配置https虛擬主機-創(chuàng)新互聯(lián)

配置https虛擬主機

創(chuàng)新互聯(lián)專注于羅城企業(yè)網(wǎng)站建設(shè),響應(yīng)式網(wǎng)站設(shè)計,商城網(wǎng)站建設(shè)。羅城網(wǎng)站建設(shè)公司,為羅城等地區(qū)提供建站服務(wù)。全流程按需網(wǎng)站設(shè)計,專業(yè)設(shè)計,全程項目跟蹤,創(chuàng)新互聯(lián)專業(yè)和態(tài)度為您提供的服務(wù)文章目錄
  • 配置https虛擬主機
    • openssl實現(xiàn)私有CA:

openssl實現(xiàn)私有CA:

創(chuàng)建CA目錄

[root@node1 ~]# mkdir /etc/pki/CA
[root@node1 ~]# cd /etc/pki/CA
[root@node1 CA]# pwd
/etc/pki/CA
[root@node1 CA]#

CA生成一對密鑰

[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@node1 CA]# mkdir -p /etc/pki/CA/private
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................................+++++
.................................................+++++
e is 65537 (0x010001)
[root@node1 CA]# ls
private
[root@node1 CA]# ll private/
total 4
-rw------- 1 root root 1675 Dec 26 20:06 cakey.pem
[root@node1 CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue+ul0JSXudpEv3b1Uab
7/o6pudQheeyqKM9g+bNS4Y3dCwI90KWqz1HtCjgRk7ws5hdplj5r8h+3c5r8Bq5
kcrhuBOezG/5RUXNZSwH/HQH4+OCskhwD+/v/tvsMcyv5mxGVe8nUCHjTlIEXMvW
pEmWpfiRoH4o257ZtTMNhupSq14SsS4CRjv8EJxzQ0+EOqka7JcAZvczo75mnOVr
ue+lLd0l0fJDC6rGOOSiZ7THQYEJXY6BHzCMsJA1gjafOhEpmDB7zOcDW+x5CwWt
z18aX8x3cHG2TOtNpexz+KxabfTIjOTq/NjO2UdpuqCafW62j1UcI78PnAb3f9eq
jQIDAQAB
-----END PUBLIC KEY-----
[root@node1 CA]#

生成自簽署證書

[root@node1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.dianjijixu.com
Email Address []:2@233.com
[root@node1 CA]# ls
cacert.pem  private
[root@node1 CA]# mkdir certs newcerts crl
[root@node1 CA]# touch index.txt && echo 01 >serial
[root@node1 CA]# ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial
[root@node1 CA]# cat serial
01
[root@node1 CA]# mkdir -p /usr/local/apache/conf/ssl
[root@node1 CA]# cd /usr/local/apache/conf/ssl
[root@node1 ssl]# ls
[root@node1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
....................................................................+++++
.............................+++++
e is 65537 (0x010001)
[root@node1 ssl]# ls
httpd.key
[root@node1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime      
Common Name (eg, your name or your server's hostname) []:www.dianjijixu.com
Email Address []:2@233.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node1 ssl]#
[root@node1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Dec 26 12:14:38 2022 GMT
            Not After : Dec 26 12:14:38 2023 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = runtime
            organizationalUnitName    = runtime
            commonName                = www.dianjijixu.com
            emailAddress              = 2@233.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                BB:C4:DD:0D:F7:E5:02:72:A6:E5:22:12:89:D2:C6:55:B8:D3:6E:8D
            X509v3 Authority Key Identifier: 
                keyid:D6:65:E6:E7:52:9E:FB:B1:84:21:4A:5D:81:4E:00:51:6F:F4:9E:93

Certificate is to be certified until Dec 26 12:14:38 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@node1 ssl]#

取消注釋

[root@node1 ~]# cd /usr/local/apache/conf/
[root@node1 conf]# vim httpd.conf
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so //刪除#
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
# Virtual hosts
Include conf/extra/httpd-vhosts.conf  //刪除#

