{"id":1336,"date":"2025-03-14T17:20:24","date_gmt":"2025-03-14T09:20:24","guid":{"rendered":"http:\/\/113.45.254.23\/?p=1336"},"modified":"2025-03-14T17:30:34","modified_gmt":"2025-03-14T09:30:34","slug":"%e5%88%9b%e5%bb%bassl%e7%9a%84%e9%98%bf%e5%b8%95%e5%a5%87%e7%bd%91%e7%ab%99","status":"publish","type":"post","link":"http:\/\/113.45.254.23\/?p=1336","title":{"rendered":"\u521b\u5efaSSL\u7684\u963f\u5e15\u5947\u7f51\u7ad9"},"content":{"rendered":"\n

\u4e00\u3001\u5b89\u88c5\u963f\u5e15\u5947<\/h2>\n\n\n\n
[root@server10 ~]# dnf -y install httpd\t\t\t\u5b89\u88c5\u963f\u5e15\u5947[root@server10 ~]# systemctl enable httpd\t\t\u8bbe\u7f6e\u963f\u5e15\u5947\u5f00\u673a\u542f\u52a8\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/httpd.service \u2192 \/usr\/lib\/systemd\/system\/httpd.service.<\/code><\/pre>\n\n\n\n
\u4e8c\u3001\u5b89\u88c5\u5b89\u5168\u5957\u9636\u5c42\u534f\u8bae<\/h2>\n\n\n\n
[root@server10 ~]# dnf -y install mod_ssl\t\t\u5b89\u88c5\u5b89\u5168\u5957\u9636\u5c42\u534f\u8bae<\/code><\/pre>\n\n\n\n
\u4e09\u3001\u521b\u5efa\u79c1\u6709\u76ee\u5f55\u53ca\u6dfb\u52a0\u76ee\u5f55\u6743\u9650<\/h2>\n\n\n\n
[root@server10 ~]# mkdir \/etc\/ssl\/private\t\t\u521b\u5efa\u79c1\u6709\u76ee\u5f55\n[root@server10 ~]# \n[root@server10 ~]# chmod 700 \/etc\/ssl\/private\t\u5c06\u79c1\u6709\u76ee\u5f55\u6dfb\u52a0700\u6743\u9650\n\u81ea\u5efa\u8bc1\u4e66\u548c\u5bc6\u94a5\uff08\u8fd9\u91cc\u662f\u79c1\u6709\u4e91\uff0c\u6a21\u62df\u516c\u6709\u4e91\u5bc6\u94a5\u3002\u5b9e\u9645\u5de5\u4f5c\u4e2d\u8d2d\u4e70\u516c\u6709\u4e91\u6574\u6570\u540e\u4f1a\u53d1\u5bc6\u94a5\u5230\u90ae\u7bb1\u4e2d\uff0c\u7528\u516c\u6709\u4e91\u8bc1\u4e66\u5bc6\u94a5\u5373\u53ef\uff09<\/code><\/pre>\n\n\n\n
\u56db\u3001openssl\u547d\u4ee4\u751f\u6210\u5bc6\u94a5\u548c\u8bc1\u4e66<\/h2>\n\n\n\n
[root@server10 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/apache-selfsigned.key -out \/etc\/ssl\/certs\/apache-selfsigned.crt\t\t\nopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \u7528openssl\u547d\u4ee4\u751f\u6210\u5bc6\u94a5\u548c\u8bc1\u4e66\uff0c-x509\u8bc1\u4e66\u7684\u683c\u5f0f\uff0c-days 365\u6709\u6548\u671f1\u5e74\uff0crsa:2048\u5bc6\u94a5\u7684\u52a0\u5bc6\u7b97\u6cd5\uff0c\u957f\u5ea62048\t\/etc\/ssl\/private\/apache-selfsigned.key -out \/etc\/ssl\/certs\/apache-selfsigned.crt\tapache-selfsigned.key\u751f\u6210\u7684\u5bc6\u94a5\u6587\u4ef6\uff0capache-selfsigned.crt\u751f\u6210\u7684\u8bc1\u4e66\u6587\u4ef6\n\n\n..+.........+..........+...+...+...........+++++++++++++++++++++++++++++++++++++++*.........+....+.................+.......+......+..+...+....+..+++++++++++++++++++++++++++++++++++++++*...............+....+.....+.............+.........+.....+......+.........+.+...+..+.........+...+.+.........+........+..........+..+.+..............+......+......\n\n-----\nCountry Name (2 letter code) [XX]:CN\t\t\u56fd\u5bb6\u4ee3\u53f7\nState or Province Name (full name) []:BJ\t\t\u7701\nLocality Name (eg, city) [Default City]:BJ\t\t\u5e02\nOrganization Name (eg, company) [Default Company Ltd]:HUAWEI\t\u516c\u53f8\u540d\u79f0\nOrganiza\u8c03\u7528openssl\u5de5\u5177\u751f\u6210dh\u53c2\u6570\uff0c\u7136\u540e\u6307\u5b9a\u751f\u6210dh\u53c2\u6570\u7684\u6587\u4ef6\u8def\u5f84tional Unit Name (eg, section) []:IT\t\u90e8\u95e8\nCommon Name (eg, your name or your server's hostname) []:lee\t\t\u540d\nEmail Address []:2823629811@qq.com\t\t\u90ae\u7bb1<\/code><\/pre>\n\n\n\n
