为站点 http://system1.group8.example.com 配置TLS加密:
1、一个已签名证书从 http://server.group8.example.com/pub/tls/certs/system1.crt 获取
2、此证书的密钥从 http://server.group8.example.com/pub/tls/private/system1.key 获取
3、此证书的签名授权信息从 http://server.group8.example.com/pub/tls/certs/ssl-ca.crt 获取
答:
再system1上执行:
1、安装 ssl 模块
yum install mod_ssl -y
2、修改配置文件
vim /etc/httpd/conf.d/httd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName system1.group8.example.com
<Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host .my133t.org
</RequireAll>
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateKeyFile /etc/pki/tls/certs/system1.crt
SSLCertificateKeyFile /etc/pki/tls/private/system1.key
SSLCACertificateFile /etc/pki/tls/certs/ssl-ca.crt
</VirtualHost>
3、下载证书
# 下载证书到指定目录内 wget -O /etc/pki/tls/certs/system1.crt http://server.group8.example.com/pub/tls/certs/system1.crt wget -O /etc/pki/tls/private/system1.key http://server.group8.example.com/pub/tls/private/system1.key wget -O /etc/pki/tls/certs/ssl-ca.crt http://server.group8.example.com/pub/tls/certs/ssl-ca.crt
4、添加防火墙
firewall-cmd --permanent --add-service=https firewall-cmd --reload
5、重启web服务
systemctl restart httpd
验证:再system2上验证
curl -k https://system1.group8.example.com
更多详情:https://www.cnblogs.com/xiangsikai/p/9810290.html
来源:https://www.cnblogs.com/xiangsikai/p/10880426.html