In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "how to generate self-signed certificates under CentOS". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn how to generate a self-signed certificate under CentOS.
1. Generate a self-signed certificate
Usually, to configure a https server, you need an X509 certificate certified by a formal CA authority. When the client connects to the https server, the CA's common key is used to check the correctness of the certificate. But to get the CA certificate is a very troublesome thing, and it also costs a certain amount of money. So usually some small institutions will use self-signed certificates. That is, do your own CA and sign your own server certificate.
There are two main steps in this process, first to generate your own CA certificates, and then to generate and sign certificates for each server. I use OpenSSL to generate self-signed certificates.
The first step is to create a certificate for CA:
Openssl genrsa-des3-out my-ca.key 2048
Openssl req-new-x509-days 3650-key my-ca.key-out my-ca.crt
This generates my-ca.key and my-ca.crt files, which hold the keys necessary to use my-ca.crt to make signatures and should be kept safe. The latter can be made public. The above order sets the validity period for my-ca.key to 10 years.
Use a command
Openssl x509-in my-ca.crt-text-noout
You can view the contents of the my-ca.crt file.
Once you have the CA certificate, you can generate a certificate for your own server:
Openssl genrsa-des3-out mars-server.key 1024
Openssl req-new-key mars-server.key-out mars-server.csr
Openssl x509-req-in mars-server.csr-out mars-server.crt-sha1-CA my-ca.crt-CAkey my-ca.key-CAcreateserial-days 3650
The first two commands generate key and csr files, and the last command creates an x509 signing certificate for mars-server.csr through my-ca.crt.
It is important to note that when executing the second command above, the Common Name option should enter the domain name of the server, otherwise there will be additional prompts each time the user accesses through the https protocol.
Use a command
Openssl x509-in mars-server.crt-text-noout
You can view the contents of the mars-server.crt file.
two。 Configure the Apache server
First, create the / etc/apache2/ssl directory and copy the my-ca.crt, mars-server.key, and mars-server.crt files you just made into this directory.
Then execute the command.
A2emod ssl
Activate the SSL module of Apache, and then add a virtual host to / etc/apache2/sites-enable/, which is similar to adding a normal virtual host, except that the port of that host should be 443. The configuration is as follows:
NameVirtualHost *: 443
ServerName localhost
DocumentRoot / var/www
SSLEngine On
SSLCipherSuite HIGH:MEDIUM
SSLProtocol all-SSLv2
SSLCertificateFile / etc/apache2/ssl/mars-server.crt
SSLCertificateKeyFile / etc/apache2/ssl/mars-server.key
SSLCACertificateFile / etc/apache2/ssl/my-ca.crt
Order deny,allow
Allow from localhost
ServerName localhost
DocumentRoot / var/www
Order deny,allow
Allow from localhost
The above configuration ensures that users can see the same content when accessing ports 443 and 80, but only using different protocols. After modifying the configuration, you can restart the Apache server, and you need to enter the password of mars-server.key. Access it with a browser
Https://localhost/
You should see a pop-up dialog box that allows you to confirm whether you trust the certificate of the site, and after selecting trust, you can view the content of the site.
Since most Apache servers start automatically when the server starts, to avoid entering a password when starting Apache, you can generate an unencrypted mars-server.key file with the following command:
Openssl rsa-in mars-server.key-out mars-server.key.insecure
Replace the original key file with the newly generated mars-server.key.insecure.
At this point, I believe you have a deeper understanding of "how to generate a self-signed certificate under CentOS". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.