\u4e94\u3001\u8c03\u7528openssl\u5de5\u5177\u751f\u6210dh\u53c2\u6570\uff0c\u7136\u540e\u6307\u5b9a\u751f\u6210dh\u53c2\u6570\u7684\u6587\u4ef6\u8def\u5f84<\/h2>\n\n\n\n
[root@server10 ~]# openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 2048\u8c03\u7528openssl\u5de5\u5177\u751f\u6210dh\u53c2\u6570\uff0c\u7136\u540e\u6307\u5b9a\u751f\u6210dh\u53c2\u6570\u7684\u6587\u4ef6\u8def\u5f84<\/code><\/pre>\n\n\n\n
\u516d\u3001\u67e5\u770b\u53ca\u7f16\u8f91ssl\u7684\u914d\u7f6e\u6587\u4ef6<\/h2>\n\n\n\n
[root@server10 ~]# cat \/etc\/ssl\/certs\/dhparam.pem | tee -a \/etc\/ssl\/certs\/apache-selfsigned.crt \u67e5\u770b\u5bc6\u94a5\u4ea4\u6362\u534f\u8bae\u4e0b\u7684\u8bc1\u4e66\u6587\u4ef6\n-----BEGIN DH PARAMETERS----- \t\t\u4fe1\u606f\u90fd\u662f\u52a0\u5bc6\u7684\nMIIBDAKCAQEAwHFXrr5TytH6pq7u0vfMWgh8MEfRF\/dPp3D77vK1I3Ki0XxWAZ0s\nbD16h1bKm+q8qaGc+bR5Td0bzxPtX4tAWv7VuY0oJTiuLXi676WBUafr2d285Alg\nhg051q9059AJ2X1pt5ynHDe20nXXIb0ytjJ9LHpknIaElwet8pTZjx9O5GH9LdKl\nglQIFwkbrs5IeLdwtSmOcKnrCTEKhUIP8jLjcAaAFM7D+VsKmZCXFd\/tJdWQRXeA\npw6vs3jBI+n0hKNv5cbyyPsT5DaK7wAf4cBnS+D16IFYNSwlPDQ96jX6vpL5pey4\nzplNOtnoZa6kj7U4ywO\/Cr2qfhLafJFVTwIBAgICAOE=\n-----END DH PARAMETERS-----<\/code><\/pre>\n\n\n\n
[root@server10 ~]# vim \/etc\/httpd\/conf.d\/ssl.conf\t\t#\u7f16\u8f91ssl\u7684\u914d\u7f6e\u6587\u4ef6<\/code><\/pre>\n\n\n\n
41 DocumentRoot “\/www\/itcloud.com”     #\u6307\u5b9a\u7f51\u7ad9\u7684\u76ee\u5f55<\/p>\n\n\n\n
42 ServerName www.itcloud.com:443     #\u5b9a\u4e49\u670d\u52a1\u5668\u7684\u540d\u79f0\uff0c\u5fc5\u987b\u52a0\u7aef\u53e3\u53f7443\uff0c443\u662fhttps<\/p>\n\n\n\n
86 SSLCertificateFile \/etc\/ssl\/certs\/apache-selfsigned.crt       #\u6307\u5b9a\u8bc1\u4e66\u6587\u4ef6\u7684\u4f4d\u7f6e<\/p>\n\n\n\n
94 SSLCertificateKeyFile \/etc\/ssl\/private\/apache-selfsigned.key           #\u6307\u5b9a\u5bc6\u94a5\u6587\u4ef6\u7684\u4f4d\u7f6e<\/p>\n\n\n\n
\u4e03\u3001\u521b\u5efa\u7f51\u7ad9\u7684\u76ee\u5f55\u53ca\u6d4b\u8bd5\u9875\u9762<\/h2>\n\n\n\n
[root@server10 ~]# mkdir -pv \/www\/itcloud.com\t\t\t\u521b\u5efa\u7f51\u7ad9\u7684\u76ee\u5f55\nmkdir: created directory '\/www'\nmkdir: created directory '\/www\/itcloud.com'\n[root@server10 ~]# \n[root@server10 ~]# cd \/www\/itcloud.com\/\t\t\t\t\u8fdb\u5165\u7f51\u7ad9\u76ee\u5f55\u4e0b\n[root@server10 itcloud.com]# \n[root@server10 itcloud.com]# echo \"<h1>www.itcloud.com<\/h1>\" > index.html\t\t\u521b\u5efa\u6d4b\u8bd5\u9875\u9762<\/code><\/pre>\n\n\n\n
