Https is a secure access method. data is encrypted during transmission, and https is based on ssl.
1. install the apache and ssl modules
1. install apache
#yum install httpd
2. install the ssl module
#yum install mod_ssl
Restart apache:
#service httpd restart
After mod_ssl is installed, a default SSL certificate is created, which is located at/etc/pki/tls. now you can access the server through https:
Https://X.X.X.X/
If you do not use the default certificate, you can also use openssl to manually create a certificate.
II. manually create a certificate using openssl
1. install openssl
#yum install openssl
2. Generate the server private key
#cd /etc/pki/tls
#openssl genrsa -out server.key 1024
Note: server. key is the private key.
3. use the private key server. key file to generate the csr file of the certificate request.
#openssl req -new -key server.key -out server.csr
Note: server. csr is the certificate request file.
In this step, enter some Certificate Information:
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: shanghai
Locality Name (eg, city) [Default City]: shanghai
Organization Name (eg, company) [Default Company Ltd]: ccc
Organizational Unit Name (eg, section) []: bbb
Common Name (eg, your name or your server's hostname) []: www.test.com
Email Address []: a@a.com
Enter the country, province, city, company, department, name, server name, and email address. then, you need to enter a challengepassword (password). you do not need to enter the password, and press enter directly.
4. generate a digital signature crt File (Certificate file)
#openssl x509 -days 365 -req -in server.csr -signkey server.key -outserver.crt
Sign the certificate request file with the private key. Both the certificate applicant and the issuing authority are themselves.
5. edit the ssl configuration file of apachevim/etc/httpd/conf.d/ssl.conf
The configuration of the/etc/httpd/conf. d/ssl. conf file is as follows:
DocumentRoot "/var/www/https" // sets the webpage storage directory
ServerName *: 443 // server port
DirectoryIndex index.html. var // homepage name
SSLEngine on
SSLCertificateFile/etc/pki/tls/server. crt // certificate
SSLCertificateKeyFile/etc/pki/tls/server. key // private key
6. restart apache
#servicehttpd restart
Access https: // ip/to view the certificate information.
Because it is not a certificate issued by a third-party root certificate authority, but a self-issued certificate, the browser will prompt that the security certificate is untrusted.
!!! Note: The file permission of index.html on the first page is 755. Otherwise, the following message is displayed:
Forbidden
Youdon't have permission to access/main.html on this server.
Solution: modify the ACL of index.html on the first page.
# Chmod755 index.html
Additional instructions on openssl commands:
# Openssl [operation]-out filename [bits]
Parameter description:
[Operation] there are two main operations:
Create an RSA-encrypted Public key
Req: Create a credential file or a credential file.
-Out, followed by the output file name, that is, the key name
Bits, used for the length of the genrsa-encrypted public key
-X509, X.509, and CertificateData Management: a verification Management method.
For example, create a Public Key with a length of 1024bits. pay attention to the file name.
# Openssl genrsa-out Server. key 1024
Certificate generation request command:
# Openssl req-new-key file. key-out file. csr-config/path/to/openssl. cnf
-Config: specifies the path of the openssl configuration file. If this parameter is not specified, the default path in Unix format is/usr/local/ssl/openssl. cnf by default.
Example :#openssl req -new -key server.key -outserver.csr
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
