In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Experimental environment:
CentOS 7
Httpd-2.4.6-40.el7.centos.x86_64
Need
Openssl,mod_ssl
Install (directly yum):
[root@localhost pki] # yum install httpd openssl mod_ssl-y
After installation, you can access the local computer and test the httpd server.
Mine is http://192.168.1.102/index.html.
Next modify / etc/httpd/conf.d/ssl.conf
Find it under
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/ var/www/html"
ServerName www.example.com:443
Uncomment the above two lines and save them.
Just restart the httpd service.
You can access it using https://192.168.1.102/index.html.
Of course, the first visit prompts for untrusted certificates because no certificate is issued by CA.
The solution to the experimental environment is to create a private CA and issue a certificate to the httpd or choose to add trust to continue the access.
The steps for issuing the certificate are as follows:
(1) generate a private key
# (umask 077; openssl genrsa-out / etc/pki/CA/private/cakey.pem 4096)
(2) generate self-signed certificate
# openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem-days 365
-new: generate a new certificate signing request
-x509: generates a self-signed certificate designed to be used when creating a private CA
-key: the private file path used to generate the request
-out: the path to the generated request file; if the self-signed operation is performed, the signed certificate will be generated directly.
-days: the validity period of the certificate (in day)
(3) provide CA with the required directories and documents.
# mkdir-pv / etc/pki/CA/ {certs,crl,newcerts}
# touch / etc/pki/CA/ {serial,index.txt}
# echo 01 > / etc/pki/CA/serial
This host is a CA.
(4) the host using the certificate (httpd host) generates the private key
# mkdir / etc/httpd/ssl
# cd / etc/httpd/ssl
# (umask 077; openssl genrsa-out / etc/httpd/ssl/httpd.key 2048)
(5) generate a certificate signing request
# openssl req-new-key / etc/httpd/ssl/httpd.key-out / etc/httpd/ssl/httpd.csr-days 365
(6) sign the certificate on the CA host
# openssl ca-in / etc/httpd/ssl/httpd.csr-out / etc/pki/CA/certs/httpd.crt-days 365
Using configuration from / etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x2)
Validity
Not Before: Apr 10 15:45:54 2016 GMT
Not After: Apr 10 15:45:54 2017 GMT
Subject:
CountryName = CN
StateOrProvinceName = beijing
OrganizationName = ops
OrganizationalUnitName = ops
CommonName = ops.com
EmailAddress = admin@ops.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
08:A3:DD:98:D3:E0:42:58:5E:B7:24:43:6C:3D:B1:D8:02:34:16:46
X509v3 Authority Key Identifier:
Keyid:75:63:44:2C:46:80:2F:84:CE:EF:C6:F1:F2:E7:75:2E:EF:17:37:C2
Certificate is to be certified until Apr 10 15:45:54 2017 GMT (days)
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated
(7) View the information in the certificate:
# openssl x509-in / etc/pki/CA/certs/httpd.crt-noout-serial-subject
Note: due to the experimental environment, this certificate also needs to be imported into the browser.
Also pay attention to the local hosts file.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.