Here is a simple demonstration of Apache encryption based authentication access----HTTPS encryption method access.
1.DNS Resolution resolution:
[Root@localhost html]# nslookup www.downcc.com
server:192.168.2.115
address:192.168.2.115#53
Name:www.downcc.com
address:192.168.2.115
2. Install the Apache SSL support module: # yum install-y mod_ssl (default yum installation httpd is not installed this module, automatic production of/etc/httpd/conf.d/ssl.conf files after installation) and generate certificates.
[Root@localhost certs]# pwd
/etc/pki/tls/certs
[Root@localhost certs]# ls
CA-BUNDLE.CRT index.html localhost.crt Makefile
CA-BUNDLE.TRUST.CRT LOCALHOST1.CRT Make-dummy-cert
[Root@localhost certs]# OpenSSL Req-utf8-new-key. /private/localhost.key-x509-days 3650-out ABC_COM.CRT
are about to is asked to enter information that would be incorporated
into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN.
There are quite a few fields but you can leave some
For some fields there would be a default value,
If you enter '. ', the field would be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province Name (full name) []:510510
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default company ltd]:abc.com
Organizational unit Name (eg, section) []:mr.zhang
Common name (eg, your name or your server ' s hostname) []:www.downcc.com
Email Address []:root@abc.com
[Root@localhost certs]#
3. Configure Apache, basic configuration here is not much to say, the following is the configuration of the Www.downcc.com site HTTP access.
[Root@localhost html]# tail-n 8/etc/httpd/conf/httpd.conf
Namevirtualhost 192.168.2.115:80
<virtualhost www.downcc.com:80>
ServerAdmin webmaster@dummy-host.example.com
Documentroot/var/www/html
ServerName www.downcc.com
ErrorLog Logs/dummy-host.example.com-error_log
Customlog Logs/dummy-host.example.com-access_log Common
</VirtualHost>
[Root@localhost html]# tail/var/www/html/index.html
Www.downcc.com
[Root@localhost html]#
4. Configure Apache to support HTTPS access to the www.downcc.com site, edit vim/etc/httpd/conf.d/ssl.conf files, and make www.downcc.com site HTTPS access information. Add the following configuration.
<virtualhost www.downcc.com:443>
DocumentRoot "/var/www/html/www.kuteatest.net" #//in order to display the effect, the site directory here is not the same, generally a domain name should point to the same directory.
ServerName www.downcc.com:443
ErrorLog Logs/ssl_error_log
Transferlog Logs/ssl_access_log
LogLevel warn
Sslengine on
Sslprotocol All-sslv2
Sslciphersuite all:! Adh:! export:! Sslv2:rc4+rsa:+high:+medium:+low
Sslcertificatefile/etc/pki/tls/certs/abc_com.crt
Sslcertificatekeyfile/etc/pki/tls/private/localhost.key
<files ~ ". (cgi|shtml|phtml|php3?) $ ">
Ssloptions +stdenvvars
</Files>
<directory "/var/www/cgi-bin" >
Ssloptions +stdenvvars
</Directory>
Setenvif user-agent ". *msie.*"
Nokeepalive Ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
Customlog Logs/ssl_request_log
"%t%h%{ssl_protocol}x%{ssl_cipher}x"%r "%b"
</VirtualHost>
5. Restart Apache service, test access.
Test the results of HTTP access
Test the results of HTTPS access
View certificate information consistent with self-built CRT information
The end result of HTTPS access