I. Basic Knowledge
Httpd: SSL
The SSL module creates an SSL session separately based on an IP address. Therefore, only one SSL session is created for each IP address. The work to complete the SSL handshake is as follows: exchange Protocol version number select the encryption method supported by both parties. The client implements authentication and key exchange for the server. HTTPS protocol: Based on the SSL binary code, 443/tcpopenssl s_client verifies the server certificate: validity Check: whether the certificate is still valid ca credibility check: Certificate integrity check: the identity of the owner
Ii. Review of OpenSSL knowledge
Cd /etc/pki/CA(umask 077; openssl genrsa -out private/cakey.pem 1024)Vim /etc/pki/tls/openssl.cnfOpenssl req -new -x509 -key privvate/cakey.pem -out cacreat.pem -days 1000Touch serial index.txtMkdir /etc/httpd/sslCd /etc/httpd/ssl(umask 077; openss genrsa -out httpd.key 1024)Openssl req -new -key httpd.key -out httpd.csrOpenssl ca -in httpd.csr -out httpd.crt -days 1000
Iii. Experiment
Configure httpd to work on https:
1 install the mod_ssl module
# Yum install mod_ssl
2. self-built server ca signed
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-31891 "border =" 0 "alt =" wps_clip_image-31891 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670289Mpyh.png "Height =" 372 "/>
Modify the configuration file Vim/etc/pki/tls/OpenSSL. CNF
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-1178 "border =" 0 "alt =" wps_clip_image-1178 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670309B1Vr.png "Height =" 340 "/>
3. Generate a private key for the server,
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-16404 "border =" 0 "alt =" wps_clip_image-16404 "src =" http://img1.51cto.com/attachment/201408/10/8400375_14076703396TI0.png "Height =" 329 "/>
And provide it with a certificate. The signed certificate is:/etc/httpd/SSL/httpd. CRT
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-17894 "border =" 0 "alt =" wps_clip_image-17894 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670370ZNJm.png "Height =" 263 "/>
4. Configure SSL for the Virtual Host module using https
Vim/etc/CONF. d/SSL. conf
Sslcertificatefile
Sslcertificatekeyfile
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-13024 "border =" 0 "alt =" wps_clip_image-13024 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670424tVxC.png "Height =" 267 "/>
5. VM Configuration
<Virtualhost IP: 443>
DocumentRoot
Servername
</Virtualhost>
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-15121 "border =" 0 "alt =" wps_clip_image-15121 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670431wNrD.png "Height =" 211 "/>
6. Reload the configuration
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-5582 "border =" 0 "alt =" wps_clip_image-5582 "src =" http://img1.51cto.com/attachment/201408/10/8400375_14076704436mw9.png "Height =" 243 "/>
7. Experiment results,
650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" wps_clip_image-18843 "border =" 0 "alt =" wps_clip_image-18843 "src =" http://img1.51cto.com/attachment/201408/10/8400375_1407670452LcxQ.png "Height =" 315 "/>