admin管理员组文章数量:1631864
基本步骤:
服务器端生成证书请求发送给CA,由CA签证,
找一个主机创建一个私有CA(192.168.10.8 centos 7)
1)在 cd /etc/pki/CA的目录下生成私钥
[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
创建一个文件并且输入索引序列号为01
2)然后为自己创建一个自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:ldy Ltd
Organizational Unit Name (eg, section) []:student
Common Name (eg, your name or your server's hostname) []:ca.ldy
Email Address []:1713285328@qq
3)在服务器端(192.168.10.2 redhat linux6)
创建一个SSL目录并且在ssl目录下生成证书请求
[root@liudongyi ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
[root@liudongyi ssl]# openssl req -new -key ht
版权声明:本文标题:linux配置httpd支持https(注意SSL会话是基于IP地址创建,所以单IP的主机上,仅可以使用一个https虚拟主机) 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dongtai/1729100546a1186581.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论