Compile Apache under CentOS 6.2 to support HTTPS

HTTPS (full name: Hypertext Transfer Protocol over secure Socket Layer), is a security-targeted HTTP channel, simply speaking, the secure version of HTTP. The SSL layer is added to HTTP, and the security basis for HTTPS is SSL, so the details of the encryption require SSL. It is a URI scheme (abstract identifier system), syntax similar to http: System. Used for secure HTTP data transfer. Https:url indicates that it uses HTTP, but HTTPS has a default port that differs from HTTP and an encryption/authentication layer (between HTTP and TCP). The system, initially developed by Netscape, provides authentication and encryption methods, and is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments.

Brief introduction

It is developed by Netscape and built into its browser to compress and decompress data, and to return the results that are sent back over the network. HTTPS actually applies Netscape's Secure Sockets Layer (SSL) as a child of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP for communication like HTTP.) SSL uses the 40-bit keyword as the RC4 stream encryption algorithm, which is appropriate for business information encryption. HTTPS and SSL support use X.509 digital authentication, and users can confirm who the sender is if needed. In other words, its main function can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission, the other is to confirm the authenticity of the site.

Centos 6.2 To configure the HTTPS server, the required friends can refer to the next step.

The difference between HTTPS and HTTP

First, the HTTPS protocol to the CA to apply for a certificate, the general free certificate is very small, need to pay fees. HTTP is a Hypertext Transfer Protocol, information is transmitted in clear text, and HTTPS is a secure SSL encrypted transport protocol. Three, HTTP and HTTPS use a completely different connection method, the port is not the same, the former is 80, the latter is 443. Four, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol, which is constructed by Ssl+http protocol, which can encrypt transmission and authentication, and is more secure than HTTP protocol.

Issues addressed by HTTPS

First, trust the host problem.

The server using HTTPS must request a certificate from the CA (certificate authority) to prove the server use type. The client trusts this host only when the certificate is used for the corresponding server. So at present all the Bank system website, the key part application all is HTTPS. The client trusts the host by trusting the certificate. This is actually inefficient, but banks are more focused on safety. This has no objection to us, our server, the use of the certificate whether it is published or from the public place, its clients are our own, so we will certainly trust the server.

Ii. disclosure of data in the course of communication and tampering with 1. In general, HTTPS means that the server has a certificate. A The main purpose is to ensure that the server is the server he claims, this is the same as the 1th. b All communications between the server and the client are encrypted. I. Specifically, the client produces a symmetric key, through the server's certificate to exchange the key, that is, the general sense of the handshake process. Ii. All subsequent information flows are encrypted. A third party, even if intercepted, doesn't make any sense, because he doesn't have a key, and of course tampering doesn't make any sense. 2. A few requests to the client require that the client must also have a certificate. A the client certificate here, in fact, similar to the personal information, in addition to user name/password, there is a CA authenticated identity. Because personal certificates are generally not simulated by others, all of this can be a deeper confirmation of their identity. b currently a small number of personal banking Professional Edition is this practice, the specific certificate may be a U disk (that is, U shield) as a backup of the carrier

If you pay attention to me more, you will certainly look familiar, the above introduction from the RPM version of the installation. Also you can learn from (CentOS 6.2 to configure HTTPS and implement SSL virtual host)

Note: The compilation parameters used here are architecture services for LDAP, and if you simply require SSL services, or Web architectures, you must subtract the corresponding parameters

Install OpenSSL

[Root@chenyi ldmp]# tar zxf openssl-1.0.0e.tar.gz 
[Root@chenyi ldmp]# cd openssl-1.0.0e
[Root@chenyi openssl-1.0.0e]#./config--prefix=/software/ssl--openssldir=/software/openssl shared
[Root@chenyi openssl-1.0.0e]# make && make test &&make Install

Install Apr

[Root@chenyi ldmp]# tar zxf apr-1.4.5.tar.gz 
[Root@chenyi ldmp]# cd apr-1.4.5
[Root@chenyi apr-1.4.5]#./ Configure--PREFIX=/SOFTWARE/APR
[Root@chenyi apr-1.4.5]# make && make install

Install Apr-util

[Root@chenyi apr-util-1.3.12]# tar zxf apr-util-1.3.12.tar.gz
[Root@chenyi apr-util-1.3.12]# CD apr-util-1.3.12
[Root@chenyi apr-util-1.3.12]#  ./configure--prefix=/software/apr-util--with-apr=/software/apr/-- with-ldap-include=/software/openldap/include/--with-ldap-lib=/software/openldap/lib/--with-berkeley-db=/ software/berkeleydb.5.2/[Root@chenyi apr-util-1.3.12]# make && make install

Install Apache

[Root@chenyi httpd-2.2.21]# tar zxf httpd-2.2.21.tar.gz
[Root@chenyi httpd-2.2.21]# cd httpd-2.2.21
[ Root@chenyi httpd-2.2.21]#./configure--prefix=/software/apache2--sysconfdir=/etc/httpd--enable-ssl--with-ssl=/ software/openssl/--with-z=/software/zlib/--enable-rewrite=shared--enable-static-support--enable-deflate=shared --enable-so--enable-dav--enable-dav-fs--enable-ldap--enable-authnz-ldap--with-included-apr-- with-ldap-include=/software/openldap/include/--with-ldap-lib=/software/openldap/lib--with-apr=/software/apr/ Bin/apr-1-config--with-apr-util=/software/apr-util/bin/apu-1-config
[Root@chenyi httpd-2.2.21]# Make & & Make Install