Apache Site authentication and implementation of SSL certificates

Last Update:2014-10-27 Source: Internet

Author: User

Tags ssl certificate ssl connection

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Case: Implementation of SSL certificate

principle: to implement the security of the httpd site , install the server certificate on the Web Server, the client browser establishes an SSL connection with the server certificate, The data transmitted on the SSL connection is encrypted,and theSSL certificate is used primarily for the server's data transmission link encryption and authentication, binding the website domain name.

Configuring the Web Server (linux)

1. Install httpd, software

Yum--disablerepo=\*--enablerepo=c6-media Install httpd-y

2.service httpd start to open httpd Services

3.cd/var/www/html into the catalogue

Ll-a Viewing the files in the directory

Vim. htaccess

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/20/wKioL1RMUcTydjg7AAC4EJINBjw960.jpg "title=" 1.png " alt= "Wkiol1rmuctydjg7aac4ejinbjw960.jpg"/>

4.cd/var/www Enter the directory to create the account library

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUdHSMfbdAADBiNn0MXE830.jpg "title=" 2.png " alt= "Wkiol1rmudhsmfbdaadbinn0mxe830.jpg"/>

5.vim/etc/httpd/conf/httpd.conf modifying the http configuration file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/1F/wKiom1RMUYqQpAH7AADGLVZLQDI875.jpg "title=" 3.png " alt= "Wkiom1rmuyqqpah7aadglvzlqdi875.jpg"/>

6. test, open PC Browser input http:/192.168.88.100, appear

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/20/wKioL1RMUe7hfDk7AAHV2AnNgOk443.jpg "title=" 4.png " alt= "Wkiol1rmue7hfdk7aahv2anngok443.jpg"/>

7.cd/etc/pki/ca Enter

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUh2zw3JeAAFNzzlKNXE064.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1rmuh2zw3jeaafnzzlknxe064.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/1F/wKiom1RMUcvRC2kwAAGEfQvmJ5U128.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1rmucvrc2kwaagefqvmj5u128.jpg "/>

8. generate private key, move, change permissions

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/1F/wKiom1RMUf7hRG3JAAZCaHyVoyw047.jpg "title=" 7.png " alt= "Wkiom1rmuf7hrg3jaazcahyvoyw047.jpg"/>

the 9.CA itself can generate a certificate, so there is no need to generate a request to generate the certificate directly

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/20/wKioL1RMUmqTEgy6AAL7ZRgszaA128.jpg "title=" 8.png " alt= "Wkiol1rmumqtegy6aal7zrgszaa128.jpg"/>

Install mod_ssl, certificate issuance tools !

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/1F/wKiom1RMUiuBQy6OAAOeLESEy8o833.jpg "title=" 9.png " alt= "Wkiom1rmuiubqy6oaaoelesey8o833.jpg"/>

11.mkdir/etc/httpd/certs creating a directory, storing the issuing certificate

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUpOzpy70AAUjgS-Lqas294.jpg "title=" 10.png "alt=" Wkiol1rmupozpy70aaujgs-lqas294.jpg "/>

A.. generate public key request, stored in /etc/httpd/certs

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/1F/wKiom1RMUleTrdN_AANzTLDBtn8678.jpg "title=" 11.png "alt=" Wkiom1rmuletrdn_aanztldbtn8678.jpg "/>

Request a CA to issue a certificate

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUrihuJZHAAH1BKTsS14105.jpg "title=" 12.png "alt=" Wkiol1rmurihujzhaah1bktss14105.jpg "/>

14./etc/httpd/conf.d/ Enter this directory and modify the ssl.conf

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/25/wKioL1RMlG3icxp7AAPVukfU7qg133.jpg "title=" 13.png "alt=" Wkiol1rmlg3icxp7aapvukfu7qg133.jpg "/>

Restart , turn off the firewall

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlHzgGUZxAAIhptTcuYo013.jpg "title=" 14.png "alt=" Wkiol1rmlhzgguzxaaihpttcuyo013.jpg "/>

input https://192.168.88.100, accessed via 443 port, appears,

Review the certificate, select the certificate path, select General, and then install the certificate to import successfully.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/24/wKiom1RMlD7hbqYRAAENcN8Ye6g498.jpg "style=" float: none; "title=" 15.png "alt=" Wkiom1rmld7hbqyraaencn8ye6g498.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlJCSOYZCAAHt7GT62WU078.jpg "style=" float: none; "title=" 16.png "alt=" Wkiol1rmljcsoyzcaaht7gt62wu078.jpg "/>

https://192.168.88.100 again , appears

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlMzxjOt1AAFBLduaLc4674.jpg "title=" 17.png "alt=" Wkiol1rmlmzxjot1aafbldualc4674.jpg "/>

The certification authority has been trusted!

This article is from the "Wang Supeng blog" blog, make sure to keep this source http://wangcf1009.blog.51cto.com/8589325/1568284

Apache Site authentication and implementation of SSL certificates

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More