CentOS下利用httpd openssl来实现网站的httpscentosWord下载.docx
- 文档编号:20014839
- 上传时间:2023-01-15
- 格式:DOCX
- 页数:5
- 大小:16.08KB
CentOS下利用httpd openssl来实现网站的httpscentosWord下载.docx
《CentOS下利用httpd openssl来实现网站的httpscentosWord下载.docx》由会员分享,可在线阅读,更多相关《CentOS下利用httpd openssl来实现网站的httpscentosWord下载.docx(5页珍藏版)》请在冰豆网上搜索。
#私钥
EnterPEMpassphrase:
123456#保护CA私钥
Verifying-EnterPEMpassphrase:
123456
-----
Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,
Ifyouenter'
.'
thefieldwillbeleftblank.
CountryName(2lettercode)[GB]:
CN#身份信息
StateorProvinceName(fullname)[Berkshire]:
BEIJING
LocalityName(eg,city)[Newbury]:
HD
OrganizationName(eg,company)[MyCompanyLtd]:
UPLOOKING
OrganizationalUnitName(eg,section)[]:
IT
CommonName(eg,yournameoryourserver'
shostname)[]:
CA
EmailAddress[]:
CA@Pleaseenterthefollowing'
extra'
attributestobesentwithyourcertificaterequest
Achallengepassword[]:
Anoptionalcompanyname[]:
Usingconfigurationfrom/etc/pki/tls/f
Enterpassphrasefor../../CA/private/./cakey.pem:
123456#使用私钥自签名
Checkthattherequestmatchesthesignature
Signatureok
CertificateDetails:
SerialNumber:
0(0x0)
Validity
NotBefore:
Mar501:
40:
502012GMT
NotAfter:
502015GMT
Subject:
countryName=CN
stateOrProvinceName=BEIJING
organizationName=UPLOOKING
organizationalUnitName=IT
commonName=CA
emailAddress=CA@
X509v3extensions:
X509v3BasicConstraints:
CA:
TRUE
NetscapeComment:
OpenSSLGeneratedCertificate
X509v3SubjectKeyIdentifier:
61:
D5:
3A:
C7:
5C:
0F:
66:
FE:
EF:
5D:
A1:
94:
8F:
FD:
C2:
E5:
7D:
D3
X509v3AuthorityKeyIdentifier:
keyid:
61:
CertificateistobecertifieduntilMar501:
502015GMT(1095days)Writeoutdatabasewith1newentries
DataBaseUpdated[root@CA~]#ls/etc/CA/private/cakey.pem#CA私钥
[root@CA~]#ls/etc/CA/cacert.pem#CA证书
[root@CA~]#ls/etc/CA/careq.pem#CA证书请求配置web服务器
===============================================================
web生成自己的私钥
[root@www~]#opensslgenrsa-des3-out/etc/httpd/conf.d/server.key#使用des3保护私钥
GeneratingRSAprivatekey,512bitlongmodulus
.........++++++++++++
......................++++++++++++
eis65537(0x10001)
Enterpassphrasefor/etc/httpd/conf.d/server.key:
Verifying-Enterpassphrasefor/etc/httpd/conf.d/server.key:
123456生成证书请求(使用身份标识+公钥)
[root@www~]#opensslreq-new-key/etc/httpd/conf.d/server.key-out/tmp/server.csr
Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificate
request.
-------------------------------------------------------------------------------
CN#这部分信息要与CA一致!
!
Pleaseenterthefollowing'
将证书请求发送给CA
[root@www~]#scp/tmp/server.csrCA:
/tmp/CA服务器对证书请求进行数字签名
=============================================================================
[root@CA~]#opensslca-keyfile/etc/CA/private/cakey.pem-cert/etc/CA/cacert.pem-in/tmp/server.csr-out/tmp/server.crt/etc/CA/private/cakey.pem(这是ca的私钥)
/tmp/server.csr(httpserver的证书请求文件)
/etc/CA/cacert.pem(ca的证书)
/tmp/server.crt(生成的httpserver的证书的名字)Usingconfigurationfrom/etc/pki/tls/f
Enterpassphrasefor/etc/CA/private/cakey.pem:
1(0x1)
Mar502:
20:
562012GMT
562013GMT
commonName=
emailAddress=
D0:
6E:
FC:
BE:
0D:
62:
CA:
B9:
A2:
E0:
2A:
9A:
27:
32:
39:
0B:
91:
F8
CertificateistobecertifieduntilMar502:
562013GMT(365days)
Signthecertificate?
[y/n]:
y1outof1certificaterequestscertified,commit?
[y/n]y
Writeoutdatabasewith1newentries
DataBaseUpdated将签名后的数字证书颁发给web
[root@CA~]#scp/tmp/server.crt:
/etc/httpd/conf.d/配置web支持ssl实现https
==========================================================
[root@www~]#yuminstallhttpdmod_ssl
[root@www~]#vim/etc/httpd/conf.d/ssl.conf
SSLCertificateFile/etc/httpd/conf.d/server.crt
SSLCertificateKeyFile/etc/httpd/conf.d/server.key[root@www~]#netstat-tunpl|grep443
tcp00:
:
443:
*LISTEN2000/httpdClient下载CA证书并导入到浏览器,然后访问www服务器
==================================================================================
client需要下载CA证书并导入浏览器,使用https访问web,浏览器验证web数字证书是否由CA颁发打开firefox,编辑------&
gt;
首选项-----&
高级----&
加密-----&
查看证书------&
导入
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CentOS下利用httpd openssl来实现网站的httpscentos CentOS 利用 httpd openssl 实现 网站 httpscentos
链接地址:https://www.bdocx.com/doc/20014839.html