Configure https certificate access in Apache under Centos6.3

Source: Internet
Author: User

Here is a simple demonstration of encrypted access-https encrypted access under Apache.

1. I will not go into details about DNS resolution here. I will discuss the dns resolution situation in this demonstration:

[Root @ localhost html] # nslookup www. abc. comServer: 192.168.2.115Address: 192.168.2.115 #53 Name: www. abc. comAddress: 192.168.2.115

2. install the Apache SSL support module: # yum install-y mod_ssl (httpd is not installed by default in yum. After installation, it will automatically generate/etc/httpd/conf. d/ssl. conf file) and generate the certificate.

[Root @ localhost certs] # pwd/etc/pki/tls/certs [root @ localhost certs] # lsca-bundle.crt index.html localhost. crt Makefileca-bundle.trust.crt localhost1.crt make-dummy-cert [root @ localhost certs] # openssl req-utf8-new-key .. /private/localhost. key-x509-days 3650-out abc_com.crtYou are about to be asked to enter information that will be inreceivatedinto your certificate request. what you are about to enter is what is called a Distinguished Name or a DN. there are quite a few fields but you can leave some blankFor some fields there will be a default value, If you enter '. ', the field will be left blank. -- Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: 510510 Locality Name (eg, city) [Default City]: GZOrganization Name (eg, company) [Default Company Ltd]: ABC. COMOrganizational Unit Name (eg, section) []: Mr. zhangCommon Name (eg, your name or your server's hostname) []: www. abc. comEmail Address []: root@abc.com [root @ localhost certs] #

3. Configure Apache. The basic configuration is not mentioned here. The following describes how to configure http access for the www.abc.com site.

[Root @ localhost html] # tail-n 8/etc/httpd/conf/httpd. confNameVirtualhost 192.168.2.115: 80 <VirtualHost www.abc.com: 80> ServerAdmin webmaster@dummy-host.example.comDocumentRoot/var/www/html ServerName www.abc.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> [root @ localhost html] # tail/var/www/html/ index.html www.abc.com [root @ localhost html] #

4. Configure Apache to support https access to the www.abc.com site, edit the vim/etc/httpd/conf. d/ssl. conf file, and create information related to https access to the www.abc.com site. Add the following configuration.

<VirtualHost www.abc.com: 443> DocumentRoot "/var/www/html/www.kuteatest.net" # // For the display effect, the site directory here is different. Generally, a domain name should point to the same directory. ServerName www.abc.com: 443 ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_loglevel warnSSLEngine onSSLProtocol all-SSLv2SSLCipherSuite ALL :! ADH :! EXPORT :! SSLv2: RC4 + RSA: + HIGH: + MEDIUM: + LOWSSLCertificateFile/etc/pki/tls/certs/abc_com.crtSSLCertificateKeyFile/etc/pki/tls/private/localhost. key <Files ~ "\. (Cgi | shtml | phtml | php3 ?) $ "> SSLOptions + StdEnvVars </Files> <Directory"/var/www/cgi-bin "> SSLOptions + StdEnvVars </Directory> SetEnvIf User-Agent". * MSIE. * "\ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0CustomLog logs/ssl_request_log \" % t % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \ "% r \" % B "</VirtualHost>

4. Restart the Apache service to test access.

Test http access results

Test https access results

The certificate information is consistent with the self-built crt information.

The final result of https access


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.