Simple Construction of centos6.8+apache+https 01/18 Update SLTechnology News&Howtos

Simple Construction of centos6.8+apache+https

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

A lot of theoretical knowledge will not be mentioned here, if you want to have an in-depth understanding of the suggestion, it will be easy to understand the theory first and then look at it.

Environment:

CentOS release 6.8 (Final)

Apache-2.4.25

1. Check whether the existing apache has compiled and installed ssl modules.

/ usr/local/apache/bin/apachectl-l

2. If not, you need to add ssl modules. Apache adds modules in an embedded way.

/ usr/local/apache/bin/apxs-I-c-a-L / usr/lib64/openssl/engines/lib-c * .c-lcrypto-lssl-ldl/usr/local/apache/bin/apxs-c-I mod_ssl.c/usr/local/apache/bin/apxs-c-I mod_ssl.loll / usr/local/apache/modules | grep ssl

3. Enable ssl extension function

Sed-I's /\ # Include conf\ / extra\ / httpd-ssl.conf/Include conf\ / extra\ / httpd-ssl.conf/' / usr/local/apache/conf/httpd.confsed-n '140p' / usr/local/apache/conf/httpd.conf LoadModule ssl_module modules/mod_ssl.so

4. Generate untrusted certificate, public key encryption, private key decryption. Private key encryption, public key decryption

Generate server private key

Openssl genrsa-des3-out server.key 2048

Generate server certificate request and fill in relevant certificate information as required

Openssl req-new-key server.key-out server.csr

Visa:

Openssl x509-req-days 3650-in server.csr-signkey server.key-out server.crt

5. Modify the virtual host

Sed-n'22 ServerName www.www.fangqiweb.org ServerAlias www.fangqi.web.org SSLEngine on SSLCertificateFile 33p' / usr/local/apache/conf/extra/httpd-vhosts.conf # ServerAdmin 1009422178@qq.com DocumentRoot "/ var/www/html" ServerName www.www.fangqiweb.org ServerAlias www.fangqi.web.org SSLEngine on SSLCertificateFile / usr/local/apache/conf/server.crt SSLCertificateKeyFile / usr/local/apache/conf/server.key ErrorLog "logs/error/www -error_log "CustomLog" | / usr/local/sbin/cronolog / service/apache/logs/access/www-%Y%m%d_log "combined

6. Add a listening port

Sed-I '53a\ Listen 443' httpd.conf

7. Check the syntax and restart apache

/ usr/local/apache/bin/apachectl-t/usr/local/apache/bin/apachectl restart

8. Test access

9. If you can't access it,

Does the firewall allow https to pass through

Whether the vhost configuration file is misconfigured

Is there any error in apache's main configuration file, or is there a lack of directory location information in vhost?

Whether the listening port of apache is enabled

Whether apache has added ssl module correctly

Common errors:

/ usr/local/apache/bin/apachectl-t

Httpd: Syntax error on line 141 of / usr/local/apache-2.4.25/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: / usr/local/apache-2.4.25/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog

Resolve:

/ usr/local/apache/bin/apxs-a-I-c-L / usr/lib64/openssl/engines/lib-c * .c-lcrypto-lssl-ldl

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.