2. Cài đặt
- cài đặt thêm các gói ssl
[root@ns /]# yum install mod_ssl openssl
- tạo các cert
[root@ns tmp]# openssl genrsa -out ca.key 1024
[root@ns tmp]# openssl req -new -key ca.key -out ca.csr
[root@ns tmp]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
[root@ns tmp]# ls
ca.crt ca.csr ca.key
- copy các file vừa được tạo
[root@ns tmp]# cp ca.crt /etc/pki/tls/certs/
[root@ns tmp]# cp ca.key /etc/pki/tls/private/
[root@ns tmp]# cp ca.csr /etc/pki/tls/private/
- sửa file cấu hình của apache
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
- thay đổi nội dung 2 dòng sau
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
thành
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
- sửa lại các virtualhost
[root@ns tmp]# vi /etc/httpd/conf/httpd.conf
- add thêm vào cuối file httpd.conf
NameVirtualHost *:443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
AllowOverride All
- cài đặt thêm các gói ssl
[root@ns /]# yum install mod_ssl openssl
- tạo các cert
[root@ns tmp]# openssl genrsa -out ca.key 1024
[root@ns tmp]# openssl req -new -key ca.key -out ca.csr
[root@ns tmp]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
[root@ns tmp]# ls
ca.crt ca.csr ca.key
- copy các file vừa được tạo
[root@ns tmp]# cp ca.crt /etc/pki/tls/certs/
[root@ns tmp]# cp ca.key /etc/pki/tls/private/
[root@ns tmp]# cp ca.csr /etc/pki/tls/private/
- sửa file cấu hình của apache
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
- thay đổi nội dung 2 dòng sau
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
thành
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
- sửa lại các virtualhost
[root@ns tmp]# vi /etc/httpd/conf/httpd.conf
- add thêm vào cuối file httpd.conf
NameVirtualHost *:443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
AllowOverride All
DocumentRoot /var/www/html
ServerName IP_or_site_name
- restart lại service apache
沒有留言:
張貼留言