配置https虚拟主机
openssl实现私有CA:
创建CA目录
[root@node1 ~]# mkdir /etc/pki/CA
[root@node1 ~]# cd /etc/pki/CA
[root@node1 CA]# pwd
/etc/pki/CA
[root@node1 CA]#
CA生成一对密钥
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@node1 CA]# mkdir -p /etc/pki/CA/private
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................................+++++
.................................................+++++
e is 65537 (0x010001)
[root@node1 CA]# ls
private
[root@node1 CA]# ll private/
total 4
-rw------- 1 root root 1675 Dec 26 20:06 cakey.pem
[root@node1 CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue+ul0JSXudpEv3b1Uab
7/o6pudQheeyqKM9g+bNS4Y3dCwI90KWqz1HtCjgRk7ws5hdplj5r8h+3c5r8Bq5
kcrhuBOezG/5RUXNZSwH/HQH4+OCskhwD+/v/tvsMcyv5mxGVe8nUCHjTlIEXMvW
pEmWpfiRoH4o257ZtTMNhupSq14SsS4CRjv8EJxzQ0+EOqka7JcAZvczo75mnOVr
ue+lLd0l0fJDC6rGOOSiZ7THQYEJXY6BHzCMsJA1gjafOhEpmDB7zOcDW+x5CwWt
z18aX8x3cHG2TOtNpexz+KxabfTIjOTq/NjO2UdpuqCafW62j1UcI78PnAb3f9eq
jQIDAQAB
-----END PUBLIC KEY-----
[root@node1 CA]#
生成自签署证书
[root@node1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your