(1-1) 了解系統版本現況 #openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 # uname -a Linux localhost.localdomain 3.19.8 #1 SMP Fri Jan 8 12:41:11 CST 2016 i686 i686 i386 GNU/Linux (1-2)建立設定檔目錄 #mkdir /etc/httpd/ssl #cd /etc/httpd/ssl (2-1)編輯設定檔 # vi ssl.conf (2-2)顯示設定檔 # cat ssl.conf
(3)建立ssl金鑰server.key及ssl自簽憑證server.crt # openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf # ls -l (4-1)裝ca-certificates # yum install ca-certificates Updated: (4-3)# cp server.crt /etc/pki/ca-trust/source/anchors/
(5)安裝mod_ssl模組 # yum install mod_ssl : Installed: (6-1)# ls /etc/httpd/conf.d/ssl.conf -l (6-2)# vi /etc/httpd/conf.d/ssl.conf : # General setup for the virtual host, inherited from global configuration SSLProtocol all -SSLv2 -SSLv3 : SSLCertificateFile /etc/httpd/ssl/server.crt SSLCertificateKeyFile /etc/httpd/ssl/server.key (7)# ls -l /etc/httpd/ssl/
(8)# vi /usr/local/apache2/conf/httpd.conf : Include conf/extra/httpd-ssl.conf : :
(9)# vi /usr/local/apache2/conf/extra/httpd-ssl.conf : SSLCertificateFile "/etc/httpd/ssl/server.crt": SSLCertificateKeyFile "/etc/httpd/ssl/server.key" : (10)重啟httpd /usr/local/apache2/bin/apachectl restart (11)用firefox連https://insecta.idv.tw 成功,截圖如下:
REF0:http://blog.davidou.org/archives/1206 REF1:https://www.opencli.com/linux/rhel-centos-7-install-apache-mod_ssl |