Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to configure encryption-based authentication https encryption certificate access for Apache under Centos6.3

2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

I hope it will be helpful for you to answer the doubt of "how to configure Apache based on encryption authentication https encryption certificate access under Centos6.3"! Next, please follow the editor to study!

1.DNS resolution:

[root@localhost html] # nslookup www.downcc.com

Server: 192.168.2.115

Address: 192.168.2.115#53

Name: www.downcc.com

Address: 192.168.2.115

two。 Install Apache SSL support module: # yum install-y mod_ssl (default yum installation httpd is not installed, automatically produce / etc/httpd/conf.d/ssl.conf file after installation) and generate certificate.

[root@localhost certs] # pwd

/ etc/pki/tls/certs

[root@localhost certs] # ls

Ca-bundle.crt index.html localhost.crt Makefile

Ca-bundle.trust.crt localhost1.crt make-dummy-cert

[root@localhost certs] # openssl req-utf8-new-key.. / private/localhost.key-x509-days 3650-out abc_com.crt

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: 510510

Locality Name (eg, city) [Default City]: GZ

Organization Name (eg, company) [Default Company Ltd]: ABC.COM

Organizational Unit Name (eg, section) []: Mr.Zhang

Common Name (eg, your name or your server's hostname) []: www.downcc.com

Email Address []: root@abc.com

[root@localhost certs] #

3. Configure Apache, the basic configuration is not said here, the following is the configuration of www.downcc.com site http access.

[root@localhost html] # tail-n 8 / etc/httpd/conf/httpd.conf

NameVirtualhost 192.168.2.115:80

ServerAdmin webmaster@dummy-host.example.com

DocumentRoot / var/www/html

ServerName www.downcc.com

ErrorLog logs/dummy-host.example.com-error_log

CustomLog logs/dummy-host.example.com-access_log common

[root@localhost html] # tail / var/www/html/index.html

Www.downcc.com

[root@localhost html] #

4. Configure Apache to support https access to www.downcc.com sites, edit vim / etc/httpd/conf.d/ssl.conf files, and formulate information related to https access to www.downcc.com sites. Add the following configuration.

DocumentRoot "/ var/www/html/www.kuteatest.net" # / / in order to show the effect, the site directory here is different. In general, a domain name should point to the same directory.

ServerName www.downcc.com:443

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all-SSLv2

SSLCipherSuite all, "ADH," export, "SSLv2," RC4, "RSAV,"HIGH,"Medu,"low."

SSLCertificateFile / etc/pki/tls/certs/abc_com.crt

SSLCertificateKeyFile / etc/pki/tls/private/localhost.key

SSLOptions + StdEnvVars

SSLOptions + StdEnvVars

SetEnvIf User-Agent ". * MSIE.*"\

Nokeepalive ssl-unclean-shutdown\

Downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log\

"t% h% {SSL_PROTOCOL} x% {SSL_CIPHER} x\" r\ "% b"

5. Restart the Apache service and test the access.

Test the results of http access

Test the results of https access

View certificate information is consistent with self-built crt information

Final result of https visit

At this point, on the "Centos6.3 Apache how to configure encryption-based authentication https encryption certificate access" on the end of the study, I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report