Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not repeat the DNS resolution here. I will see the dns resolution situation in this demonstration: [root @ localhosthtml] # nslookupwww. abc. comServer: 192.168.2.115Address: 1
Here is a simple demonstration of encrypted access-https encrypted access under Apache.
1. I will not go into details about DNS resolution here. I will discuss the dns resolution situation in this demonstration:
[Root @ localhost html] # nslookup www. abc. comServer: 192.168.2.115Address: 192.168.2.115 #53 Name: www. abc. comAddress: 192.168.2.115
2. install the Apache SSL Support Module: # yum install-y mod_ssl (httpd is not installed by default in yum. after installation, it will automatically generate/etc/httpd/conf. d/ssl. conf file) and generate the certificate.
[Root @ localhost certs] # pwd/etc/pki/tls/certs [root @ localhost certs] # lsca-bundle.crt index.html localhost. crt Makefileca-bundle.trust.crt localhost1.crt make-dummy-cert [root @ localhost certs] # openssl req-utf8-new-key .. /private/localhost. key-x509-days 3650-out abc_com.crtYou are about to be asked to enter information that will be inreceivatedinto your certificate request. what you are about Enter is what is called a Distinguished Name or a DN. there are quite a few fields but you can leave some blankFor some fields there will be a default value, If you enter '. ', the field will be left blank. -? Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: 510510 Locality Name (eg, city) [Default City]: GZOrganization Name (eg, company) [Default Company Ltd]: ABC. COMOrganizational Unit Name (eg, section) []: Mr. zhangCommon Name (eg, your name or your server's hostname) []: www. abc. comEmail Address []: root@abc.com [root @ localhost certs] #
3. configure Apache. The basic configuration is not mentioned here. The following describes how to configure http access for the www.abc.com site.
[Root @ localhost html] # tail-n 8/etc/httpd/conf/httpd. confNameVirtualhost 192.168.2.115: 80 ServerAdmin webmaster@dummy-host.example.comDocumentRoot/var/www/html ServerName www.abc.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common [Root @ localhost html] # tail/var/www/html/index.html www.abc.com [root @ localhost html] #
4. configure Apache to support https access to the www.abc.com site, edit the vim/etc/httpd/conf. d/ssl. conf file, and create information related to https access to the www.abc.com site. Add the following configuration.
DocumentRoot "/var/www/html/www.kuteatest.net" # // for the display effect, the site directory here is different. generally, a domain name should point to the same directory. ServerName www.abc.com: 443 ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_loglevel warnSSLEngine onSSLProtocol all-SSLv2SSLCipherSuite ALL :! ADH :! EXPORT :! SSLv2: RC4 + RSA: + HIGH: + MEDIUM: + LOWSSLCertificateFile/etc/pki/tls/certs/abc_com.crtSSLCertificateKeyFile/etc/pki/tls/private/localhost. key SSLOptions + StdEnvVars SSLOptions + StdEnvVars SetEnvIf User-Agent ". * MSIE. * "\ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0CustomLog logs/ssl_request_log \" % t % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \ "% r \" % b"
4. restart the Apache service to test access.