今日要来给大伙推荐下Apache配置鉴于加密的验证https加密文凭访问，之是以要来给大伙针对这种Apache配置鉴于加密的验证https加密文凭访问发展一种推荐的最重要的目的是此刻好多小伙伴门关于Apache配置鉴于加密的验证https加密文凭访问理解是十分少的，都不晓得详细的是怎样回事，那末感兴趣的小伙伴可行看下下方的推荐哦。

这边容易演示一下Apache下鉴于加密的验证访问----https加密形式访问。

1.DNS剖析剖析概况：

[[email protected] html]# nslookup www.downcc.com

Server: 192.168.2.115

Address: 192.168.2.115#53

Name: www.downcc.com

Address: 192.168.2.115

2.安装Apache SSL扶持模块:# yum install -y mod_ssl （默认yum安装httpd是无安装该模块的，安装后自动制造/etc/httpd/conf.d/ssl.conf文献）并生成文凭。

[[email protected] certs]# pwd

/etc/pki/tls/certs

[[email protected] certs]# ls

ca-bundle.crt index.html localhost.crt Makefile

ca-bundle.trust.crt localhost1.crt make-du毫米y-cert

[[email protected] certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:510510

Locality Name (eg, city) [Default City]:GZ

Organization Name (eg, company) [Default Company Ltd]:ABC.COM

Organizational Unit Name (eg, section) []:Mr.Zhang

Co毫米on Name (eg, your name or your server's hostname) []:www.downcc.com

Email Address []:[email protected]

[[email protected] certs]#

3.配置Apache，根本配置这边少许说了，下方是配置www.downcc.com站点http访问的概况。

[[email protected] html]# tail -n 8 /etc/httpd/conf/httpd.conf

NameVirtualhost 192.168.2.115:80

<VirtualHost www.downcc.com:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html

ServerName www.downcc.com

ErrorLog logs/du毫米y-host.example.com-error_log

CustomLog logs/du毫米y-host.example.com-access_log co毫米on

</VirtualHost>

[[email protected] html]# tail /var/www/html/index.html

www.downcc.com

[[email protected] html]#

4.配置Apache扶持https访问www.downcc.com站点，编辑 vim /etc/httpd/conf.d/ssl.conf 文献，制订www.downcc.com站点https访问时的相干消息。添加下方配置。

<VirtualHost www.downcc.com:443>

DocumentRoot "/var/www/html/www.kuteatest.net" #//为了显现成果，这边的站点目录不一样，通常概况一种域名应当指到统一目录的。

ServerName www.downcc.com:443

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/abc_com.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<Files ~ ".(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</Files>

<Directory "/var/www/cgi-bin">

SSLOptions +StdEnvVars

</Directory>

SetEnvIf User-Agent ".*MSIE.*"

nokeepalive ssl-unclean-shutdown

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"

</VirtualHost>

5.重启Apache效劳，测试访问。

测试http访问的结果

测试https访问的结果

察看文凭消息和自建crt消息绝对

https访问的终归结果