需要下載httpd模塊:yum install httpd -y
前提需要先搭建一個虛擬主機來測試證書創建的效果,以下面www.hehe.com為例,可以參考創建:
[root@localhost conf.d]# vim vhost.conf
<directory /www>
allowoverride none
require all granted
</directory><virtualhost 192.168.54.131:443> #端口要改為443
documentroot /www/hehe
servername www.hehe.com
alias /hehe /usr/local/mysecret #目錄別名
</virtualhost>虛擬主機創建完成后,再去創建對應的目錄和文件,以及寫入網頁的內容:
[root@localhost conf.d]# mkdir /www/hehe
[root@localhost conf.d]# echo "hehe" >/www/hehe/index.html在虛擬機本地解析和Windows本地解析文件中添加這條域名解析(虛擬機在/etc/hosts ,Windows在C:\Windows\System32\drivers\etc):
192.168.54.131 www.hehe.com
我們可以給www.hehe.com創建證書,具體創建證書步驟如下:
1.下載mod_ssl模塊
[root@localhost conf.d]# yum install -y mod_ssl
2.生成密鑰
[root@localhost certs]# openssl genrsa > jiami.key
3.移動密鑰到/etc/pki/tls/private/
[root@localhost certs]# mv jiami.key ../private/
4.返回到certs目錄下創建證書
[root@localhost certs]# openssl req -utf8 -new -key ../private/jiami.key -x509 -days 100 -out jiami.crt
Country Name (2 letter code) [XX]:86 #證書的地區:86 中國
State or Province Name (full name) []:rhce?
Locality Name (eg, city) [Default City]:shaaxi?
Organization Name (eg, company) [Default Company Ltd]:xi'an #組織
Organizational Unit Name (eg, section) []:peihua #組織單位
Common Name (eg, your name or your server's hostname) []:www.hehe.com #給證書的域名
Email Address []:anmin@hehe.com #郵箱
5.修改ssh.conf配置文件,內容如下:
[root@localhost certs]# vim /etc/httpd/conf.d/ssl.conf
#將密鑰文件的目錄改一下
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key注意:在配置文件中找到這兩行修改一下就行,不用修改其他的內容
?
6.關閉防火墻,重啟服務
[root@localhost certs]# systemctl stop firewall.server
[root@localhost certs]# systemctl restart httpd
7.瀏覽器訪問,查看證書
https://www.hehe.com/
8.如果要顯示hehe頁面內容,需要單獨為這個虛擬主機配置,如下:
[root@localhost conf.d]# vim vhost.conf?
<directory /www>
allowoverride none
require all granted
</directory><virtualhost 192.168.54.131:443> #端口要改為443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key
documentroot /www/hehe
servername www.hehe.com
alias /hehe /usr/local/mysecret
</virtualhost>
重啟服務就可以了(systemctl restart)
)
— 開發環境搭建)
