Establish an HTTPS-based Web service

Install OpenSSL first

[email protected] ~]# Yum install OpenSSL

Building a private CA server

Modifying the OPENSSL.CNF configuration file

[Email protected] ~]# VIM/ETC/PKI/TLS/OPENSSL.CNFDIR=/ETC/PKI/CA

Create a related file

[[email protected] ~]# cd/etc/pki/ca[[email protected] ~]# makdir certs newcerts crl[[email protected] ~]# touch index.tx T[[email protected] ~]# echo > serial

Generate a pair of keys

[[Email protected] ~]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)

Generate self-signed certificates

[email protected] ~]# OpenSSL req-x509-new-key private/cakey.pem-out cacert.pem-days 3650

Above CA Server Setup completed

The Web server's HTTPS is built as follows

For example, generate a key for the HTTP service

[[Email protected] ~]# (umask 077; OpenSSL genrsa http.key 1024)

Generate a certificate issuance request

[email protected] ~]# OpenSSL req-new-key http.key-out HTTP.CSR

Pass this request file (HTTP.CSR) to the CA server

Then have the CA server sign this certificate

[email protected] ~]# OpenSSL ca-in http.csr-out http.crt-days [number]

The CA server then sends the signed certificate to the client.

Configure Apache to enable SSL-related modules and SSL configuration files

[Email protected] apache~]# vim conf/httpd.confinclude conf/extra/httpd-ssl.conf

Modify the httpd-ssl.conf file, create the associated virtual host, and turn on the SSL feature, specifying the sslcertificatefile certificate file path and the Sslcertificatkeyfile key file path. Restart the HTTP service to see if 443 ports are listening.