apache 配置虚拟主机的安全连接 SSL
SSL全称为secure socket layer 用以保障在inetnet上数据传输安全,利用数据加密保障数据在网络上传输过程不会被窃取窃听//yum 安装使apache支持ssl
yum install mod_ssl openssl
//创建私钥
openssl genrsa -out server.key 1024
//证书签发亲求csr,系统会向你索取一些简单的信息,这里为了实验方便一路回车
#
[*]# openssl req -new -key server.key -out server.csr
[*]You are about to be asked to enter information that will be incorporated
[*]into your certificate request.
[*]What you are about to enter is what is called a Distinguished Name or a DN.
[*]There are quite a few fields but you can leave some blank
[*]For some fields there will be a default value,
[*]If you enter '.', the field will be left blank.
[*]-----
[*]Country Name (2 letter code) :
[*]State or Province Name (full name) :
[*]Locality Name (eg, city) :
[*]Organization Name (eg, company) :
[*]Organizational Unit Name (eg, section) []:
[*]Common Name (eg, your name or your server's hostname) []:
[*]Email Address []:
[*]
[*]Please enter the following 'extra' attributes
[*]to be sent with your certificate request
[*]A challenge password []:
[*]An optional company name []:
由于我们不能申请上级CA授权认证,自己给自己创建一个CA
[*]# openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
[*]Signature ok
[*]subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
[*]Getting Private key
以上3个操作产生3个文件
[*]server.key
[*]server.csr
[*]server.key
//修改www.zhoutao.name虚拟主机配置文件
内容如下
[*]# cat nvhsot.conf
[*]
[*]ServerName www.zhoutao.name
[*]ScriptAlias /cgi-bin/ "/www/zhoutao.name/cgi-bin/"
[*]DocumentRoot /www/zhoutao.name
[*]SSLEngine on
[*]SSLOptions +StrictRequire
[*]SSLCertificateFile /etc/httpd/conf/server.crt
[*]SSLCertificateKeyFile /etc/httpd/conf/server.key
[*]
[*]AllowOverride AuthConfig
[*]
[*]
//实验结束
访问https://www.zhoutao.name
http://blog.运维网.com/attachment/201202/161114196.png
页:
[1]