ApacheHTTPS安全超文本传输协议配置

1、apache https安全超文本传输协议配置1!首兔名装3个照务包apache服务包openssl服务包mod ssl服务包迪里用 yum 淺孑：mod ssiyum install ht t pd“ openssl -见下囹：rootlocalhostyum insteill httpd-* openss 1 -* mod_ss 1§3方便w跆嚴們就耙所有的傩檢券盏包祁朵上见下囹：dependencies reso1vedpackagearchversionrepositorysizeinsta11ing :httpd-deueli386z.z.3-zz.e15server148

2、 kopenss1-per 1i3860.9.8e-7.el5server33 kinsta11ing fordependencies:apr-develi3861.2.7-11serverz37 kapr-ut i1-d巳u巳1i3861.z.7-7.c15server54 ktransactionsummaryinsta 114package(s)update0package(s)remove0package(s)tota1 downloadsize: 47z kis this ok y/m : y_鹼入 y 布立名装total75 mb/s i 472 kb 00:00running r

3、pm_check_debugrunning transaction testfinished transaction testtransaction test succeededrunning transactioninsta11 ing:apr-devel1/4jinsta11ing:apr-uti1-d巳u巳1z/4jinsta11ing:h讥pd-deuel3/4ins tei 11 ing:openss1-per 14/41insta1 led: httpd-deve1.i386 0：z.z.3-zz.el5 openssl-per1.i386 0:0.9.8e-7 .e15depen

4、dency insta1 led: apr-deve1.1386 0：1.2.7-11 apr-ut i1-devel.i386 0:1.2.7-7.el 5complete?rootolocalhost虚孑complete ! 走孑客装咸功.忆e囹：下而逡左 cd / et c/ pki /1 i s/ cer t s 中i s 卷痛：兄下俗:roott? 1 oca 1 host j# cd /etc/pki/tls/certs roott? 1 oca 1 host certs j# isca-bundle.crt localhost.crt make-dummy一makef ile石老

5、窃路q鏑入金令：make server .crt 逻的注册舌先握族你爺入倉徧：0下囹：e is 65537 (0x10001)enter pass phrase:uerifying - enter pass phrase :umask 77 ； /usr/bin/openss1 req -utf8 -new -key server.key -x509 -days 365 -out server.crt -s巳t_seria1 0enter pass phrase f or server ky：requestenter is what is ca1 led a distinguished nam

6、e or a dm. f ieids but you can leave some blankui11 be a defauit ualue, field will be left blank.you are about to be asked to 巳“ter information that mill be incorporated into your certif ica ubat you are about to there are quite a few for some fields there if you enterthe輪入 3 次京芻之后到第二步.下而聂求綸入炭：cn （中

7、） 吊伤：j s （口务） 込呂：huai an （沦名）所念单佞：wa n j i a f u （ 2家福）所念部d （更业）：b o s s （老板）儼2 （迫1磯们侦乡本机i p地尬）:1 92. 1 68. 1. 1 1 1是后杲邮付込览：nyz183country name (z lettgr code) gbj :cnstat巳 or province name (full name) berkshire:jsloca1ity name (eg, city) newbury:huaianorganization name (eg, company) my company ltd:w

8、anjiafuorganizationa1 unit name (egj section) j :booscommon marne (eg, your name or your serverj s hostname) j:19z.168.1.111 emai 1 address : nyzl83(?163 .comroott?localhost certs#內容摆立之后软们総入命今：丨s岌呢多出3 2个殳仔：server, crt 知 server, keyrooiocqlhost certsisca-bundle.crt localhost.crt mek巳一dummy-c巳rt makef

9、 ile server.crt server.key rootlocqlhost certs# cd /rootplocalhost /tt世就圣我们需理的2 个见l ：下而衣们盯斥主紀罡殳件：vi m / et c/ ht t pd/ conf / ht t pd. conf涯盍路qg certs下而的crt 初 keysslcert if icatefile /etc/pki/t ls/cer.crt sslcert if icatekeyfile /etc/pki/t1s/certs/server.key夹们层是后一&加入世2旬请：（个人喜眄加右釆后方便杏痛）席瘙路总克爺入立能7

10、而幻科ssl . conf 殳付筛入路e： vim / et c/ ht t pd/ conf. d 血tab 従走召：总第 m ssl. conf 殳付幻科它rootylocalhost /j# uim /etc/httpd/conf.d/manua1.confproxy_ajp.conf squid.confwelcome.confper 1.confpython.confss1.confphp.confreadmeweba1izer.conf鏑入路 $： vi m i et cl ht t pd/ conf . d/ ssl .confrootolocalhost /# vim /etc

11、/httpd/conf.d/ss1.conf农第1 1 211 9污牡铛比立付込仏：免下图：sslcwrtificatflie /gtc/pk1/t1s/certs/localhostcrtcertif icatw, use thiskeep in mind that if key you can conf igure use of dsa ciphers, etc.)server pr iuakey :if the key is not combined with thedirective to point at the key file youj ue both a rsa and a d

12、sa privateboth in para 1le1 (to also a 1lou thesslcert if icatekeyf ile zetc/pk i/tls/pr iuatezlocalhost.keyje i ocal host .crt 知 i ocal host .key 箍咸 ser ver. cr t server .keyii119 &的tls居而private聂施改咸certs 见下®:sslcert if icatef ile c/pk i/tls/certs/setuer.crtcertif icause thiskeep in mind th

13、at if key you can conf igure use of dsa ciphers, etc.)tt server pr ivatg key:tt if thg key is not combined with the tt directo point at the key file, tt youj ve both a rsa and a dsa private tt both in para 1 le1 (to also a 1lou thesslcert if icatekeyf ile /etc/pk i/t1s/certs/seruer.key侶存退出后重右apache服

14、务:鏑入命今：service ht t pd restart第一:尢筮名耐傀僱丘失販：铉居妙你鏑入宏錫（別才申褚的时佩鏑入的那3违的弦親）筛入2廉肓即句鱼£服务：ro ot (? loca lhos t /1# service httpd res tortstopping httpd :failedstarting httpd: apache/z.2.3 mod_ss1/z.2.3 (pass phrase dialog) some of your private key f iles are encrypted for security reasons. in order to r

15、ead them you have to provide th巳 pass phrases.server localhostlocaldomain:443 (rsa)enter pass phrase:ok: pass phrase dialog successful.ok j下而坡们到丨e 询娄器扌：鏑入：ht t ps ： il 1 92. 1 68. 1. 1 1 1跳出上q下器而：zk 找不到服务2(licrosoft intexnot explorct文件5« (v)收廉足)工具 帮肋©后退 q 凶崗p««e ieq«si sff删:qd圖昨其曲»111“订无法显示网页擁正在査找的页当紡不可用. 您的浏菟熬设1lis«w以下冷作車击(?)刷新冬钮，要检資您的网络连接，谙单击: 选珮在逞接选项卡上厚击 clmt)甘理员戒 internet査看您的15接设査j hicroioft yindvz 栓査空的f1. 单法工具菜单悠后单击internet选環.2. 在连授遶顶卡上击lai设玄.3. 遶笄自动检测设査总后单出定某些站臣要求128位的连獲安全性.单击希助票至 > 燃后单击 ¥工 v a 口一、internet£ 正在打开网贡 httpx:/192 168 1