CentOSÉϴwebЧÀÍÆ÷µÄHTTPSÉèÖü°×¢ÖØÊÂÏî
centosÉϴwebЧÀÍÆ÷µÄhttpsÉèÖü°×¢ÖØÊÂÏî
Ëæ×Å»¥ÁªÍøµÄÆÕ¼°ºÍÉú³¤£¬Çå¾²ÐÔ³ÉΪÁËÍøÕ¾ÔËάÖеÄÒ»¸öÖ÷Òª·½Ã档ΪÁ˱£»¤Óû§µÄСÎÒ˽ÈËÐÅÏ¢£¬½ÓÄÉHTTPSÐÒéÀ´¾ÙÐÐÍøÕ¾¼ÓÃÜÒѳÉΪһÖÖÇ÷ÊÆ¡£ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ«ÏÈÈÝÔõÑùÔÚCentOSÉϴwebЧÀÍÆ÷²¢¾ÙÐÐHTTPSÉèÖ㬲¢Ã¶¾ÙһЩÐèҪעÖصÄÊÂÏî¡£
×¼±¸ÊÂÇé
ÔÚ×îÏÈ֮ǰ£¬ÇëÈ·±£ÄãÒѾװÖÃÁËCentOS²Ù×÷ϵͳ£¬²¢ÇҾ߱¸ÁËÒ»¶¨µÄLinuxϵͳÖÎÀíºÍÔËάÂÄÀú¡£±ðµÄ£¬ÄãÐèÒªÒ»¸öÓòÃûºÍSSLÖ¤Ê飬Äã¿ÉÒÔ¹ºÖÃÒ»¸öÉÌÒµSSLÖ¤Êé»òÕßʹÓÃLet’s EncryptµÄÃâ·ÑÖ¤ÊéÀ´¾ÙÐвâÊÔ¡£
×°ÖÃApache
Ê×ÏÈ£¬ÎÒÃÇÐèҪװÖÃApache×÷ΪwebЧÀÍÆ÷¡£Ê¹ÓÃÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº
sudo yum install httpd
µÇ¼ºó¸´ÖÆ
×°ÖÃÍê³Éºó£¬Æô¶¯Apache²¢ÉèÖÿª»ú×ÔÆô£º
sudo systemctl start httpd sudo systemctl enable httpd
µÇ¼ºó¸´ÖÆ
×°ÖÃmod_ssl
mod_sslÊÇApacheµÄÒ»¸öÄ£¿é£¬ÓÃÓÚÖ§³ÖHTTPSÐÒ顣ʹÓÃÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº
sudo yum install mod_ssl
µÇ¼ºó¸´ÖÆ
×°ÖÃÍê³Éºó£¬ÖØÐÂÆô¶¯Apache£º
sudo systemctl restart httpd
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
ÉèÖÃSSLÖ¤Êé
½«ÄãµÄÓòÃûºÍSSLÖ¤ÊéÎļþ°²ÅÅÔÚºÏÊʵÄλÖã¬È»ºó±à¼ApacheµÄÉèÖÃÎļþ£º
sudo vi /etc/httpd/conf.d/ssl.conf
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
ÕÒµ½²¢±à¼ÒÔÏÂÐУ¬½«ÆäÌ滻ΪÄãµÄÖ¤ÊéÎļþ·¾¶ºÍÃÜÔ¿Îļþ·¾¶£º
SSLCertificateFile /path/to/your_certificate_file SSLCertificateKeyFile /path/to/your_private_key_file
µÇ¼ºó¸´ÖÆ
ÉúÑIJ¢Í˳öÎļþ¡£ÖØÐÂÆô¶¯Apache£º
sudo systemctl restart httpd
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
´Ëʱ£¬ÄãµÄÍøÕ¾ÒѾ֧³ÖHTTPSÐÒéÁË¡£
ÉèÖÃSSLÐæźͼÓÃÜËã·¨
ΪÁËÔöÌíÍøÕ¾µÄÇå¾²ÐÔ£¬ÎÒÃÇ»¹¿ÉÒÔ¶ÔSSLÐæźͼÓÃÜËã·¨¾ÙÐе÷½â¡£±à¼ÒÔÏÂÎļþ£º
sudo vi /etc/httpd/conf.d/ssl.conf
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
ÕÒµ½²¢±à¼ÒÔÏÂÐУ¬½«ÆäÌ滻Ϊ¸üÇå¾²µÄÉèÖãº
SSLProtocol TLSv1.2 SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
µÇ¼ºó¸´ÖÆ
ÉúÑIJ¢Í˳öÎļþ¡£ÖØÐÂÆô¶¯Apache£º
sudo systemctl restart httpd
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
×¢ÖØÊÂÏî
ÔÚÉèÖÃHTTPSʱ£¬ÓÐһЩÐèҪעÖصÄÊÂÏ
°´ÆÚ¸üÐÂSSLÖ¤Ê飬ÒÔ°ü¹ÜÍøÕ¾µÄÇå¾²ÐÔ¡£ÉÌÒµSSLÖ¤Êéͨ³£ÓÐÒ»¸öÓÐÓÃÆÚ£¬¼ÇµÃÔÚÖ¤ÊéÓâÆÚ֮ǰ¾ÙÐиüС£
ÉèÖÃSSLÐæźͼÓÃÜË㷨ʱ£¬ÒªÑ¡Ôñ¸üÇå¾²µÄÉèÖ᣽ûÓýϾɵÄSSLÐæźÍÈõÃÜÂëËã·¨£¬Ìá¸ßÍøÕ¾µÄ·À»¤ÄÜÁ¦¡£
°´ÆÚ¼à¿ØÈÕÖ¾£¬ÒÔ±ãʵʱ·¢Ã÷ºÍ´¦ÀíDZÔÚµÄÇå¾²ÎÊÌâ¡£
ÔÚÉú²úÇéÐÎÖÐÏÞÖƶÔwebЧÀÍÆ÷µÄ»á¼û£¬²¢Ê¹ÓÃÇå¾²µÄÓû§ÃûºÍÃÜÂë¾ÙÐÐÈÏÖ¤¡£
×ܽá
±¾ÎÄÏÈÈÝÁËÔÚCentOSÉϴwebЧÀÍÆ÷²¢¾ÙÐÐHTTPSÉèÖõİ취ºÍ×¢ÖØÊÂÏî¡£ÔÚÉèÖÃHTTPSʱ£¬ÎÒÃÇÐèҪװÖÃApache¡¢mod_sslÄ£¿é£¬ÉèÖÃSSLÖ¤Ê飬²¢µ÷½âSSLÐæźͼÓÃÜËã·¨¡£ÎÒÃÇ»¹ÌáÐÑÁËһЩÐèҪעÖصÄÊÂÏÒÔÔöÌíÍøÕ¾µÄÇå¾²ÐÔ¡£Ï£Íû±¾ÎÄÄܶÔÄãÓÐËù×ÊÖú£¬×£Äã˳Ëì´î½¨Ò»¸öÇå¾²µÄwebЧÀÍÆ÷£¡
ÒÔÉϾÍÊÇCentOSÉϴwebЧÀÍÆ÷µÄHTTPSÉèÖü°×¢ÖØÊÂÏîµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