搭建基于https的加密服务
1.生成证书及秘钥文件
(1)[root@httpd ~]# mkdir /etc/httpd/ssl
(2)生成秘钥
[root@httpd ~]# openssl genrsa 1024 > /etc/httpd/ssl/server.key
Generating RSA private key, 1024 bit long modulus
...................................++++++
...................................++++++
e is 65537 (0x10001)
(3)通过秘钥申请证书
[root@httpd ~]# openssl req -new -key /etc/httpd/ssl/server.key > /etc/httpd/ssl/server.csr
You are about to be asked to enter information that will be incor p orated
into your certificate request.
What you are about to enter is what is called a Distinguished Nam e or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:bj
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:www.caj. c om
Email Address []:123456@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
(4)查看生成的秘钥和证书文件
[root@httpd ~]# ls /etc/httpd/ssl/
server.csr server.key
(5)签发证书文件
[root@httpd ~]# openssl req -x509 -days 365 -key /etc/httpd/ssl/s erver.key -in /etc/httpd/ssl/server.csr > /etc/httpd/ssl/server. crt
(6)再次查看生成证书文件
[root@httpd ~]# ls /etc/httpd/ssl/
server.crt server.csr server.key
2.安装mod_ssl模块
yum install -y mod_ssl
查看生成配置虚拟主机的https的配置文件
[root@httpd ~]# ls /etc/httpd/conf.d/
autoindex.conf manual.conf README ssl.conf userdir.conf welcom e.conf
3.修改ssl.conf
vim ssl.conf
修改四处:
DocumentRoot "/caj"
ServerName www.caj.com:443
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
另外,由于虚拟机配置根目录不是在/var/www/html下,所以需要添加访问/caj的权限
<Directory "/caj">
Require all granted
</Directory>
保存退出
4.查看生成的ssl.conf文件
[root@httpd ~]# cd /etc/httpd/conf.d/
[root@httpd conf.d]# ls
autoindex.conf manual.conf README ssl.conf userdir.conf welcom e.conf
5.测试服务,重启端口
[root@httpd conf.d]# httpd -t
Syntax OK
[root@httpd conf.d]# systemctl restart httpd
[root@httpd conf.d]# cd
[root@httpd ~]# ss -antp |grep httpd
LISTEN 0 128 :::80 :::* users:(("httpd",pid=6151,fd=4),("httpd",pid=6150,fd=4),(" httpd",pid=6149,fd=4),("httpd",pid=6148,fd=4),("httpd",pid=6147,fd =4),("httpd",pid=6145,fd=4))
LISTEN 0 128 :::443 :::* users:(("httpd",pid=6151,fd=6),("httpd",pid=6150,fd=6),( "httpd",pid=6149,fd=6),("httpd",pid=6148,fd=6),("httpd",pid=6147,f d=6),("httpd",pid=6145,fd=6))
6.测试:
(1)输入www.caj.com,则跳转到默认路径下的首页
7.使用url重写模块,实现域名跳转,在一个配置好的基于HTTP的任一虚拟主机标记VirtualHost中添加以下三行代码,则可以直接跳转到基于HTTPS的服务器上
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.caj.com
RewriteRule ^/(.*) https://www.caj.com [L]