搭建一个基于https://www.zuoye.com访问的web网站,网站首页在/www/https/,内容为exercise。
一、生成证书:
(无Makefile文件)
1、生成私钥https.key:
[root@server certs]# openssl genrsa -aes128 2048 > https.key
Generating RSA private key, 2048 bit long modulus (2 primes)
...........+++++
.......+++++
e is 65537 (0x010001)
Enter pass phrase: 456789 (密码为4-1023位)
Verifying - Enter pass phrase:
2、生成https.crt:
[root@server certs]# openssl req -utf8 -new -key https.key -x509 -days 365 -out https.crt
Enter pass phrase for https.key: 输入密码
二、生成配置文件:
[root@server conf.d]# vim /etc/httpd/conf.d/https.conf
<Virtualhost 192.168.40.120:443>
servername www.zuoye.com
documentroot /www/https
SSLEngine on (引擎)
SSLCertificateFile /etc/pki/tls/certs/https.crt
SSLCertificateKeyFile /etc/pki/tls/certs/https.key
</Virtualhost>
三、定义网页(创建文件、输入内容):
[root@server conf.d]# mkdir /www/https/
[root@server conf.d]# echo "exercise" > /www/https/index.html
[root@server conf.d]# tree /www
/www
├── ce
│ └── index.html
├── https
│ └── index.html
├── name
│ └── index.html
├── port
│ ├── 10000
│ │ └── index.html
│ └── 80
│ └── index.html
└── rcj
└── index.html
四、重启httpd
[root@server conf.d]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : 输入密码456789
五、测试:
[root@server conf.d]# curl https://192.168.40.120:443 -k
exercise
[root@server conf.d]# curl https://192.168.40.120:443 --insecure
exercise
对于证书在自己里面访问需要输入 -k 、 --insecure