOS 6.5系统下配置Apache的https证书
- CentOS7下源码安装Redis系统服务配置
- centos 6.5 系统下 maba服务安装与配置
- CentOS 7 系列(二)系统服务配置--单元(Unit)
- centos系统web服务开启https