CentOS7 apache2.4配置ssl证书https访问

CentOS7 apache2.4配置ssl证书https访问

  1. 首先安装扩展

    yum install mod_ssl openssl
  2. 站点配置

    首先需要在http.conf中加

    IncludeOptional ssl/*.conf

    创建ssl/baidu.conf并编辑

    vim baidu.conf
    <VirtualHost *:80>
         DocumentRoot /bai/du                                #目录
         ServerName baidu.com                                #域名
         RewriteEngine On                                    #启用重写
         RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]        #强制https
    </VirtualHost>
    <VirtualHost *:443>
         SSLEngine on
         SSLCertificateFile /cert/baidu.com/public.pem        #公钥
         SSLCertificateKeyFile /cert/baidu.com/private.key    #私钥
         SSLCertificateChainFile /cert/baidu.com/chain.pem    #证书
         SSLProtocol TLSv1 TLSv1.1 TLSv1.2
         SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
         DocumentRoot /bai/du
         ServerName baidu.com
    </VirtualHost>
    <Directory /bai/du>
         Options FollowSymLinks
         AllowOverride All
         Require all granted
    </Directory>

    如果证书文件中有full_chain.pem无chain.pem,则填为SSLCertificateFile,不填SSLCertificateChainFile
    上述方式支持多站点

  3. 自签名证书

    使用《CentOS命令生成自签名证书》进行生成

标签: apache centos ssl https linux

发表评论: