Installation and configuration of Apache SSL (Linux)

Kylin: apache is very popular, but there are not many articles on installing apache ssl in linux. I wrote this article in detail and shared it with you.
 
Line listening on the internet is everywhere, and data transmitted in plain text may be stolen without any worries. The SSL encrypted connection of Apache can help viewers transmit data more securely and reliably. Generally, the common HTTP protocol URL starts with http: //, while the SSL encryption protocol starts with https. This article describes how to configure the SSL encryption module in apache through the repository (yum, apt-get) in CentOS.
 
Lab environment:
CentOS release 5.7 (Final)
Apache/2.2.3
 
 
First install Apache
1 [root @ www ~] # Yum install httpd
 
In most cases, installing Apache requires installation of php, Mysql, and other modules.
 
After the Apache environment is deployed, start
 
 
 
Install the SSL module
1 [root @ www ~] # Yum install mod_ssl
 
After the installation is complete, restart the Apache service:
 
1 [root @ www ~] #/Etc/init. d/httpd restart
 
After mod_ssl is installed, a default SSL certificate is created, which is located at/etc/pki/tls. Now, you can access the server through https:
 
Https: // IP/
If you do not use the default certificate, you can also use OPENSSL to manually create a certificate.
 
 
 
Use OPENSSL to manually create a certificate
Run the following command to install OPENSSL:
 
1 [root @ www ~] # Yum install openssl
 
To generate a certificate file, follow these steps:
 
1. Create a private key
 
1 [root @ www ~] # Openssl genrsa-out server. key 1024
 
2. Use the private key server. key File to generate the CSR request for signing the certificate
 
1 [root @ www ~] # Openssl req-new-key server. key-out server. csr
 
In this step, enter the certificate information as follows:
 
Country Name (2 letter code) [GB]: [enter the Country Name with two characters here. CN in China]
State or Province Name (full name) [Berkshire]: [Province Name, for example, beijing is beijing]
Locality Name (eg, city) [Newbury]: [city Name, such as beijing]
Organization Name (eg, company) [My Company Ltd]: [company Name]
Organizational Unit Name (eg, section) []: [Department Name]
Common Name (eg, your name or your server's hostname) []: [Name, usually the Certificate name]
Email Address []: [Email Address]
 
Then a challenge password is required. If you do not need to enter the password, press enter directly.
3. Generate the certificate CRT File
 
1 [root @ www ~] # Openssl x509-days 3650-req-in server. csr-signkey server. key-out server. crt
 
The certificate generated above is valid for 10 years (it's too long, generally three years)
 
At this time, the certificate-related files have been generated. The current folder should contain three files: server. crt, server. csr, and server. key.
 
If you are a perfectionist, you should put these three files in the "Official Directory" of the certificate. The province will not find the files after they are randomly placed:
 
1 [root @ www ~] # Mkdir/etc/pki/tls/mycert
 
2 [root @ www ~] # Mv server. */etc/pki/tls/mycert
 
Finally, you only need to modify the configuration file to specify the certificate path:
 
4. Specify the certificate path
 
Open the Apache SSL configuration file/etc/httpd/conf. d/ssl. conf:
 
1 [root @ www ~] # Vi/etc/httpd/conf. d/ssl. conf
 
Find the following section:
 
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# The certificate is encrypted, then you will be prompted for
# Pass phrase. Note that a kill-HUP will prompt again. A new
# Certificate can be generated using the genkey (1) command.
SSLCertificateFile/etc/pki/tls/mycert/server. crt
 
# Server Private Key:
# If the key is not combined with the certificate, use this
# Directive to point at the key file. Keep in mind that if
# You 've both a RSA and a DSA private key you can configure
# Both in parallel (to also allow the use of DSA ciphers, etc .)
SSLCertificateKeyFile/etc/pki/tls/mycert/server. key
Note the red text modification part. Make sure that the path points to the server. crt and server. key you just created.
 
5. Restart Apache2.
 
1 [root @ www ~] #/Etc/init. d/httpd restart
 
The new certificate takes effect now. Refresh the browser and click the certificate icon in the browser to view the certificate information you just created:
 
 
 
[Note] This article