Centos 5下配置https服务器的方法
发布时间:2022-03-02 13:56:03 所属栏目:系统 来源:互联网
导读:Centos 5下配置https服务器的步骤,需要的朋友可以参考下。 [root@centos5 ~]# yum -y install mod_ssl 在线安装mod_ssl Loading fastestmirror plugin Loading mirror speeds from cached hostfile * base: centos.candishosting.com.cn * updates: mirror.
|
Centos 5下配置https服务器的步骤,需要的朋友可以参考下。 [root@centos5 ~]# yum -y install mod_ssl 在线安装mod_ssl Loading "fastestmirror" plugin Loading mirror speeds from cached hostfile * base: centos.candishosting.com.cn * updates: mirror.khlug.org * addons: centos.candishosting.com.cn * extras: centos.candishosting.com.cn Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package mod_ssl.i386 1:2.2.3-11.el5_2.centos.4 set to be updated --> Processing Dependency: libdistcache.so.1 for package: mod_ssl --> Processing Dependency: libnal.so.1 for package: mod_ssl --> Running transaction check ---> Package distcache.i386 0:1.4.5-14.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: mod_ssl i386 1:2.2.3-11.el5_2.centos.4 updates 85 k Installing for dependencies: distcache i386 1.4.5-14.1 base 119 k Transaction Summary ============================================================================= Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 204 k Downloading Packages: (1/2): mod_ssl-2.2.3-11.e 100% |=========================| 85 kB 00:02 (2/2): distcache-1.4.5-14 100% |=========================| 119 kB 00:03 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: distcache ######################### [1/2] Installing: mod_ssl ######################### [2/2] Installed: mod_ssl.i386 1:2.2.3-11.el5_2.centos.4 Dependency Installed: distcache.i386 0:1.4.5-14.1 Complete! [root@centos5 ~]# cd /etc/httpd/conf 进入HTTP服务器配置文件所在目录 [root@centos5 conf]# rm -rf ssl.*/server.* 删除默认或残留的服务器证书相关文件 [root@centos5 ~]# rpm -qa |grep openssl openssl-0.9.8b-10.el5 [root@centos5 ~]# openssl genrsa -out www.yang.com.key 1024 建立服务器密钥 Generating RSA private key, 1024 bit long modulus ...........................................................++++++ .++++++ e is 65537 (0x10001) [root@centos5 ~]# openssl req -new -key www.yang.com.key -out www.yang.com.csr 建立服务器公钥 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:OM 输入国名 State or Province Name (full name) [Berkshire]:fuzhou 输入省名 Locality Name (eg, city) [Newbury]:fou 输入城市名 Organization Name (eg, company) [My Company Ltd]:yang 输入组织名(任意) Organizational Unit Name (eg, section) []:www 不输入,直接回车 Common Name (eg, your name or your server's hostname) []:www.yang.com 输入通称(任意) Email Address []:admin@yang.com 输入电子邮箱地址 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: 不输入,直接回车 An optional company name []: 不输入,直接回车 [root@centos5 ~]# ls -l total 68 -rw------- 1 root root 986 Jan 31 23:54 anaconda-ks.cfg drwxr-xr-x 2 root root 4096 Feb 1 02:17 Desktop -rw-r--r-- 1 root root 0 Feb 1 03:06 Finished -rw-r--r-- 1 root root 15078 Jan 31 23:54 install.log -rw-r--r-- 1 root root 2876 Jan 31 23:53 install.log.syslog -rw-r--r-- 1 root root 0 Feb 1 03:06 Package -rw-r--r-- 1 root root 0 Feb 1 03:06 Processing -rw-r--r-- 1 root root 0 Feb 1 03:06 Running -rw-r--r-- 1 root root 684 Feb 1 04:54 www.yang.com.csr -rw-r--r-- 1 root root 887 Feb 1 04:52 www.yang.com.key [root@centos5 ~]# openssl x509 -req -days 365 -in www.yang.com.csr -signkey www.yang.com.key -out www.yang.com.crt 建立服务器证书 Signature ok subject=/C=OM/ST=fuzhou /L=fou/O=yang/OU=www/CN=www.yang.com/emailAddress=admin@ yang.com Getting Private key [root@centos5 ~]# ll total 72 -rw------- 1 root root 986 Jan 31 23:54 anaconda-ks.cfg drwxr-xr-x 2 root root 4096 Feb 1 02:17 Desktop -rw-r--r-- 1 root root 0 Feb 1 03:06 Finished -rw-r--r-- 1 root root 15078 Jan 31 23:54 install.log -rw-r--r-- 1 root root 2876 Jan 31 23:53 install.log.syslog -rw-r--r-- 1 root root 0 Feb 1 03:06 Package -rw-r--r-- 1 root root 0 Feb 1 03:06 Processing -rw-r--r-- 1 root root 0 Feb 1 03:06 Running -rw-r--r-- 1 root root 920 Feb 1 04:57 www.yang.com.crt -rw-r--r-- 1 root root 684 Feb 1 04:54 www.yang.com.csr -rw-r--r-- 1 root root 887 Feb 1 04:52 www.yang.com.key [root@centos5 ~]# vi /etc/httpd/conf.d/ssl.conf 修改SSL的设置文件 # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 [root@centos5 ~]# /etc/rc.d/init.d/httpd restart 重启服务 Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@centos5 ~]# netstat -ntpl |grep 443 tcp 0 0 :::443 :::* LIST EN 10317/httpd Centos 5下配置https服务器的方法 Centos 5下配置https服务器的方法 注:本实验以http://www.centospub.com/make/ssl.html为指导 配置SSL虚拟主机 #vi /etc/httpd/conf/httpd.conf NameVirtualHost 192.168.0.20:443 NameVirtualHost 192.168.0.20:80 <VirtualHost IP:192.168.0.20:443> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html ServerName www. yang.com SSLEngine on SSLCertificateFile /etc/httpd/conf/www.yang.com.crt SSLCertificateKeyFile /etc/httpd/conf/www.yang.com.key ErrorLog logs/dummy-www.yang.com-error_log CustomLog logs/dummy-www.yang.com-access_log common </VirtualHost> <VirtualHost 192.168.0.20:443> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/cgi-bin/openwebmail ServerName mail.yang.com SSLEngine on SSLCertificateFile /etc/httpd/conf/www.yang.com.crt SSLCertificateKeyFile /etc/httpd/conf/www.yang.com.key ErrorLog logs/dummy-www.yang.com-error_log CustomLog logs/dummy-www.yang.com-access_log common </VirtualHost> #vi /etc/httpd/conf.d/ssl.conf 添加下面的内容 SSLEngine on SSLCertificateFile /etc/httpd/conf/www.yang.com.crt SSLCertificateKeyFile /etc/httpd/conf/www.yang.com.key (编辑:濮阳站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
