???????创建私有CA:OpenSSL ???????????1.创建CA的私钥: ???????????????~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) ???????????2.生成CA的自签证书: ???????????????~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3653 ???????????3.完善CA所必需目录级文件要求和文本文件级文件要求: ???????????????~]# touch /etc/pki/CA/index.txt ???????????????~]# echo 01 > /etc/pki/CA/serial ???????创建https站点: ???????????1.为httpd服务器生成密钥并生成证书请求: ???????????????~]# mkdir /etc/httpd/ssl ???????????????~]# cd /etc/httpd/ssl ???????????????~]# (umask 077;openssl genrsa -out httpd.key 2048) ???????????????~]# openssl req -new -key httpd.key -out httpd.csr -days 3653 ???????????2.将证书请求发送到CA: ???????????????~]# scp httpd.csr CA_SERVER:/tmp ???????????3.在CA上为此次请求签发证书: ???????????????~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 3653 ???????????4.在CA上将CA签发的证书传送到httpd服务器: ???????????????~]# scp /etc/pki/CA/certs/httpd.crt HTTP_SERVER:/etc/httpd/ssl ???????????5.在httpd服务器上,删除证书请求文件: ???????????????~]# rm -f httpd.csr ???????????6.在httpd服务器上配置ssl支持: ???????????????1) 保证mod_ssl模块被正确装载;如果没有,则需要单独安装; ???????????????????yum -y install mod_ssl ???????????????????????/etc/httpd/conf.d/ssl.conf ???????????????????????/usr/lib64/httpd/modules/mod_ssl.so ???????????????2) 配置https的虚拟主机: ???????????????????<VirtualHost 172.16.88.99:443> ???????????????????????DocumentRoot "/myvhost/https" ???????????????????????ServerName www.a.com ???????????????????????SSLCertificateFile /etc/httpd/ssl/httpd.crt ???????????????????????SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ???????????????????</VirtualHost>为web站点提供https服务的步骤
原文地址:http://blog.51cto.com/chenliangdeeper/2108664