Centos6.3下Apache配置基于加密的認(rèn)證https加密證書訪問

這里簡單演示一下Apache下基于加密的認(rèn)證訪問----https加密方式訪問。
1.DNS解析解析情況:
[root@localhost html]# nslookup www.downcc.com
Server: 192.168.2.115
Address: 192.168.2.115#53
Name: www.downcc.com
Address: 192.168.2.115
2.安裝Apache SSL支持模塊:# yum install -y mod_ssl (默認(rèn)yum安裝httpd是沒有安裝該模塊的,安裝后自動(dòng)生產(chǎn)/etc/httpd/conf.d/ssl.conf文件)并生成證書。
[root@localhost certs]# pwd
/etc/pki/tls/certs
[root@localhost certs]# ls
ca-bundle.crt index.html localhost.crt Makefile
ca-bundle.trust.crt localhost1.crt make-dummy-cert
[root@localhost certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:510510
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:ABC.COM
Organizational Unit Name (eg, section) []:Mr.Zhang
Common Name (eg, your name or your server's hostname) []:www.downcc.com
Email Address []:root@abc.com
[root@localhost certs]#
3.配置Apache,基本配置這里不多說了,下面是配置www.downcc.com站點(diǎn)http訪問的情況。
[root@localhost html]# tail -n 8 /etc/httpd/conf/httpd.conf
NameVirtualhost 192.168.2.115:80
<VirtualHost www.downcc.com:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html
ServerName www.downcc.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
[root@localhost html]# tail /var/www/html/index.html
www.downcc.com
[root@localhost html]#
4.配置Apache支持https訪問www.downcc.com站點(diǎn),編輯 vim /etc/httpd/conf.d/ssl.conf 文件,制定www.downcc.com站點(diǎn)https訪問時(shí)的相關(guān)信息。添加下面配置。
<VirtualHost www.downcc.com:443>
DocumentRoot "/var/www/html/www.kuteatest.net" #//為了顯示效果,這里的站點(diǎn)目錄不一樣,一般情況一個(gè)域名應(yīng)該指向同一目錄的。
ServerName www.downcc.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/abc_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
5.重啟Apache服務(wù),測(cè)試訪問。
測(cè)試http訪問的結(jié)果
測(cè)試https訪問的結(jié)果
查看證書信息和自建crt信息一致
https訪問的最終結(jié)果
相關(guān)文章
IE打開https網(wǎng)站時(shí),提示此網(wǎng)站的安全證書有問題(證書無效)
調(diào)用IE來打開對(duì)應(yīng)的網(wǎng)頁問題,但是在實(shí)際測(cè)試中,有些網(wǎng)站是采用https協(xié)議的,這時(shí)候IE瀏覽器會(huì)彈出如下窗口,一般手動(dòng)選擇后,才可進(jìn)入登錄界面,那么該如何解決呢2018-09-06HTTPS SSL證書申請(qǐng),為何HTTPS成為互聯(lián)網(wǎng)焦點(diǎn)
HTTPS SSL證書申請(qǐng),為何HTTPS成為互聯(lián)網(wǎng)焦點(diǎn)?本文通過HTTPS對(duì)比HTTP優(yōu)勢(shì)分析,告訴你HTTP變更HTTPS之挑戰(zhàn)2017-04-19fiddler如何清除證書? Fiddler https證書清除圖文教程
Fiddler是一個(gè)http協(xié)議調(diào)試代理工具,它能夠記錄并檢查所有你的電腦和互聯(lián)網(wǎng)之間的http通訊,打開主界面,就可在里面進(jìn)行相關(guān)的操作,那么fiddler如何清除證書呢?下面就詳2017-03-16360瀏覽器訪問https加密格式提示證書風(fēng)險(xiǎn)怎么解決
不知道大家有沒有遇到過,用360瀏覽器打開一個(gè)網(wǎng)頁的時(shí)候,出現(xiàn)證書風(fēng)險(xiǎn),而且頁面顯示錯(cuò)誤的情況,很多朋友可能會(huì)覺得是不是網(wǎng)絡(luò)不安全,其實(shí)你大可不必緊張,下面腳本之2016-03-15Mac Chrome打開HTTPS證書錯(cuò)誤問題解決方法
在chrome下中總提示該網(wǎng)站的安全證書不受信任,下面有個(gè)不錯(cuò)的解決方法,大家可以嘗試操作下2014-05-04- Vista系統(tǒng)還是XP系統(tǒng)下的IE7,由于它的安全防范意識(shí)有很大提高,對(duì)于非法站點(diǎn)和安全加密站點(diǎn)的過濾都比較苛刻,所以在IE7下訪問https這種通過SSL協(xié)議加密的網(wǎng)站都會(huì)出2008-10-20
進(jìn)行https證書申請(qǐng)安裝和tomcat https證書安裝的方法
對(duì)于https證書,想必大家已經(jīng)非常熟悉了,這是一種可以保護(hù)網(wǎng)站安全的證書,以https開頭的網(wǎng)站都是具有這一證書的網(wǎng)站。今天給大家介紹怎樣進(jìn)行https證書申請(qǐng)安裝和tomcat2019-10-31