Case: Implementation of SSL certificate
principle: to implement the security of the httpd site , install the server certificate on the Web Server, the client browser establishes an SSL connection with the server certificate, The data transmitted on the SSL connection is encrypted,and theSSL certificate is used primarily for the server's data transmission link encryption and authentication, binding the website domain name.
Configuring the Web Server (linux)
1. Install httpd, software
Yum--disablerepo=\*--enablerepo=c6-media Install httpd-y
2.service httpd start to open httpd Services
3.cd/var/www/html into the catalogue
Ll-a Viewing the files in the directory
Vim. htaccess
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/20/wKioL1RMUcTydjg7AAC4EJINBjw960.jpg "title=" 1.png " alt= "Wkiol1rmuctydjg7aac4ejinbjw960.jpg"/>
4.cd/var/www Enter the directory to create the account library
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUdHSMfbdAADBiNn0MXE830.jpg "title=" 2.png " alt= "Wkiol1rmudhsmfbdaadbinn0mxe830.jpg"/>
5.vim/etc/httpd/conf/httpd.conf modifying the http configuration file
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/1F/wKiom1RMUYqQpAH7AADGLVZLQDI875.jpg "title=" 3.png " alt= "Wkiom1rmuyqqpah7aadglvzlqdi875.jpg"/>
6. test, open PC Browser input http:/192.168.88.100, appear
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/20/wKioL1RMUe7hfDk7AAHV2AnNgOk443.jpg "title=" 4.png " alt= "Wkiol1rmue7hfdk7aahv2anngok443.jpg"/>
7.cd/etc/pki/ca Enter
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUh2zw3JeAAFNzzlKNXE064.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1rmuh2zw3jeaafnzzlknxe064.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/1F/wKiom1RMUcvRC2kwAAGEfQvmJ5U128.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1rmucvrc2kwaagefqvmj5u128.jpg "/>
8. generate private key, move, change permissions
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/1F/wKiom1RMUf7hRG3JAAZCaHyVoyw047.jpg "title=" 7.png " alt= "Wkiom1rmuf7hrg3jaazcahyvoyw047.jpg"/>
the 9.CA itself can generate a certificate, so there is no need to generate a request to generate the certificate directly
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/20/wKioL1RMUmqTEgy6AAL7ZRgszaA128.jpg "title=" 8.png " alt= "Wkiol1rmumqtegy6aal7zrgszaa128.jpg"/>
Install mod_ssl, certificate issuance tools !
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/1F/wKiom1RMUiuBQy6OAAOeLESEy8o833.jpg "title=" 9.png " alt= "Wkiom1rmuiubqy6oaaoelesey8o833.jpg"/>
11.mkdir/etc/httpd/certs creating a directory, storing the issuing certificate
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUpOzpy70AAUjgS-Lqas294.jpg "title=" 10.png "alt=" Wkiol1rmupozpy70aaujgs-lqas294.jpg "/>
A.. generate public key request, stored in /etc/httpd/certs
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/1F/wKiom1RMUleTrdN_AANzTLDBtn8678.jpg "title=" 11.png "alt=" Wkiom1rmuletrdn_aanztldbtn8678.jpg "/>
Request a CA to issue a certificate
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/20/wKioL1RMUrihuJZHAAH1BKTsS14105.jpg "title=" 12.png "alt=" Wkiol1rmurihujzhaah1bktss14105.jpg "/>
14./etc/httpd/conf.d/ Enter this directory and modify the ssl.conf
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/25/wKioL1RMlG3icxp7AAPVukfU7qg133.jpg "title=" 13.png "alt=" Wkiol1rmlg3icxp7aapvukfu7qg133.jpg "/>
Restart , turn off the firewall
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlHzgGUZxAAIhptTcuYo013.jpg "title=" 14.png "alt=" Wkiol1rmlhzgguzxaaihpttcuyo013.jpg "/>
input https://192.168.88.100, accessed via 443 port, appears,
Review the certificate, select the certificate path, select General, and then install the certificate to import successfully.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/24/wKiom1RMlD7hbqYRAAENcN8Ye6g498.jpg "style=" float: none; "title=" 15.png "alt=" Wkiom1rmld7hbqyraaencn8ye6g498.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlJCSOYZCAAHt7GT62WU078.jpg "style=" float: none; "title=" 16.png "alt=" Wkiol1rmljcsoyzcaaht7gt62wu078.jpg "/>
https://192.168.88.100 again , appears
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/25/wKioL1RMlMzxjOt1AAFBLduaLc4674.jpg "title=" 17.png "alt=" Wkiol1rmlmzxjot1aafbldualc4674.jpg "/>
The certification authority has been trusted!
This article is from the "Wang Supeng blog" blog, make sure to keep this source http://wangcf1009.blog.51cto.com/8589325/1568284
Apache Site authentication and implementation of SSL certificates