Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to simply configure Apache https under RHEL6.3. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

By default, Apache allows clients to access anonymously, but Apache can also implement encryption-based authentication access. Here is a detailed explanation of the implementation process of DEMO.

First, install the corresponding support module

First of all, check under / etc/httpd/conf.d to see if there is a ssl.conf file, if you do not need to install the mod_ssl encryption support module.

[root@localhost Desktop] # cd / etc/httpd/conf.d

[root@localhost conf.d] # ls

Mod_dnssd.conf README welcome.conf

Use the YUM source to install

[root@localhost rhel6] # yum-y install mod_ssl

Loaded plugins: product-id, refresh-packagekit, security, subscription-manager

Updating certificate-based repositories.

Unable to read consumer identity

RHEL | 4.0 kB 00:00...

Setting up Install Process

Resolving Dependencies

-> Running transaction check

-> Package mod_ssl.i686 1 2.2.15-15.el6_2.1 will be installed

-> Finished Dependency Resolution

Dependencies Resolved

=

Package Arch Version Repository Size

=

Installing:

Mod_ssl i686 1 2.2.15-15.el6_2.1 RHEL 88k

Transaction Summary

=

Install 1 Package (s)

Total download size: 88 k

Installed size: 181 k

Downloading Packages:

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing: 1:mod_ssl-2.2.15-15.el6_2.1.i686 1 Compact 1

Installed products updated.

Verifying: 1:mod_ssl-2.2.15-15.el6_2.1.i686 1 Compact 1

Installed:

Mod_ssl.i686 1VR 2.2.15-15.el6_2.1

Complete!

[root@localhost conf.d] # ls

Mod_dnssd.conf README ssl.conf welcome.conf

Second, encryption configuration

There are two sentences in the ssl.conf file that indicate the storage path of the certificate and private key

SSLCertificateFile / etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile / etc/pki/tls/private/localhost.key

III. Certificate generation

[root@localhost conf.d] # cd / etc/pki/tls/certs

[root@localhost certs] # ls

Ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile

Delete the original localhost.crt certificate file first, and then generate a test certificate file with the make command

[root@localhost certs] # rm-rf localhost.crt

[root@localhost certs] # make testcert

Umask 77;\

/ usr/bin/openssl req-utf8-new-key / etc/pki/tls/private/localhost.key-x509-days 365-out / etc/pki/tls/certs/localhost.crt-set_serial 0

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [US]: CN

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]: Beijing

Organization Name (eg, company) [Default Company Ltd]: Tianli

Organizational Unit Name (eg, section) []: RedHat

Common Name (eg, your name or your server's hostname) []: test1.demo.com

Email Address []:

[root@localhost certs] #

Fourth, test and verification

[root@localhost certs] # cd / var/www/html

[root@localhost html] # ls

[root@localhost html] # touch index.html

[root@localhost html] # echo "welcomt to beijing" > index.html

[root@localhost html] # cat index.html

Welcome to beijing

[root@localhost html] # service httpd restart

Stopping httpd: [OK]

Starting httpd: [OK]

[root@localhost html] # links-dump http://test1.demo.com

Welcome to beijing

It is normal to display the page using http

[root@localhost html] # links-dump https://test1.demo.com

ELinks: SSL error

SSL error appears when using https to display the page

Let's use the browser to see the effect.

[root@localhost html] # firefox

Enter https://test1.demo.com in the address bar

On the page above, click the I Understand the Risks option

Click Add Exception

Click View to view the self-issued certificate information.

Click Confirm Security Exception and the browser will display the contents of the page.

After reading the above, do you have any further understanding of how to simply configure Apache https under RHEL6.3? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.