目录
搭建一个基于https://www.zuoye.com访问的web网站,网站首页放在/www/https/,内容为exercise
搭建一个基于https://www.zuoye.com访问的web网站,网站首页放在/www/https/,内容为exercise
一、定义网页内容
[root@localhost ~]# echo exercise > /www/https/index.html
二、生成证书、密钥
[root@localhost certs]# openssl genrsa -aes128 2048 > zuoye.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
..................................................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@localhost certs]# openssl req -utf8 -new -key zuoye.key -x509 -days 100 -out zuoye.crt
Enter pass phrase for https.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:ce
Organizational Unit Name (eg, section) []:zuoye
Common Name (eg, your name or your server's hostname) []:www.zuoye.com
Email Address []:admin@zuoye.com
三、定义基于域名访问的网站配置文件
[root@localhost ~]# vim /etc/httpd/conf.d/zuoye.conf
#在zuoye.conf中写入以下配置文件
<virtualhost 192.168.190.133:443>
servername www.zuoye.com
documentroot /www/https
sslengine on
sslcertificatefile /etc/pki/tls/certs/zuoye.crt
sslcertificatekeyfile /etc/pki/tls/certs/zuoye.key
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
四、重启服务
[root@localhost certs]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ****
五、关闭防火墙和selinux
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive