//需要关闭SELinux 或者 将Enforcing改为 permissive 模式
[root@localhost certs]# setenforce 0
[root@localhost certs]# getenforce
Permissive
/*SSL建立过程
三次握手 协商算法 服务器发送证书给客户端 客户端生成对称密钥 客户端发送http请求服务器通过对称密钥加密后把网页送到客户端*/
//安装模块
rpm -ql mod_ssl
//查看安装的文件
rpm -ql mod_ssl
//制作证书和密钥文件的路径
cd /etc/pki/tls/certs
[root@localhost certs]# make google.crt
Enter pass phrase:
Verifying - Enter pass phrase:
Enter pass phrase for google.key:
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanan^H^H^H
Locality Name (eg, city) [Default City]:yanan
Organization Name (eg, company) [Default Company Ltd]:'yanda
Organizational Unit Name (eg, section) []:daxue
Common Name (eg, your name or your server's hostname) []:gg
Email Address []:1111
[root@localhost certs]# ll
-rw-------. 1 root root 1342 11月 19 18:33 google.crt
-rw-------. 1 root root 1766 11月 19 18:31 google.key
[root@localhost certs]# vim /etc/httpd/conf.d/vhost.conf
<directory "/www">
allowoverride none
require all granted
</directory>
<virtualhost 169.254.118.128:443>
servername www.google.com
documentroot /www/google
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/google.crt
SSLCertificateKeyFile /etc/pki/tls/certs/google.key
</virtualhost>
//修改hosts
C:\Windows\System32\drivers\etc
//添加 169.254.118.128 www.google.com
[root@localhost certs]# systemctl restart httpd
Enter SSL pass phrase for www.google.com:443 (RSA) : ******
//输入之前制作证书设置的密码
//重启ok
//浏览器输入https://www.google.com显示结果