Configure Apache encrypted authentication access in linux

1. Check that the mod_ssl module is installed.

My machine is centos and the system. Run the following command:

Yum install-y mod_ssl

2. Use openssl tools to Generate Keys, certificate request files, and certificates

Run the following command in the/usr/local/httpd directory.

2.1 generate a key

Openssl genrsa 1024> server. key

Note: The 128-bit rsa algorithm is used to generate the key and obtain the server. key File.

2.2 generate a certificate request file

Openssl req-new-out server. csr

Note: This is to use the key in step 1 to generate the certificate request file server. csr. Many questions are raised in this step.

2.3 generate a certificate

Command: openssl req-x509-days 365-key server. key-in server. csr> server. crt

Note: This is to generate the Certificate server. crt using the key and certificate request in step 1 and 2. The-days parameter specifies the certificate validity period, in days

3. Configure apache

Modify httpd. conf

LoadModule ssl_module/usr/lib64/httpd/modules/mod_ssl.so

Listen 443.
Namevirtualhost*: 443
<VirtualHost *: 443>

# General setup for the virtual host
DocumentRoot "/usr/local/httpd/htdocs/ssl"
ServerName ssl.baishiz.com: 443
ServerAdmin you@example.com
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"

SSLEngine on
SSLProtocol all-SSLv2
SSLCipherSuite HIGH: MEDIUM :! ANULL :! MD5

SSLCertificateFile "/usr/local/httpd/server. crt"
SSLCertificateKeyFile "/usr/local/httpd/server. key"

<FilesMatch "\. (cgi | shtml | phtml | php) $">
SSLOptions + StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions + StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
Nokeepalive ssl-unclean-shutdown \
Downgrade-1.0 force-response-1.0
CustomLog "/usr/local/httpd/logs/ssl_request_log "\
"% T % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \" % r \ "% B"

</VirtualHost>