武威做网站的,专门用于网页制作的软件,wordpress摘要插件,做电影网站怎样赚钱吗Linux CentOS 8#xff08;HTTPS的配置与管理#xff09; 目录 一、HTTPS 介绍二、SSL 证书的介绍三、实验配置 一、HTTPS 介绍
HTTPS 在 HTTP 的基础下加入 SSL#xff0c;SSL 是“Secure Sockets Layer”的缩写#xff0c;中文为“安全套接层”。因此 HTTPS 是以安全为目… Linux CentOS 8HTTPS的配置与管理 目录 一、HTTPS 介绍二、SSL 证书的介绍三、实验配置 一、HTTPS 介绍
HTTPS 在 HTTP 的基础下加入 SSLSSL 是“Secure Sockets Layer”的缩写中文为“安全套接层”。因此 HTTPS 是以安全为目标的 HTTP 通道在 HTTP 的基础上通过传输加密和身份认证保证了传输过程的安全性。 因此 SSL 证书的两大作用是数据加密和身份认证。
二、SSL 证书的介绍
SSL 证书遵循 SSL 协议通过在客户端浏览器和 Web 服务器之间建立一条 SSL 安全通道。一个有效、可信的 SSL 数字证书包括一个公共密钥和一个私用密钥。公共密钥用于加密信息私用密钥用于解译加密的信息。因此客户机浏览器指向一个安全域时SSL 将同步确认服务器和客户端并创建一种加密方式和一个唯一的会话密钥。它们可以启动一个保证消息的隐私性和完整性的安全会话。
三、实验配置
1、安装 openssl 软件包
[rootwww test]# yum -y install openssl2、查看openssl.cnf文件如图1-1所示。
[rootwww ~]# vim /etc/pki/tls/openssl.cnf图1-1 3、创建index.txt和serial文件
[rootwww ~]# ls /etc/pki/tls/CA ct_log_list.cnf misc openssl.cnf certs newcerts private
[rootwww ~]# touch /etc/pki/tls/index.txt
[rootwww ~]# echo 01 /etc/pki/tls/serial
[rootwww ~]# ls /etc/pki/tls/
CA ct_log_list.cnf misc openssl.cnf serial certs index.txt newcerts private 4、安装mod_ssl模块
[rootwww ~]# yum -y install mod_ssl
[rootwww ~]# ls /etc/httpd/conf.d/
autoindex.conf htpasswd httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
//生成了ssl.conf配置文件5、修改ssl.conf文件
[rootwww ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot /var/www/html
//访问的目录路径
SSLCertificateFile /etc/httpd/ssl/server.crt
//证书的路径
SSLCertificateKeyFile /etc/httpd/ssl/server.key
//证书私钥文件的路径6、生成证书 创建并切换到指定目录下ssl.conf文件中证书所在位置
[rootwww ssl]# cd /etc/httpd/ssl创建私钥文件
[rootwww ssl]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................................................................................
...................................................................................................................................
e is 65537 (0x010001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:创建证书签署请求
[rootwww ssl]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ., the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:Jan16
Organizational Unit Name (eg, section) []:Technology
Common Name (eg, your name or your servers hostname) []:www.example.com
Email Address []:www.jan16.com
Please enter the following extra attributes
to be sent with your certificate request
A challenge password []:jan16
An optional company name []:jan16创建自签证书
[rootwww ssl]# openssl req -new -x509 -key server.key -out ca.crt -days 3650
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ., the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:Jan16
Organizational Unit Name (eg, section) []:Technology
Common Name (eg, your name or your servers hostname) []:www.example.com
Email Address []:www.jan16.com 签发证书
[rootwww ssl]# openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
Signature ok
subjectC cn, ST gz, L th, O jan16, OU t, CN www.example.com, emailAddress 11.com
Getting CA Private Key
Enter pass phrase for server.key:7、重启服务
[rootwww ssl]# systemctl restart httpd
Enter TLS private key passphrase for www.example.com:443 (RSA) : **********8、验证
[rootwww httpd]# cat /var/www/html/index.html
This is my website!!显示当前网站不安全如图2-1所示。 图2-1 点击设置中的【首选项】导入证书如图2-2所示。 图2-2 点击【隐私与安全】查看证书如图2-3所示。 图2-3 点击导入如图2-4所示。 图2-4 切换到对应的目录选择ca.crt 证书如图2-5所示。 图2-5 勾选【信任由此证书颁发机构来标识网址】和【信任由此证书颁发机构来标识电子邮件用户】两个选项点击【确定】如图2-6所示。 图2-6 刷新网站能成功访问如图2-7所示。 图2-7 制作成员 何嘉愉 排版 裕新 初审 杨佳佳 复审 二月二
