13.配置安全Web服务
为站点http://server0.example.com配置TLS加密:
- 一个已签名证书从http://classroom.example.com/pub/tls/certs/server0.crt获取
- 此证书的密钥从http://classroom.example.com/pub/tls/private/server0.key获取
- 此证书的签名授权信息从http://classroom.example.com/pub/example-ca.crt获取
[[email protected] ~]# yum -y install mod_ssl
[[email protected] ~]# cd /etc/pki/tls/certs
[[email protected] certs~]#wget http://classroom.example.com/pub/tls/certs/server0.crt
[[email protected] certs~]#wget http://classroom.example.com/pub/example-ca.crt
[[email protected] certs~]# cd ..
[[email protected] tls~]# cd private
[[email protected] private~]# wget
http://classroom.example.com/pub/tls/private/server0.key
[[email protected] private~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot “/var/www/html”
ServerName server0.example.com:443
… … #修改第 100、107、122 行,如下所示
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
[[email protected] private~]# systemctl restart httpd
[[email protected] private~]# systemctl enable httpd
![Apache配置SSLApache配置SSL[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)