Shulou(Shulou.com)06/01 Report--

If you are browsing Baidu, or Google, it is not difficult to find that these websites have achieved the full site https,https compared to http, due to the increased ssl tunnel transmission mechanism, the security has been greatly improved, so the whole site https will be the trend of the future site, while httpd does not support https by default, as httpd has powerful module support, here we achieve https through mod_ssl, one of the many modules of httpd.

As we all know, http is based on the text protocol to transmit data, and the default is to use port 80 of tcp to communicate, while https is different. Https is based on the binary format of protocol transmission, security is guaranteed, the default use of port 443 of tcp to communicate. Because SSL sessions are based on IP addresses, they are not supported on FQDN-based virtual hosts.

First, you need to install the mod_ssl module:

] # yum-y install mod_ssl

Generated files:

] # rpm-ql mod_ssl/etc/httpd/conf.d/ssl.conf / / configuration file, which needs to indicate the location of our certificate. / etc/httpd/conf.modules.d/00-ssl.conf/usr/lib64/httpd/modules/mod_ssl.so/usr/libexec/httpd-ssl-pass-dialog/var/cache/httpd/ssl is needed below.

Ensure that the module is loaded after the installation is complete:

] # httpd-MLoaded Modules:...\\ omit ssl_module (shared) / / make sure this module is loaded.\\ omitted here

Start the httpd service at this point:

] # systemctl start httpd

Ensure that ports 80 and 443 of tcp are listening:

To use https, the server requires certificates (public and private keys), and you can create a test certificate by executing the make command in the / etc/pki/tls/certs/ directory:

Create a private key:

For the security of the private key, put the private key in the directory specified by the system:

Cp auth.key / etc/pki/CA/private/

Create a certificate:

Now that the certificate file for the experiment has been created, let's modify the mod_ssl configuration file to know the location of our certificate:

Edit the configuration file:

] # vim / etc/httpd/conf.d/ssl.conf

And modify it as follows:

Restart the httpd service:

View port snooping:

Copy the certificate file to the test host:

] # scp auth.crt tony@192.168.1.105:~/Desktop/

After the copy is successful, there is a file auth.crt on the desktop. Double-click to import the system:

Open the browser, enter the URL, and test:

At this point, the mod_ssl module based on httpd is successful in implementing https.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.