標籤:linux
先安裝openssl
[[email protected] ~]# yum install openssl
搭建私人CA伺服器
修改openssl.cnf設定檔
[[email protected] ~]# vim /etc/pki/tls/openssl.cnfdir=/etc/pki/CA
建立相關的檔案
[[email protected] ~]# cd /etc/pki/CA[[email protected] ~]# makdir certs newcerts crl[[email protected] ~]# touch index.txt[[email protected] ~]# echo 01 > serial
產生一對密鑰
[[email protected] ~]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
產生自簽認證
[[email protected] ~]# openssl req -x509 -new -key private/cakey.pem -out cacert.pem -days 3650
以上CA伺服器搭建完成
Web伺服器的https的搭建如下
例如為http服務產生密鑰
[[email protected] ~]# (umask 077; openssl genrsa http.key 1024 )
產生憑證發行請求
[[email protected] ~]# openssl req -new -key http.key -out http.csr
將此請求檔案(http.csr)傳遞給CA伺服器
然後讓CA伺服器簽署此認證
[[email protected] ~]# openssl ca -in http.csr -out http.crt -days [number]
CA伺服器再將簽署好的認證發送給用戶端
對apache做相關配置,開啟SSL相關模組,啟用SSL設定檔
[[email protected] apache~]# vim conf/httpd.confInclude conf/extra/httpd-ssl.conf
修改httpd-ssl.conf檔案,建立相關虛擬機器主機和開啟SSL功能,指定SSLCertificateFile認證檔案路徑和SSLCertificatKeyFile密鑰檔案路徑。重新啟動http服務,查看是否監聽443連接埠。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
