step1:
step2:
step3:
[root@zh certs]# make zh.crt /编写zh.crt文件
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zh.key
Generating RSA private key, 2048 bit long modulus
....+++
..........+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zh.key -x509 -days 365 -out zh.crt
-set_serial 0
Enter pass phrase for zh.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86 /国家代码
State or Province Name (full name) []:shaanxi /省
Locality Name (eg, city) [Default City]:xi'an /市
Organization Name (eg, company) [Default Company Ltd]:openlab.cn /公司名称
Organizational Unit Name (eg, section) []:tech /部门
Common Name (eg, your name or your server's hostname) []:www.openlab.com /域名
Email Address []:openlab@openlab.cn /e-mail
[root@zh certs]# systemctl restart httpd /重启服务
Enter SSL pass phrase for www.openlab.com:443 (RSA) : ****** /输入密码
step4:编写辅配置文件
<directory /openlab>
allowoverride none
require all granted
</directory>
<directory /openlab/usr/money>
allowoverride none
require all granted
</directory>
<directory openlab/usr/students>
authtype basic
authname "pleasr put passwd"
authuserfile /etc/httpd/userfile
require user song tian
</directory>
<directory openlab/usr/data>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.111.130:80>
servername www.openlab.com
documentroot /openlab
alias /data /openlab/usr/data
alias /students /openlab/usr/students
</virtualhost>
<virtualhost 192.168.111.130:443>
sslengine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/zh.crt
SSLCertificateKeyFile /etc/pki/tls/certs/zh.key
documentroot /openlab
servername www.openlab.com
alias /money /openlab/usr/money
errorlog "/var/log/httpd/dummy-host2.example.com-error_log"customlog "/var/log/httpd/dummy- host2.example.com-access_log" common
</virtualhost>
[root@zh certs]# systemctl restart httpd /重启服务
Enter SSL pass phrase for www.openlab.com:443 (RSA) : ****** /输入密码
step5:
[root@zh certs]# htpasswd -c /etc/httpd/userfile song /为song用户编写密码
New password:
Re-type new password:
Adding password for user song
[root@zh certs]# htpasswd -c /etc/httpd/userfile tian /为tian用户编写密码
New password:
Re-type new password:
Adding password for user tian
step6:在Linux系统里添加主机
[root@zh certs]# vim /etc/hosts
127.0.0.1
localhost localhost.localdomain localhost4 local
host4.localdomain4
::1 localhost
localhost.localdomain localhost6 localhost6.localdomain6
192.168.111.130 www.openlab.com
step7: 测试
[root@zh certs]# curl http://www.openlab.com
welcome to openlab!
在Linux系统上可以基于域名访问