CentOS 7 self-generated certificate configuration SSL WEB

CentOS 7 self-generated certificate configuration SSL WEB

# Install Apache [root @ server0 ~] # Yum-y install httpd mod_ssl # add firewall rules [root @ server0 ~] # Firewall-cmd -- permanent -- add-server = 80/tcp [root @ server0 ~] # Firewall-cmd -- permanent -- add-server = 443/tcp [root @ server0 ~] # Firewall-cmd -- permanent -- add-server = 8080/tcp; firewall-cmd -- reload [root @ server0 ~] # Systemctl restart httpd; systemctl enable httpd

# Configure selinux security context [root @ server0 ~] # Semanaga port-a-t http_port_t {80,443,808 0} [root @ server0 ssl] # mkdir/etc/httpd/ssl; cd/etc/httpd/ssl

# Generate KEY
[Root @ server0 ssl] # openssl genrsa-des3-out vqiu.cn. key 2048
# Password Removal
[Root @ server0 ssl] # openssl rsa-in vqiu.cn. key-out vqiu.cn. key # generate a certificate issuance request and certificate key
[Root @ server0 ssl] # openssl req-new-nodes-key vqiu.cn. key-out vqiu.cn. csr
# Generate a certificate using csr. Take vqiu.cn as an example.
[Root @ server0 ssl] # openssl x509-req-days 3650-in vqiu.cn. csr-signkey vqiu.cn. key-out vqiu.cn. crt
# After the crt is generated, the csr can be deleted [Skipped]
[Root @ server0 ssl] # rm vqiu.cn. csr-f

[Root @ server0 ssl] # cat/etc/httpd/conf. d/vqiu.cn. conf <IfModule mod_ssl.c> Listen 443 https </IfModule> <VirtualHost _ default _: 443> ServerName server0.vqiu.cn DocumentRoot/var/www/html SSLEngine on SSLProtocol all-SSLv2 SSLCipherSuite HIGH: MEDIUM :! ANULL :! MD5 SSLCertificateFile/etc/httpd/ssl/vqiu.cn. crt SSLCertificateKeyFile/etc/httpd/ssl/vqiu.cn. key </VirtualHost> # generate a test page [root @ server0 ssl] # echo "test">/var/www/html/index.html # restart the httpd service [root @ server0 ssl] # systemctl restart httpd