Chinaunix首页 | 论坛 | 博客
  • 博客访问: 324559
  • 博文数量: 120
  • 博客积分: 3000
  • 博客等级: 中校
  • 技术积分: 1290
  • 用 户 组: 普通用户
  • 注册时间: 2009-12-19 01:46
文章分类

全部博文(120)

文章存档

2010年(84)

2009年(36)

我的朋友

分类:

2009-12-19 05:36:58

基于SSL http的认证

1、安装httpdmod_ssl软件


2、相关文件介绍

/etc/httpd/conf.d/ssl.conf :提供给 Apache 读取的设定档;

/etc/httpd/conf/ssl.key/server.csr :用来申请凭证的档案

/etc/httpd/conf/ssl.key/server.crt :就是那个凭证档案

3、创建证书目录

mkdir /etc/httpd/conf/ssl.key

4、生成证书 server.key

建立 public key

public key 是放置在 /etc/httpd/conf/ssl.key 目录下的,整个建立的方法如下:

# 先将旧的档案备份下来:

[root@linux ~]# cd /etc/httpd/conf/ssl.key

# 开始作一支新的 public key

[root@linux ssl.key]# openssl [动作] –out filename [bits]

参数说明:

[动作]:主要的动作有:

genrsa :建立 RSA 加密的 public key

req :建立凭证要求档或者是凭证档案

-out :后面加上输出的档名,就是那把 key name

bits :用在 genrsa,加密的金钥长度!

-x509 X.509 Certificate Data Management.,一种验证的管理方式


建立一支长度为 1024 bits public key ,注意檔名!

[root@linux ssl.key]# openssl genrsa –out server.key 1024

Generating RSA private key, 1024 bit long modulus

................................................++++++

.......++++++

e is 65537 (0x10001)

这个时候这把 public key 就建好了!



5、建立凭证文件

[root@linux ~]# cd /etc/httpd/conf/ssl.crt

[root@linux ssl.crt]# openssl req -new -x509 -key ../ssl.key/server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:GB

State or Province Name (full name) [Berkshire]:guangdong

Locality Name (eg, city) [Newbury]:dongguan

Organization Name (eg, company) [My Company Ltd]:superich

Organizational Unit Name (eg, section) []:superich.net

Common Name (eg, your name or your server's hostname) []:station11.example.com

Email Address []:redhat@example.com

6、配置/etc/httpd/conf.d/ssl.conf,在文件的最后加上如下内容

NameVirtualHost 192.168.0.11:443

ServerName

DocumentRoot /var/www/rhce

DirectoryIndex index.html index.htm

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.key/server.crt

SSLCertificatKeyFile /etc/httpd/conf/ssl.key/server.key

ServerName mail.superich.net

DocumentRoot /var/www/rhce

DirectoryIndex index.html index.htm

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.key/server.crt

SSLCertificatKeyFile /etc/httpd/conf/ssl.key/server.key

7、创建/var/www/rhce/var/www/rhca目录,并分别在这两个目录中建立index.html文件,并编辑该文件。

8、启动httpd服务

9、在Firefox中测试结果

阅读(625) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~