通過http協議傳輸的數據都是明文的,很容易被竊聽。很多時候需要在網上傳輸口令,這個時候就需要對信息進行加密,對HTTP傳輸進行加密的協議就是HTTPS,它是通過SSL進行HTTP傳輸的協議。
我們現在已經有了httpd環境,可參考(http://fengwan.blog.51cto.com/508652/1360429)
在編譯過程中需要加上參數--enable-ssl
[root@NFSServer httpd-2.4.7]
# ./configure \
>--prefix=
/webserver/httpd
\
>--sysconfdir=
/webserver/httpd/conf
\
>--
enable
-so \
>--
enable
-rewirte \
>--
enable
-ssl \
>--
enable
-cgi \
>--
enable
-cgid \
>--
enable
-modules=most \
>--
enable
-modules-shared=most \
>--
enable
-mpms-shared=all \
>--with-apr=
/webserver/apr
\
>--with-apr-util=
/webserver/apr-util
1.環境準備
1.openssl安裝
[root@WebServer ~]# yum -y install openssl openssl-devel
2.創建密碼文件
[root@WebServer ~]# openssl genrsa -out server.key 1024 [root@WebServer ~]# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:GuangDong Locality Name (eg, city) [Default City]:GuangZhou Organization Name (eg, company) [Default Company Ltd]:Test Organizational Unit Name (eg, section) []:Test Common Name (eg, your name or your server's hostname) []:localhost Email Address []:ca Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@WebServer ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
執行上述命令後將產生3個文件,分別是server.key、server.csr和server.crt ,接着將3個文件複製到/webserver/httpd/conf/ca
[root@WebServer ~]# mkdir /webserver/httpd/conf/ca/ [root@WebServer ~]# cp -r server.* /webserver/httpd/conf/ca/
3.修改 /webserver/httpd/conf/extra/httpd-ssl.conf
[root@WebServer ~]# vim /webserver/httpd/conf/extra/httpd-ssl.conf //修改一下位置 SSLCertificateFile "/webserver/httpd/conf/ca/server.crt" SSLCertificateKeyFile "/webserver/httpd/conf/ca/server.key"
4.修改/webserver/httpd/conf/httpd.conf加載ssl_module和socache_shmcb_module
[root@WebServer ~]# vim /webserver/httpd/conf/httpd.conf //將一下2句前面的#刪除,或者直接將下面這2句加入配置文件 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so
如果沒有加載socache_shmcb_module將出現
[root@WebServer ~]# service httpd restart Stopping httpd: [ OK ] Starting httpd: AH00526: Syntax error on line 76 of /webserver/httpd/conf/extra/httpd-ssl.conf: SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?). [FAILED]
5.重啓httpd服務即可
[root@WebServer ~]# service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]
6.測試