Https
Client: Request a certificate
[[email protected] ssl]# Pwd/etc/httpd/ssl[[email protected] ssl]# (umask 077; OpenSSL genrsa-out martin01.key 2048)
[[email protected] ssl]# openssl req -new -key martin01.key -out Martin01.csryou are about to be asked to enter information that will be incorporatedinto your certificate request. what you are about to enter is what is called a Distinguished name or a dn. there are quite a few fields but you can leave some blankfor some fields there will be a default value,if you enter '. ', the field will be left blank.-----country name (2 letter code) [XX]:cnState or Province Name (full name) []: zhejianglocality name (eg, city) [Default City]:ningboOrganization Name (eg , company) &NBsp [default company ltd]:martinorganizational unit name (eg, section) []: martincommon name (Eg, your name or your server ' S hostname) []: martinemail address []:[email protected]please enter the following ' Extra ' attributesto be sent with your certificate requestA challenge Password []:an optional company name []:
[Email protected] ssl]# scp-p 6789 MARTIN01.CSR MARVIN:/MYDATA/SSL/CSR
CA Server: Audit certificate
[[email protected] ca]# OpenSSL ca-in/mydata/ssl/csr/martin01.csr-out/mydata/ssl/crt/martin01.crt-days 800[[email PR Otected] ca]# scp-p6789/mydata/ssl/crt/martin01.crt martin:/etc/httpd/ssl/
Client:
# Required Modules:mod_log_config, Mod_setenvif, mod_ssl,# socache_shmcb_module (for default value of SSLsession Cache) [[email protected] httpd]# vim/etc/httpd/httpd.conf LoadModule socache_shmcb_module modules/mod_socache_ Shmcb.soloadmodule ssl_module modules/mod_ssl.soloadmodule setenvif_module modules/mod_setenvif.soloadmodule log_ Config_module modules/mod_log_config.soinclude/etc/httpd/extra/httpd-ssl.conf
[[email protected] httpd]# vim extra/httpd-ssl.conf DocumentRoot "/www/web/ssl" servername www.ssl.com:443<directory "/www/web/ssl" > Options none AllowOverride all Require all granted</directory>sslcertificatefile /etc/httpd/ssl/martin01.crtsslcertificatekeyfile /etc/ httpd/ssl/martin01.key[[email protected] httpd]# echo ok > /www/web/ssl/ index.html[[email protected] httpd]# httpd -tsyntax ok[[email protected] Httpd]# /etc/init.d/httpd restart
Certificate Creation If you have questions, refer to http://9173436.blog.51cto.com/9163436/1774625 (encryption and decryption private CA build)
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/77/wKioL1dCrxPiBdlIAAOLPI1a-6Y958.png "style=" width : 500px;height:301px; "title=" a.png "border=" 0 "vspace=" 0 "width=" $ "height=" 301 "hspace=" 0 "alt=" Wkiol1dcrxpibdliaaolpi1a-6y958.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/80/77/wKioL1dCrxOitsUNAABidSEaTks991.png "style=" width : 500px;height:238px; "title=" b.png "border=" 0 "vspace=" 0 "width=" $ "height=" 238 "hspace=" 0 "alt=" Wkiol1dcrxoitsunaabidseatks991.png "/>
Virtual Host :
[Email protected] httpd]# vim/etc/httpd/httpd.conf LoadModule rewrite_module modules/mod_rewrite.soinclude/etc/ Httpd/extra/httpd-vhosts.conf
[Email protected] httpd]# vim extra/httpd-vhosts.conf <virtualhost *:80> documentroot "/www/web/martin" Serv Ername www.martin.com <directory "/www/web/martin" > Options none allowoverride all Require All granted </Directory></VirtualHost>
[Email protected] httpd]# echo Martin >/www/web/martin/index.html
650) this.width=650; "style=" width:200px;height:68px; "src=" http://s4.51cto.com/wyfs02/M01/80/7A/ Wkiol1dcwytqfytoaabtwfim0us376.png "title=" c.png "border=" 0 "vspace=" 0 "width=" $ "height=" "hspace=" 0 "alt=" Wkiol1dcwytqfytoaabtwfim0us376.png "/>
IP-based access control: 2.4 New features
allow all hosts access: Require all granted
Deny all host access: Require all deny
Control access to a host:
Require IP ipaddr
Require not IP ipaddr
Require host IPAddr
Require not host IPAddr
<directory "/www/web/martin" > Options none allowoverride all Require IP 192.168.1 requi Re all denied</directory>
Status
[Email protected] htdocs]# vim/etc/httpd/httpd.conf LoadModule status_module modules/mod_status.soinclude/etc/httpd /extra/httpd-info.conf
[Email protected] htdocs]# vim/etc/httpd/extra/httpd-info.conf <Location/server-status> SetHandler Server-sta Tus #Require host. example.com Require IP 127 Require IP 192.168.1</location>
650) this.width=650; "style=" width:500px;height:435px; "src=" http://s4.51cto.com/wyfs02/M02/80/7B/ Wkiol1dcyusr7u21aanhkx_uv5y145.png "title=" d.png "border=" 0 "vspace=" 0 "width=" $ "height=" 435 "hspace=" 0 "alt=" Wkiol1dcyusr7u21aanhkx_uv5y145.png "/>
This is a httpd embedded handler that can view the status of the current server through status. It shows the statistics of the current server through an HTML page. These data typically include, but are not limited to:
(1) Number of worker processes in the working state;
(2) Number of worker processes in idle state;
(3) the state of each worker, including the number of requests that the worker has responded to, and the number of bytes of content sent by this worker;
(4) The total number of bytes sent by the current server;
(5) The current length of time since the server was last started or rebooted;
(6) The average number of requests per second, the average number of bytes sent per second, and the average number of bytes of content requested by each request;
User-based access control
<directory "/www/web/martin" > Options none authtype Basic authname "Admin status" Authu SERFILE/ETC/HTTPD/CONF/.HTPASSWD allowoverride all Require IP 192.168.1 Require all denied </d Irectory>
[Email protected] httpd]#/usr/local/apache/bin/htpasswd-m-c/etc/httpd/.htpasswd adminnew password:re-type New PASSW ord:adding Password for user admin
650) this.width=650; "style=" width:300px;height:102px; "src=" http://s1.51cto.com/wyfs02/M01/80/7C/ Wkiom1dcygzagi2yaadzd00okwq929.png "title=" e.png "border=" 0 "vspace=" 0 "width=" "height=" 102 "hspace=" 0 "alt=" Wkiom1dcygzagi2yaadzd00okwq929.png "/>
Apache Services HTTPS, access control, status and other functions