签署
# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/www2.linuxidc.com.crt -days 365
将生成的crt传回CentOS B
# scp /etc/pki/CA/certs/www2.linuxidc.com.crt root@192.168.3.60:/etc/httpd/ssl/
回到CentOS B:
配置httpd的ssl配置(ssl.conf):
# cd /etc/httpd/conf.d/
备份
# cp ssl.conf{,.bak}
编辑ssl.conf
修改
<VirtualHost _default_:443>
为
<VirtualHost *:443>
DocumentRoot "/web/vhosts/www2"
ServerName www2.linuxidc.com
证书位置
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
=>
SSLCertificateFile /etc/httpd/ssl/www2.linuxidc.com.crt
私钥位置
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
=>
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
配置完毕检查配置文件语法错误:
# httpd -t
重启httpd:
# service httpd restart
查看443端口是否已开启:
ss -tnl
使用s_client在CentOS A上做测试:
# openssl s_client -connect 192.168.3.60:443 -CAfile /etc/pki/CA/cacert.pem
GET / HTTP/1.1
Host: www2.linuxidc.com
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2016 11:20:16 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 30 Sep 2016 13:33:02 GMT
ETag: "bf4e8-21-53db9a230598a"
Accept-Ranges: bytes
Content-Length: 33
Connection: close
Content-Type: text/html; charset=UTF-8
www2.linuxidc.com</br>
welcome!
测试成功!
去浏览器访问格式:
https://www2.linuxidc.com
Ubuntu Server 14.04 安装Web服务器(Linux+Apache+MySQL+PHP)
Ubuntu 13.04 安装 LAMP\Vsftpd\Webmin\phpMyAdmin 服务及设置