局域网web站点https配置

  • PHP二次开发
  • 2017-11-29 09:22
  • PHP二次开发
  • 阅读(118)
  • 评论(0)
  • 摘要: 本地生成证书1.安装mod_ssl和opensslyum -y install mod_ssl openssl2.建立服务器密钥mkdir /etc/httpd/conf.d/ssl.key/cd /etc/httpd/conf.d/ssl.key/openssl genrsa -out server.key 1024 3.建立服务器公钥openssl ...
    本地生成证书
    1.安装mod_ssl和openssl  
    yum -y install mod_ssl openssl  
    2.建立服务器密钥  
    mkdir /etc/httpd/conf.d/ssl.key/  
    cd /etc/httpd/conf.d/ssl.key/  
    openssl genrsa -out server.key 1024   
    3.建立服务器公钥  
    openssl req -new -key server.key -out server.csr  
    4.建立服务器证书   
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  
    5.最后对/etc/httpd/conf.d/ssl.conf 进行修改:将SSLCertificateFile和SSLCertificateKeyFile改成如下  
    SSLCertificateFile /etc/httpd/conf.d/ssl.key/server.cert  
    SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/server.key  
    6.重启apache  
    7.高级-》继续访问  

    生成服务器私钥(详细说明):

    #openssl genrsa -des3 -out server.key 1024

    Generating RSA private key, 1024 bit long modulus
    .......................++++++
    .................................................++++++
    e is 65537 (0x10001)
    Enter pass phrase for server.key:
    Verifying - Enter pass phrase for server.key:

    生成服务器证书请求,并按要求填些相关证书信息:

    #openssl req -new -key server.key -out server.csr

    如果要生成中文证书用

    #openssl req -utf8 -new -key server.key -out server.csr

    Enter pass phrase for server.key:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:tyl
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
    Organizational Unit Name (eg, section) []:tz
    Common Name (eg, YOUR name) []:tyl(这个名字要和域名一样)
    Email Address []:admin@php2.cc
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    Apache虚拟机配置:
    SSLEngine on
    SSLCertificateFile conf/cert/www.php2.cc.crt
    SSLCertificateKeyFile conf/cert/www.php2.cc.key
    SSLCertificateChainFile conf/cert/bundle_www.php2.cc.crt
    SSLProtocol TLSv1 TLSv1.1 TLSv1.2
    SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
    DocumentRoot /www/web/test/public_html
    ServerName www.php2.cc
    ErrorDocument 400 /errpage/400.html
    ErrorDocument 403 /errpage/403.html
    ErrorDocument 404 /errpage/404.html
    ErrorDocument 503 /errpage/503.html
        Options FollowSymLinks
        AllowOverride All
        Require all granted


    Nginx虚拟机配置:
    server {
            listen       443;
            root "/phpstudy/www/website";
            ssl                  on;
            ssl_certificate      ssl.key/server.crt;
            ssl_certificate_key  ssl.key/server.key;
            ssl_prefer_server_ciphers on;
            ssl_session_timeout 10m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
            server_name 192.168.0.29;
            index  index.html index.php index.htm;
            location ~ \.php(.*)$ {
                    fastcgi_pass  127.0.0.1:9000;
                    fastcgi_index  index.php;
                    fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
                    fastcgi_param  SCRIPT_FILENAME  $DOCUMENT_ROOT$fastcgi_script_name;
                    fastcgi_param  PATH_INFO  $fastcgi_path_info;
                    fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
                    include        fastcgi_params;
            }
            location ~ /\.ht {
                    deny  all;
            }
            location / {
                     try_files $uri $uri/ /?$args;
            }
    }


    PHP技术交流QQ群:422137578

    除非注明,文章均为 PHP二次开发 原创,转载请注明本文地址:http://www.php2.cc/article-2671-1.html

    相关阅读

    最新评论

    用户名:  *

    邮 箱:  *

    网 址: 注意加上“http://”哦!