1、安装mod_ssl软件包
[root@bogon conf.d]# yum install -y mod_ssl
2、切换目录至/etc/pki/tls/certs/并查看是否有Makefile文件
[root@bogon conf.d]# cd /etc/pki/tls/certs/
[root@bogon certs]# ll
3、创建证书文件
[root@bogon certs]# make zhengshu.crt
[root@bogon certs]# make zhengshu.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zhengshu.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................+++++
...............+++++
e is 65537 (0x010001)
Enter pass phrase: //设置密码
Verifying - Enter pass phrase: //再次确认密码
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zhengshu.key -x509 -days 365 -out zhengshu.crt -set_serial 0
Enter pass phrase for zhengshu.key: //与上述密码相同
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86 //国家代码
State or Province Name (full name) []:sx //省份
Locality Name (eg, city) [Default City]:xi'an //城市
Organization Name (eg, company) [Default Company Ltd]:beixin //公司名
Organizational Unit Name (eg, section) []:ce //部门
Common Name (eg, your name or your server's hostname) []:www.ceshi.com //服务主机名
Email Address []:[email protected] //邮箱
4、编写配置文件(参照/etc/httpd/conf.d/ssl.conf 文件编写)
[root@bogon certs]# cd /etc/httpd/conf.d/
[root@bogon conf.d]# vim vhost-https.conf
<virtualhost 192.168.74.130:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/zhengshu.crt //指定证书路径
SSLCertificateKeyFile /etc/pki/tls/certs/zhengshu.key //指定密钥文件路径
documentroot /www/https
servername 192.168.74.130
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
5、创建网页文件根目录,并定义网页内容
[root@bogon ~]# mkdir -p /www/https
[root@bogon ~]# echo this is https > /www/https/index.html
6、重启httpd服务(需要输入密码)
[root@bogon ~]# systemctl restart httpd
7、命令行测试
8、主机浏览器里测试