自動目錄
要讓網頁支援SSL,先決條件,你得申請或購買SSL的憑證,取回的憑證會有以下檔案。
放置憑證檔
/etc/pki/tls/certs/
root.cer, server.cer, server-chain.cer(不一定有中繼憑證)
/etc/pki/tls/private/
privatekey.key
編輯 ssl.conf
# vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/server.cer
SSLCertificateKeyFile /etc/pki/tls/private/privatekey.key
SSLCACertificateFile /etc/pki/tls/certs/root.cer
# 中繼視情況加上,無則省略
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SELINUX 設置
上面的所有憑證檔案,你都得給他們 cert_t 的type
# chcon -u system_u -t cert_t *.cer
# chcon -u system_u -t cert_t privatekey.key
如果沒設置SELINUX,重啟APACHE後,會出現這樣的錯誤,竟然系統說找不到檔案??
11月 20 00:55:40 example.com httpd[21960]: AH00526: Syntax error on line 102 of /etc/httpd/conf.d/ssl.conf:
11月 20 00:55:40 example.com httpd[21960]: SSLCertificateFile: file '/etc/pki/tls/certs/server.cer' does not exist or is empty
防火牆
# firewall-cmd --zone=public --add-port=443/tcp --permanent
HTTP指定到HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
重啟 APACHE
相關連結