基于https的加密网站（https+ssl）

基于https的加密网站（https+ssl）

SSL协议位于TCP/IP协议与各种应用层协议之间，为数据通讯提供安全支持。SSL协议可分为两层： SSL记录协议（SSL Record
Protocol）：它建立在可靠的传输协议（如TCP）之上，为高层协议提供数据封装、压缩、加密等基本功能的支持。 SSL握手协议（SSL
Handshake
Protocol）：它建立在SSL记录协议之上，用于在实际的数据传输开始前，通讯双方进行身份认证、协商加密算法、交换加密密钥等

HTTPS服务一般是通过SSL（安全套接字层）来保证安全性的，端口号为：443

1.安装make指令

[root@qq ~]# dnf install make -y 

2.创建密匙

[root@qq ~]# cd /etc/pki/tls/certs
[root@qq certs]# make xixi.crt 

[root@qq certs]# make xixi.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > xixi.key
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................................
..................+++++
...........+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key haha.key -x509 -days 365 -out xixi.crt
Enter pass phrase for haha.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:chongqing
Locality Name (eg, city) [Default City]:yongchuan
Organization Name (eg, company) [Default Company Ltd]:123
Organizational Unit Name (eg, section) []:jiasuanji
Common Name (eg, your name or your server's hostname) []:web.baidu.com
Email Address []:admin@qq.com

3.移动密匙到默认路径

[root@qq certs]# mv xixi.key /etc/pki/tls/private/xixi.key 

4.进入httpd服务的配置文件写配置

[root@qq ~]# cd /etc/httpd/conf.d
[root@qq conf.d]# vim host.conf

在virtualhost标签内加入如下几段

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/xixi.crt
SSLCertificateKeyFile /etc/pki/tls/private/xixi.key

重启服务

[root@qq conf.d]# systemctl restart httpd