13.配置安全Web服務
為站點http://server0.example.com配置TLS加密:
- 一個已簽名證書從http://classroom.example.com/pub/tls/certs/server0.crt擷取
- 此證書的密鑰從http://classroom.example.com/pub/tls/private/server0.key擷取
- 此證書的簽名授權資訊從http://classroom.example.com/pub/example-ca.crt擷取
[[email protected] ~]# yum -y install mod_ssl
[[email protected] ~]# cd /etc/pki/tls/certs
[[email protected] certs~]#wget http://classroom.example.com/pub/tls/certs/server0.crt
[[email protected] certs~]#wget http://classroom.example.com/pub/example-ca.crt
[[email protected] certs~]# cd ..
[[email protected] tls~]# cd private
[[email protected] private~]# wget
http://classroom.example.com/pub/tls/private/server0.key
[[email protected] private~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot “/var/www/html”
ServerName server0.example.com:443
… … #修改第 100、107、122 行,如下所示
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
[[email protected] private~]# systemctl restart httpd
[[email protected] private~]# systemctl enable httpd
![Apache配置SSLApache配置SSL[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)