Enable the CentOS server to support https (secure http Protocol)

We usually use "http: //" to access the website. At this time, the transmitted content may be intercepted by others because the content is transmitted in plaintext, therefore, it is very insecure to transmit some privacy and password-related information. For some official websites and banking-related websites, "https: //" is used when you need to submit passwords with relatively high levels of privacy or importance, to encrypt the transmitted content, so as to ensure user security and avoid privacy leaks.

Today, I will use mod_ssl to make our server support https. (Environment: centos 5.5)

1. Install mod_ssl

Install mod_ssl online through yum

[Root @ 300 second ~] # Yum-y install mod_ssl uninstall install mod_ssl online

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* Base: data. nicehosting. co. kr
* Extras: data. nicehosting. co. kr
* Updates: data. nicehosting. co. kr
Addons | 951 B 00: 00
Addons/primary | 202 B: 00
Http://data.nicehosting.co.kr/ OS /centos/5.7/ OS/I #/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.
Base | 1.1 kB
Base/primary | 961 kB
Base 2705/2705
Pipeline [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.
Extras | 2.1 kB: 00
Extras/primary_db | 156 kB: 06
Pipeline [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.
Updates | 1.9 kB: 00
Updates/primary_db | 290 kB
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i386. 2.3-53. el5.centos. 3 set to be updated
--> Processing Dependency: httpd = 2.2.3-53. el5.centos. 3 for package: mod_ssl
--> Processing Dependency: libdistcache. so.1 for package: mod_ssl
--> Processing Dependency: libnal. so.1 for package: mod_ssl
--> Running transaction check
---> Package distcache. i386. 4.5-14.1 set to be updated
---> Package httpd. i386. 2.3-53. el5.centos. 3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

========================================================== ==========================================================
Package Arch Version Repository Size
========================================================== ==========================================================
Installing:
Mod_ssl i386. 2.3-53. el5.centos. 3 updates 93 k
Installing for dependencies:
Distcache i386 1.4.5-14.1 base 119 k
Updating for dependencies:
Httpd i386 2.2.3-53. el5.centos. 3 updateles 1.2 M

Transaction Summary
========================================================== ==========================================================
Install 2 Package (s)
Upgrade 1 Package (s)

Total download size: 1.4 M
Downloading Packages:
(1/3): mod_ssl-2.2.3-53.el5.centos.3.i386.rpm | 93 kB
(2/3): distcache-1.4.5-14.1.i386.rpm | 119 kB
(3/3): httpd-2.2.3-53.el5.centos.3.i386.rpm | 1.2 MB
--------------------------------------------------------------------------------
Total 23 kB/s | 1.4 MB
Warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID e8562897
Updates/gpgkey | 1.5 kB: 00
Importing GPG key 0xE8562897 "CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@centos.org>" from/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: distcached 1/4
Updating: httpd 2/4
Installing: Maid 3/4
Cleanup: httpd4/4

Installed:
Mod_ssl.i386. 2.3-53. el5.centos. 3

Dependency Installed:
Distcache. i386. 4.5-14.1

Dependency Updated:
Httpd. i386. 2.3-53. el5.centos. 3

Complete!

2. Configure mod_ssl on the HTTP server

[1] creating server keys

[Root @ 300 second ~] # Cd/etc/pki/tls/certs/hosts enter the directory where the HTTP server configuration file is located

[Root @ 300 second certs] # make server. key secret to create a server key
Umask 77 ;\
/Usr/bin/openssl genrsa-des3 1024> server. key
Generating RSA private key, 1024 bit long modulus
...
... ++
E is 65537 (0x10001)
Enter pass phrase: Enter the password here
Verifying-Enter pass phrase: confirm the password and Enter it again.

[Root @ 300 second certs] # Delete the password from the key in openssl rsa-in server. key-out server. key secret (to avoid being asked for a password after the system starts)

Enter pass phrase for server. key: keystore Enter the password
Writing RSA key

[2] creating a server Public Key

[Root @ 300 second certs] # make server. csr secret create a server key

Umask 77 ;\
/Usr/bin/openssl req-utf8-new-key server. key-out server. csr
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: CN Country input Country Name
State or Province Name (full name) [Berkshire]: Enter the Province Name
Locality Name (eg, city) [Newbury]: Quanzhou province enter the city Name
Organization Name (eg, company) [My Company Ltd]: www.51cto.com Organization enter the Organization Name (any)
Organizational Unit Name (eg, section) []: If organization is not input, press Enter.
Common Name (eg, your name or your server's hostname) []: www.51cto.com alias input generic Name (arbitrary)
Email Address []: 300second@163.com mailbox enter Email Address

Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: Do not enter the token. Press enter.
An optional company name []: Press enter if the parameter is not input.

[3] creating a server certificate

[Root @ 300 second certs] # openssl x509-in server. csr-out server. pem-req-signkey server. key-days 365 creating a server certificate

Signature OK
Subject =/C = CN/ST = Fujian/L = Quanzhou/O = www.51cto.com/cn#www.51cto.com/emailaddress=300second@163.com
Getting Private key

[Root @ 300 second certs] # chmod 400 server. * modify permission to 400

[4] setting SSL

[Root @ 300 second certs] # vi/etc/httpd/conf. d/ssl. conf modify the SSL setting file

# DocumentRoot "/var/www/html" locate this line and remove "#" at the beginning of the line
Bytes
DocumentRoot "/var/www/html" changed to this status

[5] restart the HTTP service to make SSL take effect

[Root @ 300 second certs] #/etc/rc. d/init. d/httpd restart the HTTP server

Stop httpd: [OK]
Start httpd: [OK]

3. Test SSL

Open your browser and enter "https: // server IP Address" or "https: // your domain name" in the address bar. If a window prompts you to install the server security certificate (as shown below ), this indicates that the server supports SSL.