Setting up a Web site on Linux (iii)--setting up an HTTPS service in httpd2.2

HTTPS is a security-targeted HTTP channel, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption requires SSL.

The following is a summary of the steps to set up HTTPS services under https2.2

1. Create a private CA:

Using the OpenSSL command, details: http://blog.51cto.com/papapa213/2096589

1) Create the CA's private key:

(Umask 077;openssl GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.PEM 2048)

2) generate the self-visa book:

OpenSSL req-new-x509-key/etc/pki/ca/private/cakey.pem-out/etc/pki/ca/cacert.pem-days 3653

After that, you need to fill in the corresponding information in the interactive interface, country, region, city, unit, etc., the generated certificate is encrypted data

3) Complete the directory and text file structure required by CA:

Touch/etc/pki/ca/index.txt

echo >/etc/pki/ca/serial

2. Create an HTTPS site:

1) Generate a key for the HTTPD server and generate a certificate request

OpenSSL genrsa-out/etc/httpd/ssl/httpd.key 2048openssl req-new-key/etc/httpd/ssl/httpd.key-out httpd.csr-days 3653

2) issue the certificate on the CA:

OpenSSL ca-in/etc/httpd/ssl/httpd.csr-out/etc/pki/ca/certs/httpd.crt-days 3653

3) Transfer the certificate issued on the CA to the HTTPD server:

cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/

4) Delete the certificate request file

Rm-f/ETC/HTTPD/SSL/HTTPD.CSR

5) Configure SSL support on the HTTPD server

① Installing the Mod_ssl module:

Yum-y Install Mod_ssl

② modifying content in a/etc/httpd/conf.d/ssl.conf configuration file

<virtualhost 192.168.109.2:443> DocumentRoot "/myvhost/https" ServerName .... Sslcertificatefile/etc/httpd/ssl/httpd.crtsslcertificatekeyfile/etc/httpd/ssl/httpd.key ...

③ Add a new page:

echo "https" >/mychost/https/index.html

Visit https://192.168.109.2 at this time

Setting up a Web site on Linux (iii)--setting up an HTTPS service in httpd2.2