kevin0490 发表于 2017-12-24 10:48:50

centos7配置Apache支持HTTPS

  openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
  req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management. The “X.509” is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
  -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
  -days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
  -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
  -keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
  -out: This tells OpenSSL where to place the certificate that we are creating.
页: [1]
查看完整版本: centos7配置Apache支持HTTPS