Centos6.3下Apache配置基于加密的认证https加密证书访问

这里简单演示一下Apache下基于加密的认证访问----https加密方式访问。

1.DNS解析解析情况：

[root@localhosthtml]#nslookupwww.downcc.com

Server:192.168.2.115

Address:192.168.2.115#53

Name:www.downcc.com

Address:192.168.2.115

2.安装ApacheSSL支持模块:#yuminstall-ymod_ssl（默认yum安装httpd是没有安装该模块的，安装后自动生产/etc/httpd/conf.d/ssl.conf文件）并生成证书。

[root@localhostcerts]#pwd

/etc/pki/tls/certs

[root@localhostcerts]#ls

ca-bundle.crtindex.htmllocalhost.crtMakefile

ca-bundle.trust.crtlocalhost1.crtmake-dummy-cert

[root@localhostcerts]#opensslreq-utf8-new-key../private/localhost.key-x509-days3650-outabc_com.crt

Youareabouttobeaskedtoenterinformationthatwillbeincorporated

intoyourcertificaterequest.

WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.

Therearequiteafewfieldsbutyoucanleavesomeblank

Forsomefieldstherewillbeadefaultvalue,

Ifyouenter'.',thefieldwillbeleftblank.

-----

CountryName(2lettercode)[XX]:CN

StateorProvinceName(fullname)[]:510510

LocalityName(eg,city)[DefaultCity]:GZ

OrganizationName(eg,company)[DefaultCompanyLtd]:ABC.COM

OrganizationalUnitName(eg,section)[]:Mr.Zhang

CommonName(eg,yournameoryourserver'shostname)[]:www.downcc.com

EmailAddress[]:root@abc.com

[root@localhostcerts]#

3.配置Apache，基本配置这里不多说了，下面是配置www.downcc.com站点http访问的情况。

[root@localhosthtml]#tail-n8/etc/httpd/conf/httpd.conf

NameVirtualhost192.168.2.115:80

<VirtualHostwww.downcc.com:80>

ServerAdminwebmaster@dummy-host.example.com

DocumentRoot/var/www/html

ServerNamewww.downcc.com

ErrorLoglogs/dummy-host.example.com-error_log

CustomLoglogs/dummy-host.example.com-access_logcommon

</VirtualHost>

[root@localhosthtml]#tail/var/www/html/index.html

www.downcc.com

[root@localhosthtml]#

4.配置Apache支持https访问www.downcc.com站点，编辑vim/etc/httpd/conf.d/ssl.conf文件，制定www.downcc.com站点https访问时的相关信息。添加下面配置。

<VirtualHostwww.downcc.com:443>

DocumentRoot"/var/www/html/www.kuteatest.net"#//为了显示效果，这里的站点目录不一样，一般情况一个域名应该指向同一目录的。

ServerNamewww.downcc.com:443

ErrorLoglogs/ssl_error_log

TransferLoglogs/ssl_access_log

LogLevelwarn

SSLEngineon

SSLProtocolall-SSLv2

SSLCipherSuiteALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile/etc/pki/tls/certs/abc_com.crt

SSLCertificateKeyFile/etc/pki/tls/private/localhost.key

<Files~"\.(cgi|shtml|phtml|php3?)$">

SSLOptions+StdEnvVars

</Files>

<Directory"/var/www/cgi-bin">

SSLOptions+StdEnvVars

</Directory>

SetEnvIfUser-Agent".*MSIE.*"\

nokeepalivessl-unclean-shutdown\

downgrade-1.0force-response-1.0

CustomLoglogs/ssl_request_log\

"%t%h%{SSL_PROTOCOL}x%{SSL_CIPHER}x\"%r\"%b"

</VirtualHost>

5.重启Apache服务，测试访问。

测试http访问的结果

测试https访问的结果

查看证书信息和自建crt信息一致

https访问的最终结果