Here is a simple demonstration of encrypted access-https encrypted access under Apache.
1. I will not go into details about DNS resolution here. I will discuss the dns resolution situation in this demonstration:
[Root @ localhost html] # nslookup www. abc. comServer: 192.168.2.115Address: 192.168.2.115 #53 Name: www. abc. comAddress: 192.168.2.115
2. install the Apache SSL support module: # yum install-y mod_ssl (httpd is not installed by default in yum. After installation, it will automatically generate/etc/httpd/conf. d/ssl. conf file) and generate the certificate.
[Root @ localhost certs] # pwd/etc/pki/tls/certs [root @ localhost certs] # lsca-bundle.crt index.html localhost. crt Makefileca-bundle.trust.crt localhost1.crt make-dummy-cert [root @ localhost certs] # openssl req-utf8-new-key .. /private/localhost. key-x509-days 3650-out abc_com.crtYou are about to be asked to enter information that will be inreceivatedinto your certificate request. what you are about to enter is what is called a Distinguished Name or a DN. there are quite a few fields but you can leave some blankFor some fields there will be a default value, If you enter '. ', the field will be left blank. -- Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: 510510 Locality Name (eg, city) [Default City]: GZOrganization Name (eg, company) [Default Company Ltd]: ABC. COMOrganizational Unit Name (eg, section) []: Mr. zhangCommon Name (eg, your name or your server's hostname) []: www. abc. comEmail Address []: root@abc.com [root @ localhost certs] #
3. Configure Apache. The basic configuration is not mentioned here. The following describes how to configure http access for the www.abc.com site.
[Root @ localhost html] # tail-n 8/etc/httpd/conf/httpd. confNameVirtualhost 192.168.2.115: 80 <VirtualHost www.abc.com: 80> ServerAdmin webmaster@dummy-host.example.comDocumentRoot/var/www/html ServerName www.abc.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> [root @ localhost html] # tail/var/www/html/ index.html www.abc.com [root @ localhost html] #
4. Configure Apache to support https access to the www.abc.com site, edit the vim/etc/httpd/conf. d/ssl. conf file, and create information related to https access to the www.abc.com site. Add the following configuration.
<VirtualHost www.abc.com: 443> DocumentRoot "/var/www/html/www.kuteatest.net" # // For the display effect, the site directory here is different. Generally, a domain name should point to the same directory. ServerName www.abc.com: 443 ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_loglevel warnSSLEngine onSSLProtocol all-SSLv2SSLCipherSuite ALL :! ADH :! EXPORT :! SSLv2: RC4 + RSA: + HIGH: + MEDIUM: + LOWSSLCertificateFile/etc/pki/tls/certs/abc_com.crtSSLCertificateKeyFile/etc/pki/tls/private/localhost. key <Files ~ "\. (Cgi | shtml | phtml | php3 ?) $ "> SSLOptions + StdEnvVars </Files> <Directory"/var/www/cgi-bin "> SSLOptions + StdEnvVars </Directory> SetEnvIf User-Agent". * MSIE. * "\ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0CustomLog logs/ssl_request_log \" % t % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \ "% r \" % B "</VirtualHost>
4. Restart the Apache service to test access.
Test http access results
Test https access results
The certificate information is consistent with the self-built crt information.
The final result of https access