CentOS生成自签名证书配置Apache https

前端之家收集整理的这篇文章主要介绍了CentOS生成自签名证书配置Apache https前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
CentOS生成自签名证书配置Apache https

apache的安装就不用说了

1.安装完apache之后,安装mod_ssl和openssl

yum install mod_ssl openssl

2.安装完成之后,配置iptables打开443端口,这时其实已经可以访问https了,但是我们看证书详情的时候显示

Issued to: localhost.localdomain
Issued by: localhost.localdomian

颁发者: localhost.localdomain
颁发给: localhost.localdomain

----------------------------------------------------------------------

下面我们生成自签证书

3.生成密钥
openssl genrsa -out test.com.key 2048

4. 生成证书请求文件,运行之后会出现一大堆要输入的东西,输入之后就生成.csr的文件

openssl req -new -key test.com.key -out test.com.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.',the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg,city) [Default City]:Beijing
Organization Name (eg,company) [Default Company Ltd]:test.com
Organizational Unit Name (eg,section) []:test
Common Name (eg,your name or your server's hostname) []:www.test.com

Email Address []:root@test.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456

An optional company name []:test

5.生成证书crt

openssl x509 -req -days 365 -in test.com.csr -signkey test.com.key -out test.com.crt

6.复制文件到相应的目录

cp test.com.crt /etc/pki/tls/certs
cp test.com.key /etc/pki/tls/private/
cp test.com.csr /etc/pki/tls/private/

7.修改配置文件

vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/test.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.com.key

8.重启apache

service httpd restart

9.这时再使用https访问,查看证书详情的时候就会看到

Issued to: www.test.com Issued by: www.test.com 颁发者: www.test.com 颁发给: www.test.com

猜你在找的CentOS相关文章