I. HTTPS description with the daily network, information security is more and more important, the traditional website is the HTTP protocol plaintext transmission, and the HTTPS protocol is built by the SSL+HTTP protocol can be encrypted transmission, authentication network protocol, than the HTTP protocol security.
That HTTPS is how to open, with the question itself also understand the principle of HTTPS configuration and on the Ubuntu server turned on HTTPS.
Second, the configuration certificate
A very important step in configuring HTTPS is to configure the certificate.
1. Create a certificate
sudo apt-get install Ssl-cert
There are two ways to generate certificates Make-ssl-cert, one is generated by default by the tool, and one is generated by template files
#默认的方式生成
sudo make-ssl-cert generate-default-snakeoil
#按模板文件生成
sudo make-ssl-cert/usr/share/ssl-cert/ssleay.cnf/etc/ssl/private/apache2.pem
2. Create a self-signed certificate via the OpenSSL command line (the certificate generated here is also in PEM format, which contains both the private key and the public key (certificate) in the PEM format file. If you use different file names for Keyout and out, then the files corresponding to the keyout and out will hold the private key and the public key (certificate), respectively. )
sudo OpenSSL req-x509-newkey rsa:1024-keyout/etc/ssl/private/apache.pem-out/etc/ssl/private/apache.pem-nodes -days 999
#信息注解
Country Name (2 letter code) [au]:cn← Enter country code
State or province name (full name) [some-state]:jiangsu← Input province name
Locality name (eg, city) []:shanghai← Enter town name
Organization name (eg, company) [Internet widgits Pty ltd]:yiqu← Enter the corporate name
Organizational unit name (eg, section) []:rsa← Input organizational unit name
Common name (eg, YOUR name) []:extend.me← Enter host name (the hostname you want to turn on HTTPS)
email address []:[email protected]← enter e-mail addresses
3. Signing certificate
SudoOpenSSL Genrsa (-DES3) >server.key//The command in parentheses can not add this is the password authentication plus the use of the certificate need to enter the password
4. Generate a certificate request file
OpenSSL req-new-key server.key > SERVER.CSR
Third, configure Apache
1. Turn on the SSL module
A2enmod SSL
2. Enable SSL site
A2ensite Default-ssl
3. Join the Listening port
sudo vim/etc/apache2/ports.conf
#编辑Apache端口配置, join 443 port (HTTPS 443 port for data transfer)
Listen 443
4. Configure the virtual host
Edit the Default-ssl file and add the host header corresponding to the certificate.
sudo vim/etc/apache2/sites-enabled/default-ssl
ServerName extend.me
5. Configuring SSL Certificates
Configure as follows
Sslengine on Sslcertificatefile /etc/ssl/certs/ssl-cert-snakeoil.pem sslcertificatekeyfile/etc/ssl/private/ Ssl-cert-snakeoil.key SSLCERTIFICATECHAINFILE/ETC/SSL/CERTS/SERVER-CA.CRT
Re-launch Apache
And then https://extend.me the test.
The browser may report that the certificate is illegal to add an exception or else still access it's okay. self-signed certificate browser generally prompts illegal
After the configuration, you can use the grab Bag tool to see if the data transmission is encrypted.
Configure Apache to turn on HTTPS under Ubuntu