[root@localhost https]# openssl genrsa -aes128 2048 > zuoye.key
Generating RSA private key, 2048 bit long modulus (2 primes)..........+++++
..................................................................................................................+++++
e is 65537(0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@localhost certs]# openssl req -utf8 -new -key zuoye.key -x509 -days 100 -out zuoye.crt
Enter pass phrase for https.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:12
State or Province Name (full name)[]:12
Locality Name (eg, city)[Default City]:gz
Organization Name (eg, company)[Default Company Ltd]:12
Organizational Unit Name (eg, section)[]:12
Common Name (eg, your name or your server's hostname)[]:12
Email Address []:12
第三步、定义基于域名访问的网站配置文件
[root@localhost ~]# vim /etc/httpd/conf.d/zuoye.conf#在zuoye.conf中写入以下配置文件<virtualhost 192.168.228.130>
servername www.zuoye.com
documentroot /www/https
sslengine on
sslcertificatefile /etc/pki/tls/certs/zuoye.crt
sslcertificatekeyfile /etc/pki/tls/certs/zuoye.key
</virtualhost><directory /www/https>
allowoverride none
require all granted
</directory>
第四步、重启服务
[root@localhost certs]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA): ****