Centos6.3下Apache配置基于加密的认证https加密证书访问
<p> 这里简单演示一下Apache下基于加密的认证访问----https加密方式访问。</p><p><strong>1.DNS解析解析情况:</strong></p><p>
# nslookup www.jb51.net</p><p>
Server: 192.168.2.115</p><p>
Address: 192.168.2.115#53</p><p>
Name: www.jb51.net</p><p>
Address: 192.168.2.115</p><p><strong>2.安装Apache SSL支持模块:# yum install -y mod_ssl (默认yum安装httpd是没有安装该模块的,安装后自动生产/etc/httpd/conf.d/ssl.conf文件)并生成证书。</strong></p><p>
# pwd</p><p>
/etc/pki/tls/certs</p><p>
# ls</p><p>
ca-bundle.crt index.html localhost.crt Makefile</p><p>
ca-bundle.trust.crt localhost1.crt make-dummy-cert</p><p>
# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt</p><p>
You are about to be asked to enter information that will be incorporated</p><p>
into your certificate request.</p><p>
What you are about to enter is what is called a Distinguished Name or a DN.</p><p>
There are quite a few fields but you can leave some blank</p><p>
For some fields there will be a default value,</p><p>
If you enter '.', the field will be left blank.</p><p>
-----</p><p>
Country Name (2 letter code) :CN</p><p>
State or Province Name (full name) []:510510</p><p>
Locality Name (eg, city) :GZ</p><p>
Organization Name (eg, company) :ABC.COM</p><p>
Organizational Unit Name (eg, section) []:Mr.Zhang</p><p>
Common Name (eg, your name or your server's hostname) []:www.jb51.net</p><p>
Email Address []:root@abc.com</p><p>
#</p><p><strong>3.配置Apache,基本配置这里不多说了,下面是配置www.jb51.net站点http访问的情况。</strong></p><p>
# tail -n 8 /etc/httpd/conf/httpd.conf</p><p>
NameVirtualhost 192.168.2.115:80</p><p><virtualhost www.jb51.net:80=""></virtualhost></p><p>
ServerAdmin webmaster@dummy-host.example.com</p><p>
DocumentRoot /var/www/html</p><p>
ServerName www.jb51.net</p><p>
ErrorLog logs/dummy-host.example.com-error_log</p><p>
CustomLog logs/dummy-host.example.com-access_log common</p><p><br/></p><p>
# tail /var/www/html/index.html</p><p>
www.jb51.net</p><p>
#</p><p><strong>4.配置Apache支持https访问www.jb51.net站点,编辑 vim /etc/httpd/conf.d/ssl.conf 文件,制定www.jb51.net站点https访问时的相关信息。添加下面配置。</strong></p><p><virtualhost www.jb51.net:443=""></virtualhost></p><p>
DocumentRoot "/var/www/html/www.jb51.net" #//为了显示效果,这里的站点目录不一样,一般情况一个域名应该指向同一目录的。</p><p>
ServerName www.jb51.net:443</p><p>
ErrorLog logs/ssl_error_log</p><p>
TransferLog logs/ssl_access_log</p><p>
LogLevel warn</p><p>
SSLEngine on</p><p>
SSLProtocol all -SSLv2</p><p>
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW</p><p>
SSLCertificateFile /etc/pki/tls/certs/abc_com.crt</p><p>
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key</p><p><files></files></p><p>
SSLOptions +StdEnvVars</p><p><br/></p><p><directory></directory></p><p>
SSLOptions +StdEnvVars</p><p><br/></p><p>
SetEnvIf User-Agent ".*MSIE.*" \</p><p>
nokeepalive ssl-unclean-shutdown \</p><p>
downgrade-1.0 force-response-1.0</p><p>
CustomLog logs/ssl_request_log \</p><p>
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"</p><p><br/></p><p><strong>5.重启Apache服务,测试访问。</strong></p><p><img style="max-width:100%!important;height:auto!important;" src="https://zhuji.jb51.net/uploads/img/20230519/2ac29a7423d680aa663c42736aaf7823.jpg"/></p><p>
测试http访问的结果</p><p><img style="max-width:100%!important;height:auto!important;" src="https://zhuji.jb51.net/uploads/img/20230519/5f811a53767c90e219b4ef4f530a6d8f.jpg"/></p><p>
测试https访问的结果</p><p><img style="max-width:100%!important;height:auto!important;" src="https://zhuji.jb51.net/uploads/img/20230519/4b94ca5da35ab55170cc0bdeffda43fc.jpg"/></p><p>
查看证书信息和自建crt信息一致</p><p><img style="max-width:100%!important;height:auto!important;" src="https://zhuji.jb51.net/uploads/img/20230519/64b8c506d918689db5ef1357cfef8005.jpg"/></p><p>
https访问的最终结果</p>
頁:
[1]