apache安裝並配置https
1.yum 安裝openssl和openssl-devel,httpd-devel expat-devel
2.安裝gcc、gcc-c++apr apr-util pcre httpd
如果版本之間不匹配,安裝過程中會出現問題。
https://www.cnblogs.com/wcwnina/p/8029156.html
3.生成相關證書
yum install mod_ssl
cd /etc/pki/CA
1.生成2048位的加密私鑰
openssl genrsa -out server.key 2048
2.生成證書籤名請求
openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:test.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:test
3.生成型別為X509的自簽名證書(有效期36500天)
openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt
4.相關配置檔案修改
1.修改ssl.conf
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/CA/server.crt
SSLCertificateKeyFile /etc/pki/CA/server.key
DocumentRoot "/var/www/html"(去掉行首的註釋)
ServerNamewww.test.com(去掉行首的註釋)
2.修改Apache的配置檔案httpd.conf
vim usr/local/apache/conf httpd.conf
LoadModule ssl_module modules/mod_ssl.so (去掉行首的註釋)
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so (去掉行首的註釋)
Include conf/extra/httpd-ssl.conf (去掉行首的註釋)