產生key:

1.. openssl genrsa -out ca.key 2048

  1. openssl req -new -key ca.key -out ca.csr

-----------key content-------------------------------------------------------

Country Name (2 letter code) [XX]:TW

State or Province Name (full name) []:TW

Locality Name (eg, city) [Default City]:TW

Organization Name (eg, company) [Default Company Ltd]:DNI

Organizational Unit Name (eg, section) []:DNI

Common Name (eg, your name or your server's hostname) []:DNI

Email Address []:[email protected]

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:12345678

An optional company name []:TW

  1. openssl x509 -req -days 36500 -in ca.csr -signkey ca.key -out ca.crt

  2. cp ca.crt /etc/pki/tls/certs

  3. cp ca.key /etc/pki/tls/private/ca.key

  4. cp ca.csr /etc/pki/tls/private/ca.csr

修改SSL:

  1. gedit /etc/httpd/conf.d/ssl.conf

  2. SSLCertificateFile /etc/pki/tls/certs/ca.crt

  3. SSLCertificateKeyFile /etc/pki/tls/private/ca.key

啟動方法:

  1. service httpd restart

本機測試:

https://127.0.0.1

選擇性的修改:

  1. gedit etc/httpd/httpd.conf

add below to the bottom

NameVirtualHost *.443

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

<Directory /var/www/html/>

AllowOverride All

</Directory>

DocumentRoot /var/www/html/

ServerName test.com

</VirtualHost>

results matching ""

    No results matching ""