13.配置安全Web服务
为站点http://server0.example.com配置TLS加密:
- 一个已签名证书从http://classroom.example.com/pub/tls/certs/server0.crt获取
- 此证书的密钥从http://classroom.example.com/pub/tls/private/server0.key获取
- 此证书的签名授权信息从http://classroom.example.com/pub/example-ca.crt获取
[root@server0 ~]# yum -y install mod_ssl
[root@server0 ~]# cd /etc/pki/tls/certs
[root@server0 certs~]#wget http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 certs~]#wget http://classroom.example.com/pub/example-ca.crt
[root@server0 certs~]# cd ..
[root@server0 tls~]# cd private
[root@server0 private~]# wget
http://classroom.example.com/pub/tls/private/server0.key
[root@server0 private~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot “/var/www/html”
ServerName server0.example.com:443
… … #修改第 100、107、122 行,如下所示
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
[root@server0 private~]# systemctl restart httpd
[root@server0 private~]# systemctl enable httpd