If you are browsing Baidu, or Google is not difficult to find, these sites have achieved the total station Https,https relative to HTTP, due to the increased SSL tunneling mechanism, security has been greatly improved, so the whole station HTTPS will be the trend of the future site, and httpd default is not support HTTPS, because HTTPD has a strong module support, here we httpd many modules in a--MOD_SSL to achieve HTTPS.
As we all know, HTTP is based on the text protocol to transfer data, the default is to use TCP port 80 for external communication, and HTTPS is different, HTTPS based on the protocol transmission in binary format, security is guaranteed, by default, TCP 443 port to communicate. Because SSL sessions are based on IP addresses, implementations on FQDN-based virtual hosts are not supported.
First you need to install the Mod_ssl module:
]# yum-y Install Mod_ssl
Generated files:
]# rpm-ql mod_ssl/etc/httpd/conf.d/ssl.conf//config file, we need to indicate where our certificate is located, use the/etc/httpd/conf.modules.d/00- Ssl.conf/usr/lib64/httpd/modules/mod_ssl.so/usr/libexec/httpd-ssl-pass-dialog/var/cache/httpd/ssl
When the installation is complete, ensure that the module is loaded:
]# httpd-mloaded Modules: ... \ \ Here omit Ssl_module (shared)//Make sure this module is loaded ... \ \ \ \ \ \ Omit here
Start the httpd service at this time:
] # Systemctl Start httpd
Make sure that TCP 80 and 443 ports are already listening:
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/8D/4E/wKiom1iW3HrhoT62AAC0kVZI6B4241.png-wh_500x0-wm_3 -wmp_4-s_2904188055.png "title=" Qq20170205-160343.png "alt=" Wkiom1iw3hrhot62aac0kvzi6b4241.png-wh_50 "/>
To use HTTPS, the server requires a certificate (public and private), and you can execute the make command in the/etc/pki/tls/certs/directory to create a test certificate:
To create a private key:
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8D/4C/wKioL1iW54ijFxopAAE6AGeiPgA020.png-wh_500x0-wm_3 -wmp_4-s_2855868989.png "title=" Qq20170205-165055.png "alt=" Wkiol1iw54ijfxopaae6ageipga020.png-wh_50 "/>
For the security of the private key, place the private key in the system-specific directory:
CP auth.key/etc/pki/ca/private/
To create a certificate:
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8D/4E/wKiom1iW5rLxHdooAALR73ZmY4A072.png-wh_500x0-wm_3 -wmp_4-s_3731306278.png "title=" Qq20170205-164722.png "alt=" Wkiom1iw5rlxhdooaalr73zmy4a072.png-wh_50 "/>
Now that the certificate file for the experiment has been created, modify the Mod_ssl configuration file below to be known as our certificate store location:
To edit a configuration file:
]# vim/etc/httpd/conf.d/ssl.conf
And make the following changes:
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8D/4C/wKioL1iW62Hg4YDSAAHihmuK7QA471.png-wh_500x0-wm_3 -wmp_4-s_2687449900.png "title=" Qq20170205-170731.png "alt=" Wkiol1iw62hg4ydsaahihmuk7qa471.png-wh_50 "/>
Restart the HTTPD service:
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8D/4F/wKiom1iW6_jw9H30AABj5YyQZCE154.png-wh_500x0-wm_3 -wmp_4-s_2647867317.png "title=" Qq20170205-170940.png "alt=" Wkiom1iw6_jw9h30aabj5yyqzce154.png-wh_50 "/>
To view the port monitoring situation:
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8D/4F/wKiom1iW7FPQ87ziAADJpI2-r6M311.png-wh_500x0-wm_3 -wmp_4-s_4210392088.png "title=" Qq20170205-171113.png "alt=" Wkiom1iw7fpq87ziaadjpi2-r6m311.png-wh_50 "/>
Copy the certificate file to the test host:
]# SCP auth.crt [email protected]:~/desktop/
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8D/4D/wKioL1iXEnOgQ6PpAAElD7OqogI412.png-wh_500x0-wm_3 -wmp_4-s_1121123683.png "title=" Qq20170205-195409.png "alt=" Wkiol1ixenogq6ppaaeld7oqogi412.png-wh_50 "/>
After replication succeeds, the desktop has a file Auth.crt file, double-click Import System:
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8D/4D/wKioL1iXFVHRmYZgAAHGaf7tjIo517.png-wh_500x0-wm_3 -wmp_4-s_1696858915.png "title=" Qq20170205-195715.png "alt=" Wkiol1ixfvhrmyzgaahgaf7tjio517.png-wh_50 "/>
Open the browser, enter the URL, test:
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8D/4D/wKioL1iXFZ_DrEqPAAJ_-CGsgns460.png-wh_500x0-wm_3 -wmp_4-s_3470336602.png "title=" Qq20170205-194927.png "alt=" Wkiol1ixfz_dreqpaaj_-cgsgns460.png-wh_50 "/>
At this point, the httpd-based MOD_SSL module implements HTTPS successfully.
This article from "Always on the Pass" blog, reproduced please contact the author!
Implementation of HTTPD support for SSL based on the Mod_ssl module