# openssl req -new -x509 -key -in private/cakey.pem -out cacert.pem -days 365 ##生成自签证书
Seq4:为CA准备目录及文件
# cd /etc/pki/CA
# mkdir certs crl newcerts ##相关证书存放目录
# touch index.txt ##相关证书信息
# echo "01" > serial ##颁发证书的序列
Seq5:配置安装HTTP服务及安装mod_ssl模块提供TLS/SSL功能
# yum install httpd mod_ssl -y
# vim /etc/httpd/httpd.conf #最后一行添加如下内容,并注释DocumentRoot "/var/www/html"行,大约在281行
<VirtualHost 172.16.88.1:80>
DocumentRoot "/www/example.com"
ServerName
</VirtualHost>
# service httpd restart && chkconfig httpd on
# echo "<h1>Test Hettp Server</h1>" > /var/www/html/index.html #测试页
Seq6:进行简单的测试:
nniiijj:
ok!!HTTP服务正常工作。
Seq7:为HTTP服务器端配置密钥并向CA发送证书颁发请求
# mkdir /etc/httpd/ssl
# cd /etc/httpd/ssl
#(umask 077; openssl genrsa -out httpd.key 1024)
# openssl req -new -key -in httpd.key -out httpd.csr -days 3650
