配置安全web服务
2024-10-20 07:42:55
为站点 http://system1.group8.example.com 配置TLS加密:
1、一个已签名证书从 http://server.group8.example.com/pub/tls/certs/system1.crt 获取
2、此证书的密钥从 http://server.group8.example.com/pub/tls/private/system1.key 获取
3、此证书的签名授权信息从 http://server.group8.example.com/pub/tls/certs/ssl-ca.crt 获取
答:
再system1上执行:
1、安装 ssl 模块
yum install mod_ssl -y
2、修改配置文件
vim /etc/httpd/conf.d/httd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName system1.group8.example.com <Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host .my133t.org
</RequireAll>
</Directory> SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateKeyFile /etc/pki/tls/certs/system1.crt
SSLCertificateKeyFile /etc/pki/tls/private/system1.key
SSLCACertificateFile /etc/pki/tls/certs/ssl-ca.crt </VirtualHost>
3、下载证书
# 下载证书到指定目录内
wget -O /etc/pki/tls/certs/system1.crt http://server.group8.example.com/pub/tls/certs/system1.crt
wget -O /etc/pki/tls/private/system1.key http://server.group8.example.com/pub/tls/private/system1.key
wget -O /etc/pki/tls/certs/ssl-ca.crt http://server.group8.example.com/pub/tls/certs/ssl-ca.crt
4、添加防火墙
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
5、重启web服务
systemctl restart httpd
验证:再system2上验证
curl -k https://system1.group8.example.com
更多详情:https://www.cnblogs.com/xiangsikai/p/9810290.html
最新文章
- YYCache设计思路及源码学习
- win7下面完全删除mysql
- 如何用adb logcat保存日志
- Lintcode: Subarray Sum Closest
- PHP_ArrayList
- ABAP程序的效率(转)
- BZOJ2750: [HAOI2012]Road
- arry()数组的理解及api的使用(二)
- ACE编译
- --@angularJS--指令之单个点击展开demo
- Git下载、更新、提交使用总结
- WinHex18.4算法分析
- TCP连接异常:broken pipe 和EOF
- Python中操作ini配置文件
- SpringCloud第一弹(入门)
- Scala学习笔记(六):本地函数、头等函数、占位符和部分应用函数
- webpack-manifest-plugin
- 如何通过sql的insert语句插入大量字符串到oracle的clob字段?
- C#学习笔记(23)——C#将PPT批量转为JPG(aspose方法)
- Linux下安装Beego:go install: cannot install cross-compiled binaries when GOBIN is set