13.配置安全Web服務
爲站點http://server0.example.com配置TLS加密:
- 一個已簽名證書從http://classroom.example.com/pub/tls/certs/server0.crt獲取
- 此證書的密鑰從http://classroom.example.com/pub/tls/private/server0.key獲取
- 此證書的簽名授權信息從http://classroom.example.com/pub/example-ca.crt獲取
[root@server0 ~]# yum -y install mod_ssl
[root@server0 ~]# cd /etc/pki/tls/certs
[root@server0 certs~]#wget http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 certs~]#wget http://classroom.example.com/pub/example-ca.crt
[root@server0 certs~]# cd ..
[root@server0 tls~]# cd private
[root@server0 private~]# wget
http://classroom.example.com/pub/tls/private/server0.key
[root@server0 private~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot “/var/www/html”
ServerName server0.example.com:443
… … #修改第 100、107、122 行,如下所示
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
[root@server0 private~]# systemctl restart httpd
[root@server0 private~]# systemctl enable httpd