3.1 初始化CA服务,创建所需要的文件
# cd /etc/pki/CA/
# touch index.txt //创建索引文件
# echo 01 > serial //创建序列号文件
3.2 CA自签证书
生成私钥
# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
使用私钥生成签名证书
# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem
4.申请证书(CentOS B):
4.1 创建一个存放证书的目录
# mkdir /etc/httpd/ssl
# cd /etc/httpd/ssl
4.2 生成秘钥
# (umask 007;openssl genrsa -out httpd.key 1024)
4.3 生成请求文件
# openssl req -new -key httpd.key -out httpd.csr
4.4 填表,按照自己情况写
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Quintin Ltd
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:pma.linuxidc.com
Email Address []:admin@linuxidc.com
4.5 把生成的文件发送到CA服务器 CentOS A,这里我使用scp命令:
# scp httpd.csr root@192.168.3.67:/tmp/
4.6 按照提示操作成功之后,httpd.csr 应该已经在CentOS A的/tmp/目录中.
5.签署证书(CentOS A):
5.1 签署,有效期十年
# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/pma.linuxidc.com.crt -days 3650
5.2 将生成的crt传回CentOS B
# scp /etc/pki/CA/certs/pma.linuxidc.com.crt root@192.168.3.77:/etc/httpd/ssl/
5.3 按照提示操作成功之后,pma.linuxidc.com.crt 应该已经在CentOS B的/etc/httpd/ssl/目录中.
6.配置ssl(CentOS B):
6.1 事先备份
# cd /etc/httpd/conf.d/
# cp ssl.conf{,.bak}
6.2 编辑ssl.conf
# vim ssl.conf
以下为修改项
<VirtualHost _default_:443>
=>
<VirtualHost *:443>
基本设置
DocumentRoot "/web/vhosts/pma"
ServerName pma.linuxidc.com:443
证书位置
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
=>
SSLCertificateFile /etc/httpd/ssl/pma.linuxidc.com.crt
私钥位置
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
=>
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
保存退出.
6.3 检查配置文件语法错误:
# httpd -t
6.4 重启httpd:
# systemctl restart httpd
6.5 查看443端口是否已开启:
# ss -tnl
6.6 去浏览器访问格式:
https://pma.linuxidc.com
看见https字样就对了.但会提示无效,添加信任即可.
下面关于LAMP相关的内容你可能也喜欢:
LAMP平台安装Xcache和Memcached加速网站运行
CentOS 6.5系统安装配置LAMP(Apache+PHP5+MySQL)服务器环境
Ubuntu 14.04 配置 LAMP+phpMyAdmin PHP(5.5.9)开发环境