搭建一个基于https://www.zuoye.com访问的web网站。网站首页在/www/https/,内容为exercise。
(一)检查是否安装http服务
[root@server conf.d]# rpm -qa httpd
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64
[root@server conf.d]#
(二)创建首页
[root@server conf.d]# mkdir -pv /www/https/
mkdir: created directory '/www/https/'
[root@server conf.d]# echo "Excise" > /www/https/index.html
[root@server conf.d]# cat /www/https/index.html
Excise
[root@server conf.d]#
(三)安装openssl服务和mod_ssl
[root@server conf.d]# yum install -y openssl
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:28:23 ago on Sat 19 Nov 2022 11:20:51 PM +08.
Package openssl-1:1.1.1c-15.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@server conf.d]#
[root@server conf.d]# yum install -y mod_ssl
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:31:18 ago on Sat 19 Nov 2022 11:20:51 PM +08.
Dependencies resolved.
==================================================================================================================================================================================================================
Package Architecture Version Repository Size
==================================================================================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-21.module+el8.2.0+5008+cca404a3 Appstream 132 k
Transaction Summary
==================================================================================================================================================================================================================
Install 1 Package
Total size: 132 k
Installed size: 262 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64 1/1
Installed products updated.
Installed:
mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64
Complete!
[root@server conf.d]# rpm -ql | grep etc
(四)创建证书和私钥
[root@server certs]# openssl genrsa -aes128 2048 > exercise.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
..........................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server certs]# openssl -new req -utf8 -key exercise.key -x509 -days 365 -out exercise.crt
Invalid command '-new'; type "help" for a list.
[root@server certs]# openssl req -new -utf8 -key exercise.key -x509 -days 365 -out exercise.crt
Enter pass phrase for exercise.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:CS
Organization Name (eg, company) [Default Company Ltd]:sangfor
Organizational Unit Name (eg, section) []:CTI
Common Name (eg, your name or your server's hostname) []:www.zuoye.com
Email Address []:123456@qq.com
[root@server certs]# ll
total 8
lrwxrwxrwx. 1 root root 49 Oct 19 2019 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Oct 19 2019 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1399 Nov 20 00:01 exercise.crt
-rw-r--r--. 1 root root 1766 Nov 19 23:58 exercise.key
(五)http的conf配置文件
[root@server conf.d]# vim exercise.conf
[root@server conf.d]# cat exercise.conf
<VirtualHost 10.10.0.128:443>
servername www.zuoye.com
DocumentRoot /www/https/
SSLengine on
SSLCertificateKeyFile /etc/pki/tls/certs/exercise.key
SSLCertificateFile /etc/pki/tls/certs/exercise.crt
</VirtualHost>
<Directory /www/https/>
allowoverride none
require all granted
</Directory>
[root@server conf.d]#
(六)重启httpd服务
[root@server conf.d]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ******
[root@server conf.d]#
测试结果:
01)用ip登录访问页面
02)用域名登录访问网页