Centos6.3下(xià)Apache配置(zhì)基於加密的認證https加密證(zhèng)書訪問
這裏(lǐ)簡(jiǎn)單演示一(yī)下Apache下(xià)基於加密的認證(zhèng)訪問----https加密方式訪問。
1.DNS解析(xī)解析情況:
[root@localhost html]# nslookup www.chithemodel.com
Server: 192.168.2.115
Address: 192.168.2.115#53
Name: www.chithemodel.com
Address: 192.168.2.115
2.安裝Apache SSL支(zhī)持模塊:# yum install -y mod_ssl (默認(rèn)yum安裝httpd是沒有安(ān)裝該模塊的(de),安(ān)裝後(hòu)自動生(shēng)產(chǎn)/etc/httpd/conf.d/ssl.conf文件)並生成證書。
[root@localhost certs]# pwd
/etc/pki/tls/certs
[root@localhost certs]# ls
ca-bundle.crt index.html localhost.crt Makefile
ca-bundle.trust.crt localhost1.crt make-dummy-cert
[root@localhost certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:510510
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:ABC.COM
Organizational Unit Name (eg, section) []:Mr.Zhang
Common Name (eg, your name or your server's hostname) []:www.chithemodel.com
Email Address []:root@abc.com
[root@localhost certs]#
3.配置Apache,基本配置這裏不多說(shuō)了,下麵是配(pèi)置www.chithemodel.com站點(diǎn)http訪問的情況。
[root@localhost html]# tail -n 8 /etc/httpd/conf/httpd.conf
NameVirtualhost 192.168.2.115:80
<VirtualHost www.chithemodel.com:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html
ServerName www.chithemodel.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
[root@localhost html]# tail /var/www/html/index.html
www.chithemodel.com
[root@localhost html]#
4.配(pèi)置Apache支持https訪問www.chithemodel.com站點,編輯 vim /etc/httpd/conf.d/ssl.conf 文件,製定www.chithemodel.com站點https訪(fǎng)問(wèn)時的(de)相關信(xìn)息(xī)。添加(jiā)下(xià)麵配置。
<VirtualHost www.chithemodel.com:443>
DocumentRoot "/var/www/html/www.kuteatest.net" #//為了(le)顯(xiǎn)示效果,這裏的(de)站(zhàn)點目錄不(bú)一樣,一般情(qíng)況一個域名應(yīng)該指向(xiàng)同一目錄的。
ServerName www.chithemodel.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/abc_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
5.重啟Apache服務,測試訪問。
測試http訪問的結果
測試(shì)https訪問的結果
查看證書信息和自建crt信(xìn)息一(yī)致
https訪問的最終結(jié)果
關鍵詞:Centos,Apache
閱讀本文後您有什麽感(gǎn)想? 已有 人給出(chū)評價!
- 0
- 0
- 4
- 0
- 0
- 1
