How to configure HTTPS server under Centos 5 _linux

Source: Internet
Author: User
Tags openssl openssl x509 syslog
[root@centos5 ~]# yum-y install mod_ssl online installation mod_ssl
Loading "Fastestmirror" plugin
Loading mirror speeds from cached hostfile
* base:centos.candishosting.com.cn
* updates:mirror.khlug.org
* addons:centos.candishosting.com.cn
* extras:centos.candishosting.com.cn
Setting up Install Process
Parsing Package Install arguments
Resolving dependencies
--> Running Transaction Check
---> Package mod_ssl.i386 1:2.2.3-11.el5_2.centos.4 set to be updated
--> processing dependency:libdistcache.so.1 for Package:mod_ssl
--> processing dependency:libnal.so.1 for Package:mod_ssl
--> Running Transaction Check
---> Package distcache.i386 0:1.4.5-14.1 set to be updated
--> finished Dependency resolution

Dependencies resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
Mod_ssl i386 1:2.2.3-11.el5_2.centos.4 Updates

K
Installing for dependencies:
Distcache i386 1.4.5-14.1 base 119 K

Transaction Summary
=============================================================================
Install 2 Package (s)
Update 0 Package (s)
Remove 0 Package (s)

Total Download size:204 k
Downloading Packages:
(1/2): mod_ssl-2.2.3-11.e 100% |=========================| MB 00:02
(2/2): distcache-1.4.5-14 100% |=========================| 119 KB 00:03
Running Rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing:distcache ######################### [1/2]
Installing:mod_ssl ######################### [2/2]

Installed:mod_ssl.i386 1:2.2.3-11.el5_2.centos.4
Dependency Installed:distcache.i386 0:1.4.5-14.1
complete!

[Root@centos5 ~]# cd/etc/httpd/conf into the directory where the HTTP server configuration file resides
[Root@centos5 conf]# rm-rf ssl.*/server.* Delete default or residual server certificate related files

[Root@centos5 ~]# Rpm-qa |grep OpenSSL
Openssl-0.9.8b-10.el5

[Root@centos5 ~]# OpenSSL genrsa-out www.yang.com.key 1024 establish a server key
Generating RSA private key, 1024 bit long modulus
...........................................................++++++
.++++++
E is 65537 (0x10001)

[Root@centos5 ~]# OpenSSL Req-new-key www.yang.com.key-out WWW.YANG.COM.CSR establish the server public key

are about to is asked to enter information that would be incorporated
into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN.
There are quite a few fields but you can leave some
For some fields there would be a default value,
If you enter '. ', the field would be left blank.
-----
Country Name (2 letter code) [Gb]:om Enter country name
State or province name (full name) [Berkshire]:fuzhou Enter province name
Locality name (eg, city) [Newbury]:fou Enter town name
Organization name (eg, company) [Ltd]:yang name (optional)
Organizational unit Name (eg, section) []:www not entered, direct return
Common name (eg, your name or your server ' s hostname) []:www.yang.com input generic (arbitrary)
email address []:admin@yang.com Enter e-mail addresses

Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []: no input, direct return
A optional company name []: no input, direct return

[Root@centos5 ~]# Ls-l
Total 68
-RW-------1 root root 986 23:54 anaconda-ks.cfg
Drwxr-xr-x 2 root root 4096 Feb 1 02:17 Desktop
-rw-r--r--1 Root 0 Feb 1 03:06 finished
-rw-r--r--1 root root 15078 to 23:54 Install.log
-rw-r--r--1 root root 2876 to 23:53 Install.log.syslog
-rw-r--r--1 Root 0 Feb 1 03:06 Package
-rw-r--r--1 Root 0 Feb 1 03:06 processing
-rw-r--r--1 Root 0 Feb 1 03:06 Running
-rw-r--r--1 root root 684 Feb 1 04:54 WWW.YANG.COM.CSR
-rw-r--r--1 root root 887 Feb 1 04:52 www.yang.com.key

[Root@centos5 ~]# OpenSSL x509-req-days 365-in www.yang.com.csr-signkey www.yang.com.key-out WWW.YANG.COM.CRT to establish a server certificate

Signature OK
subject=/c=om/st=fuzhou/l=fou/o=yang/ou=www/cn=www.yang.com/emailaddress=admin@ yang.com
Getting Private Key

[Root@centos5 ~]# LL
Total 72
-RW-------1 root root 986 23:54 anaconda-ks.cfg
Drwxr-xr-x 2 root root 4096 Feb 1 02:17 Desktop
-rw-r--r--1 Root 0 Feb 1 03:06 finished
-rw-r--r--1 root root 15078 to 23:54 Install.log
-rw-r--r--1 root root 2876 to 23:53 Install.log.syslog
-rw-r--r--1 Root 0 Feb 1 03:06 Package
-rw-r--r--1 Root 0 Feb 1 03:06 processing
-rw-r--r--1 Root 0 Feb 1 03:06 Running
-rw-r--r--1 root root 920 Feb 1 04:57 www.yang.com.crt
-rw-r--r--1 root root 684 Feb 1 04:54 WWW.YANG.COM.CSR
-rw-r--r--1 root root 887 Feb 1 04:52 www.yang.com.key


[Root@centos5 ~]# vi/etc/httpd/conf.d/ssl.conf Modify SSL's settings file

# when we also provide SSL we have to listen to the
# The HTTPS port in addition.
#
Listen 443

[root@centos5 ~]#/etc/rc.d/init.d/httpd Restart Restart Service
stopping httpd: [OK]
Starting httpd: [OK]

[Root@centos5 ~]# netstat-ntpl |grep 443
TCP 0 0::: 443:::* LIST

EN 10317/httpd



Note: This experiment is guided by http://www.centospub.com/make/ssl.html

Configuring SSL Virtual Hosts

#vi/etc/httpd/conf/httpd.conf

Namevirtualhost 192.168.0.20:443

Namevirtualhost 192.168.0.20:80
<virtualhost ip:192.168.0.20:443>
ServerAdmin webmaster@dummy-host.example.com
Documentroot/var/www/html
ServerName www. Yang.com

Sslengine on
Sslcertificatefile/etc/httpd/conf/www.yang.com.crt
Sslcertificatekeyfile/etc/httpd/conf/www.yang.com.key

ErrorLog Logs/dummy-www.yang.com-error_log
Customlog Logs/dummy-www.yang.com-access_log Common
</VirtualHost>
<virtualhost 192.168.0.20:443>
ServerAdmin webmaster@dummy-host.example.com
Documentroot/var/www/cgi-bin/openwebmail
ServerName mail.yang.com

Sslengine on
Sslcertificatefile/etc/httpd/conf/www.yang.com.crt
Sslcertificatekeyfile/etc/httpd/conf/www.yang.com.key

ErrorLog Logs/dummy-www.yang.com-error_log
Customlog Logs/dummy-www.yang.com-access_log Common
</VirtualHost>


#vi/etc/httpd/conf.d/ssl.conf Add the following content

Sslengine on
Sslcertificatefile/etc/httpd/conf/www.yang.com.crt
Sslcertificatekeyfile/etc/httpd/conf/www.yang.com.key

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.