Apache Configure authenticated HTTPS encryption certificate access based on encryption

Here is a simple demonstration of Apache encryption based authentication access----HTTPS encryption method access.

1.DNS Resolution resolution:

[Root@localhost html]# nslookup www.downcc.com

server:192.168.2.115

address:192.168.2.115#53

Name:www.downcc.com

address:192.168.2.115

2. Install the Apache SSL support module: # yum install-y mod_ssl (default yum installation httpd is not installed this module, automatic production of/etc/httpd/conf.d/ssl.conf files after installation) and generate certificates.

[Root@localhost certs]# pwd

/etc/pki/tls/certs

[Root@localhost certs]# ls

CA-BUNDLE.CRT index.html localhost.crt Makefile

CA-BUNDLE.TRUST.CRT LOCALHOST1.CRT Make-dummy-cert

[Root@localhost certs]# OpenSSL Req-utf8-new-key. /private/localhost.key-x509-days 3650-out ABC_COM.CRT

are about to is asked to enter information that would be incorporated

into your certificate request.

What you are about to enter the What is called a distinguished Name or a DN.

There are quite a few fields but you can leave some

For some fields there would be a default value,

If you enter '. ', the field would be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or province Name (full name) []:510510

Locality Name (eg, city) [Default City]:gz

Organization Name (eg, company) [Default company ltd]:abc.com

Organizational unit Name (eg, section) []:mr.zhang

Common name (eg, your name or your server ' s hostname) []:www.downcc.com

Email Address []:root@abc.com

[Root@localhost certs]#

3. Configure Apache, basic configuration here is not much to say, the following is the configuration of the Www.downcc.com site HTTP access.

[Root@localhost html]# tail-n 8/etc/httpd/conf/httpd.conf

Namevirtualhost 192.168.2.115:80

<virtualhost www.downcc.com:80>

ServerAdmin webmaster@dummy-host.example.com

Documentroot/var/www/html

ServerName www.downcc.com

ErrorLog Logs/dummy-host.example.com-error_log

Customlog Logs/dummy-host.example.com-access_log Common

</VirtualHost>

[Root@localhost html]# tail/var/www/html/index.html

Www.downcc.com

[Root@localhost html]#

4. Configure Apache to support HTTPS access to the www.downcc.com site, edit vim/etc/httpd/conf.d/ssl.conf files, and make www.downcc.com site HTTPS access information. Add the following configuration.

<virtualhost www.downcc.com:443>

DocumentRoot "/var/www/html/www.kuteatest.net" #//in order to display the effect, the site directory here is not the same, generally a domain name should point to the same directory.

ServerName www.downcc.com:443

ErrorLog Logs/ssl_error_log

Transferlog Logs/ssl_access_log

LogLevel warn

Sslengine on

Sslprotocol All-sslv2

Sslciphersuite all:! Adh:! export:! Sslv2:rc4+rsa:+high:+medium:+low

Sslcertificatefile/etc/pki/tls/certs/abc_com.crt

Sslcertificatekeyfile/etc/pki/tls/private/localhost.key

<files ~ ". (cgi|shtml|phtml|php3?) $ ">

Ssloptions +stdenvvars

</Files>

<directory "/var/www/cgi-bin" >

Ssloptions +stdenvvars

</Directory>

Setenvif user-agent ". *msie.*"

Nokeepalive Ssl-unclean-shutdown

downgrade-1.0 force-response-1.0

Customlog Logs/ssl_request_log

"%t%h%{ssl_protocol}x%{ssl_cipher}x"%r "%b"

</VirtualHost>

5. Restart Apache service, test access.

Test the results of HTTP access

Test the results of HTTPS access

View certificate information consistent with self-built CRT information

The end result of HTTPS access