Apache Configure authenticated HTTPS encryption certificate access based on encryption

Source: Internet
Author: User

Here is a simple demonstration of Apache encryption based authentication access----HTTPS encryption method access.

1.DNS Resolution resolution:

[Root@localhost html]# nslookup www.downcc.com

server:192.168.2.115

address:192.168.2.115#53

Name:www.downcc.com

address:192.168.2.115

2. Install the Apache SSL support module: # yum install-y mod_ssl (default yum installation httpd is not installed this module, automatic production of/etc/httpd/conf.d/ssl.conf files after installation) and generate certificates.

[Root@localhost certs]# pwd

/etc/pki/tls/certs

[Root@localhost certs]# ls

CA-BUNDLE.CRT index.html localhost.crt Makefile

CA-BUNDLE.TRUST.CRT LOCALHOST1.CRT Make-dummy-cert

[Root@localhost certs]# OpenSSL Req-utf8-new-key. /private/localhost.key-x509-days 3650-out ABC_COM.CRT

are about to is asked to enter information that would be incorporated

into your certificate request.

What you are about to enter the What is called a distinguished Name or a DN.

There are quite a few fields but you can leave some

For some fields there would be a default value,

If you enter '. ', the field would be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or province Name (full name) []:510510

Locality Name (eg, city) [Default City]:gz

Organization Name (eg, company) [Default company ltd]:abc.com

Organizational unit Name (eg, section) []:mr.zhang

Common name (eg, your name or your server ' s hostname) []:www.downcc.com

Email Address []:root@abc.com

[Root@localhost certs]#

3. Configure Apache, basic configuration here is not much to say, the following is the configuration of the Www.downcc.com site HTTP access.

[Root@localhost html]# tail-n 8/etc/httpd/conf/httpd.conf

Namevirtualhost 192.168.2.115:80

<virtualhost www.downcc.com:80>

ServerAdmin webmaster@dummy-host.example.com

Documentroot/var/www/html

ServerName www.downcc.com

ErrorLog Logs/dummy-host.example.com-error_log

Customlog Logs/dummy-host.example.com-access_log Common

</VirtualHost>

[Root@localhost html]# tail/var/www/html/index.html

Www.downcc.com

[Root@localhost html]#

4. Configure Apache to support HTTPS access to the www.downcc.com site, edit vim/etc/httpd/conf.d/ssl.conf files, and make www.downcc.com site HTTPS access information. Add the following configuration.

<virtualhost www.downcc.com:443>

DocumentRoot "/var/www/html/www.kuteatest.net" #//in order to display the effect, the site directory here is not the same, generally a domain name should point to the same directory.

ServerName www.downcc.com:443

ErrorLog Logs/ssl_error_log

Transferlog Logs/ssl_access_log

LogLevel warn

Sslengine on

Sslprotocol All-sslv2

Sslciphersuite all:! Adh:! export:! Sslv2:rc4+rsa:+high:+medium:+low

Sslcertificatefile/etc/pki/tls/certs/abc_com.crt

Sslcertificatekeyfile/etc/pki/tls/private/localhost.key

<files ~ ". (cgi|shtml|phtml|php3?) $ ">

Ssloptions +stdenvvars

</Files>

<directory "/var/www/cgi-bin" >

Ssloptions +stdenvvars

</Directory>

Setenvif user-agent ". *msie.*"

Nokeepalive Ssl-unclean-shutdown

downgrade-1.0 force-response-1.0

Customlog Logs/ssl_request_log

"%t%h%{ssl_protocol}x%{ssl_cipher}x"%r "%b"

</VirtualHost>

5. Restart Apache service, test access.

Test the results of HTTP access

Test the results of HTTPS access

View certificate information consistent with self-built CRT information

The end result of HTTPS access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.