修改文件httpd-vhosts.conf

[root@node1 ssl]# cd ..
[root@node1 conf]# vim extra/httpd-vhosts.conf 
[root@node1 conf]# tail -17 extra/httpd-vhosts.conf 
#DocumentRoot "/usr/local/apache/htdocs/www.dianjijixu.com"
    ServerName www.dianjijixu.com
    ErrorLog "logs/www.dianjijixu.com-error_log"
    CustomLog "logs/www.dianjijixu.com-access_log" commonDocumentRoot "/usr/local/apache/htdocs/www.dianjijixu.com"
    ServerName www.dianjijixu.com
    ErrorLog "logs/www.dianjijixu.com-error_log"
    CustomLog "logs/www.dianjijixu.com-access_log" common[root@node1 conf]#

創(chuàng)建目錄 移動文件 重新啟動服務(wù)

root@node1 conf]# mkdir -p /usr/local/apache/htdocs/{www.dianjijixu.com,blog.dianjijixu.com}
[root@node1 conf]# ls /usr/local/apache/htdocs
blog.dianjijixu.com  index.html  www.dianjijixu.com
[root@node1 conf]#
[root@node1 conf]# mv /var/www/html/blog/* /usr/local/apache/htdocs/blog.dianjijixu.com/
[root@node1 conf]# mv /var/www/html/www/* /usr/local/apache/htdocs/www.dianjijixu.com/
[root@node1 conf]# apachectl stop
[root@node1 conf]# apachectl start
[root@node1 conf]#

修改httpd.conf 文件

[root@node1 conf]# vim httpd.conf 

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf 	//刪除注釋
#

#LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so //刪除注釋
#LoadModule socache_dbm_module modules/mod_socache_dbm.so

修改extra/httpd-ssl.conf的文件

[root@node1 conf]# vim extra/httpd-ssl.conf

#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/www.dianjijixu.com"
ServerName www.dianjijixu.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/www.dianjijixu.com_error_log"
TransferLog "/usr/local/apache/logs/www.dianjijixu.com_access_log"

#   SSL Engine Switch:

SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
#SSLCertificateFile "/usr/local/apache/conf/server-dsa.crt"
#SSLCertificateFile "/usr/local/apache/conf/server-ecc.crt"

SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
#SSLCertificateKeyFile "/usr/local/apache/conf/server-dsa.key"
#SSLCertificateKeyFile "/usr/local/apache/conf/server-ecc.key"

重啟服務(wù)

[root@node1 conf]# apachectl stop
[root@node1 conf]# apachectl start
[root@node1 conf]# ss -antl
State      Recv-Q     Send-Q         Local Address:Port         Peer Address:Port     Process     
LISTEN     0          128                  0.0.0.0:22                0.0.0.0:*                    
LISTEN     0          128                     [::]:22                   [::]:*                    
LISTEN     0          128                        *:443                     *:*                    
LISTEN     0          128                        *:8080                    *:*                    
LISTEN     0          128                        *:80                      *:*                    
[root@node1 conf]#

在這里插入圖片描述

你是否還在尋找穩(wěn)定的海外服務(wù)器提供商?創(chuàng)新互聯(lián)www.cdcxhl.cn海外機房具備T級流量清洗系統(tǒng)配攻擊溯源,準(zhǔn)確流量調(diào)度確保服務(wù)器高可用性,企業(yè)級服務(wù)器適合批量采購,新人活動首月15元起,快前往官網(wǎng)查看詳情吧

本文標(biāo)題:配置https虛擬主機-創(chuàng)新互聯(lián)
轉(zhuǎn)載來于:http://muchs.cn/article14/dhsgge.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供電子商務(wù)、網(wǎng)站營銷動態(tài)網(wǎng)站、ChatGPT、軟件開發(fā)、外貿(mào)建站

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)

網(wǎng)站托管運營