Build an encrypted site based on https

I. Basic Knowledge

Httpd: SSL

The SSL module creates an SSL session separately based on an IP address. Therefore, only one SSL session is created for each IP address. The work to complete the SSL handshake is as follows: exchange Protocol version number select the encryption method supported by both parties. The client implements authentication and key exchange for the server. HTTPS protocol: Based on the SSL binary code, 443/tcpopenssl s_client verifies the server certificate: validity Check: whether the certificate is still valid ca credibility check: Certificate integrity check: the identity of the owner

Ii. Review of OpenSSL knowledge

Cd /etc/pki/CA(umask 077; openssl genrsa -out private/cakey.pem 1024)Vim /etc/pki/tls/openssl.cnfOpenssl req -new -x509 -key privvate/cakey.pem -out cacreat.pem -days 1000Touch serial index.txtMkdir /etc/httpd/sslCd /etc/httpd/ssl(umask 077; openss genrsa -out httpd.key 1024)Openssl req -new  -key httpd.key -out httpd.csrOpenssl ca -in httpd.csr -out httpd.crt -days 1000

Iii. Experiment

Configure httpd to work on https:

1 install the mod_ssl module

# Yum install mod_ssl

2. self-built server ca signed

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-31891 "border =" 0 "alt =" wps_clip_image-31891 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670289Mpyh.png "Height =" 372 "/>

Modify the configuration file Vim/etc/pki/tls/OpenSSL. CNF

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-1178 "border =" 0 "alt =" wps_clip_image-1178 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670309B1Vr.png "Height =" 340 "/>

3. Generate a private key for the server,

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-16404 "border =" 0 "alt =" wps_clip_image-16404 "src =" http://img1.51cto.com/attachment/201408/10/8400375_14076703396TI0.png "Height =" 329 "/>

And provide it with a certificate. The signed certificate is:/etc/httpd/SSL/httpd. CRT

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-17894 "border =" 0 "alt =" wps_clip_image-17894 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670370ZNJm.png "Height =" 263 "/>

4. Configure SSL for the Virtual Host module using https

Vim/etc/CONF. d/SSL. conf

Sslcertificatefile

Sslcertificatekeyfile

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-13024 "border =" 0 "alt =" wps_clip_image-13024 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670424tVxC.png "Height =" 267 "/>

5. VM Configuration

<Virtualhost IP: 443>

DocumentRoot

Servername

</Virtualhost>

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-15121 "border =" 0 "alt =" wps_clip_image-15121 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670431wNrD.png "Height =" 211 "/>

6. Reload the configuration

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-5582 "border =" 0 "alt =" wps_clip_image-5582 "src =" http://img1.51cto.com/attachment/201408/10/8400375_14076704436mw9.png "Height =" 243 "/>

7. Experiment results,

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-18843 "border =" 0 "alt =" wps_clip_image-18843 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670452LcxQ.png "Height =" 315 "/>