Redhat7 配置https
分为自签名证书和第3方证书(此时实验为第3方,自签名略)
安装:
# yum install httpd mod_ssl
生成key:
# openssl genrsa 2048 > www.key
生成请求csr:
# openssl req –new –key www.key –out www.csr (下面看着写,主机名处要准确,其它可准可不准)
CA端(将.csr转换为.crt):
# openssl ca –in /var/www.csr –out /var/www.crt
针对考试(会有3个文件:www.key、www.crt、example-ca.crt)
# vi /etc/httpd/conf.d/ssl.conf (将默认的改掉即可)
Servername www.example.com:443
SSLCertificateFile /etc/pki/tls/certs/www.crt
SSLCertificateKeyFile /etc/pki/tls/certs/www.key
SSLCertificateChainFile /etc/pki/tls/certs/exsample-ca.crt
:wq
# systemctl start httpd
# systemctl enable httpd
# restorcon /etc/pki/tls/certs/*.crt
# restorcon /etc/pki/tls/certs/*.key
# firewall-cmd –permanet –add-service=http
# firewall-cmd –permanet –add-service=https
客户端访问(若在公网有做第3方认证可不用做下面操作):
导入根证书:浏览器-Edit-Preferences-Advanced-Cerificates-ViewCertificates-Authorities—Import-勾选Trust this CA to identify websites –OK
# vi /etc/hosts
10.0.0.2 www.example.com
:wq
访问:https://www.example.com(必须用域名访问,ip不行)