CentOS生成自簽名證書配置Apache https

apache的安裝就不用說了

1.安裝完apache之后，安裝mod_ssl和openssl

yum install mod_ssl openssl

2.安裝完成之后，配置iptables打開443端口, 這時其實已經可以訪問https了，但是我們看證書詳情的時候顯示

Issued to: localhost.localdomain
Issued by: localhost.localdomian

頒發者: localhost.localdomain
頒發給: localhost.localdomain

----------------------------------------------------------------------

下面我們生成自簽證書

3.生成密鑰
openssl genrsa -out test.com.key 2048

4. 生成證書請求文件，運行之后會出現一大堆要輸入的東西，輸入之后就生成.csr的文件了

openssl req -new -key test.com.key -out test.com.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:www.test.com

Email Address []:root@test.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456

An optional company name []:test

5.生成證書crt

openssl x509 -req -days 365 -in test.com.csr -signkey test.com.key -out test.com.crt

6.復制文件到相應的目錄

cp test.com.crt /etc/pki/tls/certs
cp test.com.key /etc/pki/tls/private/
cp test.com.csr /etc/pki/tls/private/

7.修改配置文件

vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/test.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.com.key

8.重啟apache

service httpd restart

9.這時再使用https訪問，查看證書詳情的時候就會看到

Issued to: www.test.com
Issued by: www.test.com

頒發者: www.test.com
頒發給: www.test.com

總結

以上是生活随笔為你收集整理的CentOS生成自签名证书配置Apache https的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。