[root@server10 ~]# vim \/etc\/httpd\/conf.d\/non-ssl.conf\t\u521b\u5efa\u65e0ssl\u865a\u62df\u4e3b\u673a\u7684\u914d\u7f6e\u6587\u4ef6\t\t\uff08\u76ee\u7684\uff1a\u91cd\u5b9a\u5411 \u4e0d\u8f93https\uff0c\u53ea\u8f93ip\u4f1a\u81ea\u52a8\u8df3\u8f6c\uff09<\/code><\/pre>\n\n\n\n
<VirtualHost *:80>\t\t\t\t\t\t\t\t\t#\u5b9a\u4e49\u865a\u62df\u4e3b\u673a\uff0c\u7aef\u53e3\u53f7\u662f80\n ServerName www.itcloud.com\t\t\t\t\t\t\t#\u670d\u52a1\u5668\u7684\u540d\u79f0\uff1awww.itcloud.com\n Redirect \"\/\" \"https:\/\/www.itcloud.com\/\"\t\t\t\t\t#\u7531http:\/\/www.itcloud.com\/ (80)\u91cd\u5b9a\u5411\u5230https:\/\/www.itcloud.com\/  (443)\n<\/VirtualHost><\/code><\/pre>\n\n\n\n
\u516b\u3001\u7f16\u8f91\u963f\u5e15\u5947\u7684\u914d\u7f6e\u6587\u4ef6<\/h2>\n\n\n\n
[root@server10 ~]# vim \/etc\/httpd\/conf\/httpd.conf \t\t\u7f16\u8f91\u963f\u5e15\u5947\u7684\u914d\u7f6e\u6587\u4ef6<\/code><\/pre>\n\n\n\n
100 ServerName www.itcloud.com:443\t\t#\u5b9a\u4e49\u670d\u52a1\u5668\u540d\u79f0\uff08\u628a80\u6539\u6210443\uff09\n\n124 #DocumentRoot \"\/var\/www\/html\"\t\t#\u6ce8\u91ca\u6389\u963f\u5e15\u5947\u9ed8\u8ba4\u7f51\u7ad9\u7684\u76ee\u5f55\n\n129 <Directory \"\/www\">\t\t\t\t\t#\u81ea\u5b9a\u4e49\u7f51\u7ad9\u7684\u76ee\u5f55<\/code><\/pre>\n\n\n\n
\u4e5d\u3001\u68c0\u67e5\u963f\u5e15\u5947\u914d\u7f6e\u6587\u4ef6\u7684\u8bed\u6cd5\u53ca\u91cd\u542f\u963f\u5e15\u5947<\/h2>\n\n\n\n
[root@server10 ~]# apachectl configtest\t\t\u68c0\u67e5\u963f\u5e15\u5947\u914d\u7f6e\u6587\u4ef6\u7684\u8bed\u6cd5\nSyntax OK\n[root@server10 ~]# systemctl restart httpd\t\u91cd\u542f\u963f\u5e15\u5947<\/code><\/pre>\n\n\n\n
\u5341\u3001\u6d4b\u8bd5SSL\u7684\u963f\u5e15\u5947\u7f51\u7ad9<\/h2>\n\n\n\n
\u5728win11\u865a\u62df\u673a\u4e0a\uff0c\u8f93\u5165\u7f51\u5740\u57df\u540d\uff1awww.itcloud.com<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
init 0<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u5b89\u88c5\u963f\u5e15\u5947 \u4e8c\u3001\u5b89\u88c5\u5b89\u5168\u5957\u9636\u5c42\u534f\u8bae \u4e09\u3001\u521b\u5efa\u79c1\u6709\u76ee\u5f55\u53ca\u6dfb\u52a0\u76ee\u5f55\u6743\u9650 \u56db\u3001openssl\u547d\u4ee4\u751f\u6210\u5bc6\u94a5\u548c\u8bc1\u4e66  […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[69,67,68],"class_list":["post-1336","post","type-post","status-publish","format-standard","hentry","category-linux","tag-httpd","tag-ssl","tag-68"],"_links":{"self":[{"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/posts\/1336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/113.45.254.23\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1336"}],"version-history":[{"count":3,"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/posts\/1336\/revisions"}],"predecessor-version":[{"id":1348,"href":"http:\/\/113.45.254.23\/index.php?rest_route=\/wp\/v2\/posts\/1336\/revisions\/1348"}],"wp:attachment":[{"href":"http:\/\/113.45.254.23\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/113.45.254.23\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1336"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/113.45.254.23\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}