[Root @ centos5 ~] # Yum-y install mod_ssl online
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* Base: centos.candishosting.com.cn
* Updates: 2.16.khlug.org
* Addons: centos.candishosting.com.cn
* Extras: centos.candishosting.com.cn
Setting up install process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i386. 2.3-11. el5_2.centos.4 set to be updated
--> Processing dependency: libdistcache. so.1 for package: mod_ssl
--> Processing dependency: libnal. so.1 for package: mod_ssl
--> Running transaction check
---> Package distcache. i386. 4.5-14.1 set to be updated
--> Finished dependency resolution
Dependencies resolved
========================================================== ============================================
Package arch version repository size
========================================================== ============================================
Installing:
Mod_ssl i386. 2.3-11. el5_2.centos.4 updates
85 K
Installing for dependencies:
Distcache i386 1.4.5-14.1 base 119 K
Transaction Summary
========================================================== ============================================
Install 2 package (s)
Update 0 package (s)
Remove 0 package (s)
Total download size: 204 K
Downloading packages:
(1/2): mod_ssl-2.2.3-11.e 100% | =========================| 85 KB
(2/2): distcache-1.4.5-14 100% | =========================| 119 KB
Running rpm_check_debug
Running transaction Test
Finished transaction Test
Transaction test succeeded
Running transaction
Installing: distcache ######################### [1/2]
Installing: mod_ssl ######################## [2/2]
Installed: mod_ssl.i386. 2.3-11. el5_2.centos.4
Dependency installed: distcache. i386. 4.5-14.1
Complete!
[Root @ centos5 ~] # Cd/etc/httpd/conf enter the directory where the HTTP server configuration file is located
[Root @ centos5 conf] # rm-rf ssl. */server. * delete default or residual server certificate files
[Root @ centos5 ~] # Rpm-Qa | grep OpenSSL
Openssl-0.9.8b-10.el5
[Root @ centos5 ~] # OpenSSL genrsa-out www.yang.com. Key 1024 create a server key
Generating RSA private key, 1024 bit long Modulus
........................................ ................... ++
. ++
E is 65537 (0x10001)
[Root @ centos5 ~] # OpenSSL req-New-key www.yang.com. Key-out www.yang.com. CSR create the server Public Key
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a distinguished name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country name (2 letter code) [GB]: Om input country name
State or province name (full name) [Berkshire]: Fuzhou input province name
Locality name (eg, city) [Newbury]: fou input city name
Organization Name (eg, company) [My Company Ltd]: Yang enter the Organization Name (any)
Organizational unit name (eg, section) []: Press enter if WWW is not input.
Common name (eg, your name or your server's hostname) []: www.yang.com)
Email Address []: admin@yang.com enter email address
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: Do not enter it. Press enter.
An optional company name []: Press ENTER
[Root @ centos5 ~] # Ls-l
Total 68
-RW ------- 1 Root 986 Jan 31 anaconda-ks.cfg
Drwxr-XR-x 2 root Root 4096 Feb 1 desktop
-RW-r -- 1 Root 0 Feb 1 0:06 finished
-RW-r -- 1 Root 15078 Jan 31 23:54 install. Log
-RW-r -- 1 Root 2876 Jan 31 23:53 install. log. Syslog
-RW-r -- 1 Root 0 Feb 1 0:06 package
-RW-r -- 1 Root 0 Feb 1 0:06 Processing
-RW-r -- 1 Root 0 Feb 1 0:06 running
-RW-r -- 1 Root 684 Feb 1 04:54 www.yang.com. CSR
-RW-r -- 1 Root 887 Feb 1 04:52 www.yang.com. Key
[Root @ centos5 ~] # OpenSSL X509-req-days 365-In www.yang.com. CSR-signkey www.yang.com. Key-out www.yang.com. CRT create a server certificate
Signature OK
Subject =/C = OM/ST = Fuzhou/L = fou/o = Yang/ou = www/CN = www.yang.com/emailaddress=admin@ yang.com
Getting Private Key
[Root @ centos5 ~] # Ll
Total 72
-RW ------- 1 Root 986 Jan 31 anaconda-ks.cfg
Drwxr-XR-x 2 root Root 4096 Feb 1 desktop
-RW-r -- 1 Root 0 Feb 1 0:06 finished
-RW-r -- 1 Root 15078 Jan 31 23:54 install. Log
-RW-r -- 1 Root 2876 Jan 31 23:53 install. log. Syslog
-RW-r -- 1 Root 0 Feb 1 0:06 package
-RW-r -- 1 Root 0 Feb 1 0:06 Processing
-RW-r -- 1 Root 0 Feb 1 0:06 running
-RW-r -- 1 Root 920 Feb 1 04:57 www.yang.com. CRT
-RW-r -- 1 Root 684 Feb 1 04:54 www.yang.com. CSR
-RW-r -- 1 Root 887 Feb 1 04:52 www.yang.com. Key
[Root @ centos5 ~] # Vi/etc/httpd/CONF. d/SSL. conf modify the SSL setting file
# When we also provide SSL we have to listen to
# The HTTPS port in addition.
#
Listen 443.
[Root @ centos5 ~] #/Etc/rc. d/init. d/httpd restart the service
Stopping httpd: [OK]
Starting httpd: [OK]
[Root @ centos5 ~] # Netstat-ntpl | grep 443
TCP 0 0 ::: 443 ::: * List
En 10317/httpd
Note: This experiment is guided by http://www.centospub.com/make/ssl.html.
Configure an SSL Virtual Host
# Vi/etc/httpd/CONF/httpd. conf
Namevirtualhost 192.168.0.20: 443
Namevirtualhost 192.168.0.20: 80
<Virtualhost IP: 192.168.0.20: 443>
Serveradmin webmaster@dummy-host.example.com
DocumentRoot/var/www/html
Servername www. yang.com
Sslengine on
Sslcertificatefile/etc/httpd/CONF/www.yang.com. CRT
Sslcertificatekeyfile/etc/httpd/CONF/www.yang.com. Key
Errorlog logs/dummy-www.yang.com-error_log
Customlog logs/dummy-www.yang.com-access_log common
</Virtualhost>
<Virtualhost 192.168.0.20: 443>
Serveradmin webmaster@dummy-host.example.com
DocumentRoot/var/www/cgi-bin/openwebmail
Servername mail.yang.com
Sslengine on
Sslcertificatefile/etc/httpd/CONF/www.yang.com. CRT
Sslcertificatekeyfile/etc/httpd/CONF/www.yang.com. Key
Errorlog logs/dummy-www.yang.com-error_log
Customlog logs/dummy-www.yang.com-access_log common
</Virtualhost>
# Vi/etc/httpd/CONF. d/SSL. conf Add the following content
Sslengine on
Sslcertificatefile/etc/httpd/CONF/www.yang.com. CRT
Sslcertificatekeyfile/etc/httpd/CONF/www.yang.com. Key