Apache under CentOS 6.3 configures HTTPS encryption certificate access based on encryption authentication

Time:2021-9-15

Here is a brief demonstration of the encryption based authentication access under Apache – HTTPS encryption access.

1. DNS resolution:

[[email protected] html]# nslookup www.downcc.com

Server:         192.168.2.115

Address:        192.168.2.115#53

Name:   www.downcc.com

Address: 192.168.2.115

2. Install Apache SSL support module: # Yum install – y Mod_ SSL (the module is not installed by default. After installation, the / etc / httpd / conf.d/ssl.conf file is automatically produced) and a certificate is generated.

[[email protected] certs]# pwd

/etc/pki/tls/certs

[[email protected] certs]# ls

ca-bundle.crt        index.html      localhost.crt    Makefile

ca-bundle.trust.crt  localhost1.crt  make-dummy-cert

[[email protected] certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:510510

Locality Name (eg, city) [Default City]:GZ

Organization Name (eg, company) [Default Company Ltd]:ABC.COM

Organizational Unit Name (eg, section) []:Mr.Zhang

Common Name (eg, your name or your server’s hostname) []:www.downcc.com

Email Address []:[email protected]

[[email protected] certs]#

3. Configure Apache. The basic configuration is not discussed here. The following is the configuration of HTTP access to the www.downcc.com site.

[[email protected] html]# tail -n 8 /etc/httpd/conf/httpd.conf

NameVirtualhost 192.168.2.115:80

<VirtualHost www.downcc.com:80>

    ServerAdmin [email protected]

    DocumentRoot /var/www/html

    ServerName www.downcc.com

    ErrorLog logs/dummy-host.example.com-error_log

    CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

[[email protected] html]# tail /var/www/html/index.html                      

www.downcc.com

[[email protected] html]#

4. Configure Apache to support HTTPS, visit www.downcc.com, and edit   vim /etc/httpd/conf.d/ssl.conf   File, and formulate relevant information for HTTPS access of www.downcc.com site. Add the following configuration.

<VirtualHost www.downcc.com:443>

DocumentRoot “/var/www/html/www.kuteatest.net”    #// In order to show the effect, the site directory here is different. Generally, a domain name should point to the same directory.

ServerName www.downcc.com:443

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/abc_com.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<Files ~ “\.(cgi|shtml|phtml|php3?)$”>

    SSLOptions +StdEnvVars

</Files>

<Directory “/var/www/cgi-bin”>

    SSLOptions +StdEnvVars

</Directory>

SetEnvIf User-Agent “.*MSIE.*” \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

          “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

</VirtualHost>

5. Restart Apache service and test access.

Apache配置基于加密的认证https加密证书访问

Results of testing HTTP access

Results of testing HTTPS access

Check that the certificate information is consistent with the self built CRT information

End result of HTTPS access