Apache implements https certificate key verification-Linux Enterprise Application-Linux server application information. The following is a detailed description. Build basic Apache services and access them properly.
1. Install the mod_ssl module to allow Linux to support SSL:
Yum install mod_ssl-y
2. Create a certificate and key file:
Cd/etc/pki/tls/certs
Make httpd. crt // The Name Of The certificate file. Do not change the extension. At last, two files are generated, ending with a certificate file. crt and ending with a key. key.
Bytes ------------------------------------------------------------------------------------
[Root @ rhce certs] # make httpd. crt
Umask 77 ;\
/Usr/bin/openssl genrsa-des3 1024> links. key
Generating RSA private key, 1024 bit long modulus
...
...
E is 65537 (0x10001)
Enter pass phrase: // password.
Verifying-Enter pass phrase: // confirm that the password is the same as above.
Umask 77 ;\
/Usr/bin/openssl req-utf8-new-key links. key-x509-days 365-out lis. crt-set_serial 0
Enter pass phrase for httpd. key: // password of the httpd. key File
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: GB
State or Province Name (full name) [Berkshire]: JIANGSU
Locality Name (eg, city) [Newbury]: XUZHOU
Organization Name (eg, company) [My Company Ltd]: QINGNIAO
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: www.rhce.cn//real Domain Name
Email Address []: root@rhce.cn
Bytes ------------------------------------------------------------------------------------
3. Edit the configuration file:/etc/http/conf. d/ssl. conf.
Modify the certificate and key file path to the location where the certificate and key we created are located.
Bytes ------------------------------------------------------------------------------------
[Root @ rhce certs] # vim/etc/httpd/conf. d/ssl. conf
SSLCertificateFile/etc/pki/tls/certs/httpd. crt
SSLCertificateKeyFile/etc/pki/tls/certs/httpd. key
Bytes ------------------------------------------------------------------------------------
4. Restart the httpd service.
Bytes ------------------------------------------------------------------------------------
[Root @ rhce certs] # service httpd restart
Stop httpd: [OK]
Start httpd: Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server rhce.cn: 443 (RSA)
Enter pass phrase: // Enter the password when you create the certificate and key.
OK: Pass Phrase Dialog successful.
[OK]
Bytes ------------------------------------------------------------------------------------
5. Test. (Https is based on port 443. Note that the firewall must activate this port.) https: // Domain Name
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
