- 安装
mod_ssl
软件包
bash
[root@localhost conf.d]# dnf install mod_ssl -y
此时查看监听端口多了一个443端口
- 自己构造证书
bash
[root@localhost conf.d]# cd /etc/pki/tls/certs/
[root@localhost certs]# openssl genrsa > jiami.key
[root@localhost certs]# openssl req -utf8 -new -key jiami.key -x509 -days 100 -out jiami.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shaaxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:rhce
Organizational Unit Name (eg, section) []:peihua
Common Name (eg, your name or your server's hostname) []:www.hehe.com
Email Address []:admin@hehe.com
[root@localhost certs]# mv jiami.key ../private/
[root@localhost certs]# cd -
/etc/httpd/conf.d
[root@localhost conf.d]# ll
total 32
-rw-r--r--. 1 root root 2916 Jul 20 2023 autoindex.conf
-rw-r--r--. 1 root root 400 Jul 20 2023 README
-rw-r--r--. 1 root root 8720 Jul 20 2023 ssl.conf
-rw-r--r--. 1 root root 1252 Jul 20 2023 userdir.conf
-rw-r--r--. 1 root root 1171 Jul 5 15:41 vhost.conf
-rw-r--r--. 1 root root 653 Jul 20 2023 welcome.conf
修改配置文件
bash
[root@localhost conf.d]# vim ssl.conf
重启服务
bash
[root@localhost conf.d]# systemctl restart httpd
测试
- 在vhost.conf配置文件中添加信息
- 测试
之前在/www/hehe/index.html
里写的东西现在还都能访问,证书也构造成功。
在本地访问需要在本地解析文件中添加www.hehe.com主机名
bash
[root@localhost conf.d]# vim /etc/hosts
bash
[root@localhost conf.d]# curl -k https://www.hehe.com
welcome to hehe