Install SSL on CentOS under Apache
HTTPS is a secure way of accessing data that is encrypted during transmission. HTTPS is SSL-based.
First, install Apache and SSL modules
1. Installing Apache
yum install httpd
2. Installing the SSL module
yum install mod_ssl
To restart Apache:
service httpd restart
After installing MOD_SSL, a default SSL certificate is created, and the path is located at/etc/pki/tls, where you can access the server immediately via https:
https://IP/
If you do not use the default certificate, you can also use OpenSSL to create the certificate manually.
II. Create a certificate manually using OpenSSL
1. Installing OpenSSL
yum install openssl
2. Generate the server private key
cd /etc/pki/tls
openssl genrsa -out server.key 1024
Server.key is the private key.
3. Generate a certificate with the private key Server.key file to request the file CSR
openssl req -new -key server.key -out server.csr
SERVER.CSR is a certificate request file.
This step requires you to enter some certificate information:
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default company LTD]:CCC
Organizational Unit Name (eg, section) []:BBB
Common name (eg, your name or your server ' s hostname) []:www.test.com
Email Address []:[email protected]
Enter the country, province, city, company, department, name or server name, e-mail, and then will be asked to enter a challenge password (password), no input, followed by direct carriage.
4. Generate a digitally signed CRT file (certificate file)
openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
Request a file with a private key signing certificate, and the certificate's applicant authority and authority are themselves.
5. Edit the Apache SSL configuration file
vim /etc/httpd/conf.d/ssl.conf
Modify
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
For
SSLCertificateFile /etc/pki/tls/server.crt
Modify
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
For
SSLCertificateKeyFile /etc/pki/tls/server.key
This is where the server certificate and private key are set up on Apache.
6. Restart Apache
service httpd restart
When you visit https://ip/, you can see the certificate information. Because it is not a certificate issued by a third-party root certification authority, but a certificate issued by itself, the browser prompts the security certificate to be untrusted.
Iptables-i INPUT 4-p tcp-m State--state new-m TCP--dport 443-j ACCEPT
Access:
sudo curl-k ' https://192.168.1.112/hello.php '
or browser access:
https://192.168.1.112/hello.php
Install SSL on CentOS under Apache