安装apache和需要的组件
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# yum -y install mod_ssl openssl
新建html首页
[root@localhost ~]# vim /var/www/html/index.html
<h1>Test Page</h1>
启动httpd服务
[root@localhost ~]# systemctl start httpd.service
访问页面正常
图片.png
生成私钥
[root@localhost ~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
Generating RSA private key, 4096 bit long modulus
.................................................................++
...............................................................................................................................................++
e is 65537 (0x10001)
生成自签证书
[root@localhost ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:www.test.com
Email Address []:root@test.com
为CA提供所需的目录及文件
[root@localhost ~]# ls /etc/pki/CA/
cacert.pem certs crl newcerts private
[root@localhost ~]# touch /etc/pki/CA/{serial,index.txt}
[root@localhost ~]# echo 01 > /etc/pki/CA/serial
修改ssl配置
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/CA/cacert.pem
SSLCertificateKeyFile /etc/pki/CA/private/cakey.pem
重启httpd服务
[root@localhost ~]# systemctl restart httpd
现在可以用https正常访问网页,因为是自签证书,所以提示风险
图片.png
图片.png
网友评论