自签名SSL证书配置教程
(1)安装mod_ssl
[root@nan83 html]# yum list|grep mod_ssl
mod_ssl.x86_64
[root@nan83 html]# yum install mod_ssl.x86_64
(2)创建CA证书
//创建rsa私用密钥
[root@nan83 ~]# cd /etc/pki/tls/certs --密钥文件的存放地方
[root@nan83 certs]# make beer.key --建立Apache使用的私钥文件
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > beer.key --其实使用的是这句创建语句
Generating RSA private key, 2048 bit long modulus
.........................................................+++
..................................................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
或使用下面语句创建:
openssl genrsa -des3 -out beer.key 1024
//查看beer.key内容
[root@nan83 certs]# openssl rsa -noout -text -in beer.key
(3)将创建的文件中的密码取消掉,不要密码存在
[root@nan83 certs]# mv beer.key beer.key.raw
[root@nan83 certs]# openssl rsa -in beer.key.raw -out beer.key
Enter pass phrase for beer.key.raw:
writing RSA key
[root@nan83 certs]# rm -f beer.key.raw
[root@nan83 certs]# chmod 400 beer.key
(4)建立所需要的最终文件
//利用CA的RSA密钥创建一个自签署的CA证书
[root@nan83 certs]# make beer.crt SERIAL=2014030601
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key beer.key -x509 -days 365 -out beer.crt -set_serial 2014030601
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HeNan
Locality Name (eg, city) [Default City]:LuoYang
Organization Name (eg, company) [Default Company Ltd]:ShiWei
Organizational Unit Name (eg, section) []:RuanJian
Common Name (eg, your name or your server's hostname) []:Lsn
Email Address []:lisn@ssr.com
[root@nan83 certs]# chmod 400 beer*
[root@nan83 certs]# ll beer*
-r-------- 1 root root 1375 3月 6 09:16 beer.crt --最终证书文件
-r-------- 1 root root 1679 3月 6 09:09 beer.key --系统私钥文件
(5)修改ssl.cof的内容,使用自制证书
[root@nan83 certs]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/beer.crt
SSLCertificateKeyFile /etc/pki/tls/certs/beer.key
测试:
在浏览器里输入“https://10.10.54.83”转载于:https://my.oschina.net/u/1454868/blog/206652
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
