LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::*
9、在Windows浏览器测试访问域名是否能自动成功跳转到https
在浏览器地址栏输入域名,然后回车
上面回车之后,会自动跳转到下面的页面,我们点击“高级”选项会展开相关内容
上面点击“高级”选项之后,会出现下面的页面,我们点击下面的红框部分就可以进入下一步
上面点击红框部分之后,就会出现下面的网页了。因为是自己生成的证书不被浏览器识别,所以会出现下面的页面,说此站点不安全,我们直接不用管点击详细信息并接着点击“转到此网页(不推荐)”选项即可进入我们需要的网页了
下面是我们需要访问的最终页面,如果是在各大厂商申请的证书就不会出现以上提示不安全的信息,会直接进入我们下面的界面。
二、yum安装的Apache配置https方法
1、安装相关软件
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# yum -y install mod_ssl
2、修改相关的配置文件
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
去掉下面几行注释
Include conf.modules.d/*.conf
ServerName
IncludeOptional conf.d/*.conf
下面的需要添加在主配置文件中或虚拟主机中
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/tz.php
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R]
[root@localhost conf.modules.d]# vim /etc/httpd/conf.modules.d/00-ssl.conf
去掉下面的注释
LoadModule ssl_module modules/mod_ssl.so
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-base.conf
去掉下面的注释
LoadModule rewrite_module modules/mod_rewrite.so
3、生成相关的证书及秘钥文件
[root@localhost ~]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................................+++
..........................+++
e is 65537 (0x10001)
[root@localhost ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ll
Organizational Unit Name (eg, section) []:lz
Common Name (eg, your name or your server's hostname) []:
Email Address []:123456@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@localhost ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=cn/ST=bj/L=bj/O=ll/OU=lz/CN=www.awstats.com/emailAddress=123456@163.com
Getting Private key
4、修改配置文件中对应的秘钥文件
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf
去掉相关注释并更改证书和私钥文件
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
复制生成的秘钥文件到ssl.conf指定的位置
[root@localhost ~]# cp /root/server.crt /etc/pki/tls/certs/
[root@localhost ~]# cp /root/server.key /etc/pki/tls/private/
5、验证配置是否有问题并重启Apache服务
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
6、在Windows浏览器测试访问域名是否能自动成功跳转到https