Introduction to Apache deployment of https in cryptography

Purpose

Master the Apache deployment of custom certificates for https servers

Experimental environment

A Centos 7.2 with openssl components and apache httpd installed for building an https server

A Windows 10 client with Chrome browser installed

Experimental Principle

OpenSSL is an open source tool built into Linux that implements common cryptographic algorithms and applications. Through openssl operations, various cryptographic algorithms can be applied.

Experimental procedures

1. Generate an independent CA

1. Generate ca key

openssl genrsa -des3 -out ca.key 4096 

2. Generate CA certificate

 openssl req -new -x509 -days 365 -key ca.key -out ca.crt 

2. Generate the server's private key and signature request file csr

1. Generate https server private key

openssl genrsa -des3 -out myserver.key 4096 

2. Generate https server certificate request file

openssl req -new -key myserver.key -out myserver.csr 

Use the CA's certificate and key to generate our certificate

openssl x509 -req -days 365 -in myserver.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out myserver.crt

The certificate number set by set_serial

3. Install Apache's SSL module

1. Apache has been installed on the server. To implement Apache's https function, you need to install the SSL module.

yum install -y mod_ssl

If an error occurs during the installation, use ps -ef | grep yum to check the process, use kill -9 + process number to force the process to end, and then reinstall.

4. Copy the certificate to the corresponding path

cp myserver.crt /etc/pki/tls/certs/

cp myserver.key /etc/pki/tls/private/ 

5. Modify the Apache configuration file to make the certificate effective

 vim /etc/httpd/conf.d/ssl.conf 

Specify the certificate and private key paths as shown in the figure

Save and exit the file

6. Restart Apache service

systemctl restart httpd

Note the encrypted password for myserver.key

7. Test website certificate

Use the client Chrome browser to access the server https page. My server IP is 192.168.11.134

https://192.168.11.134

upscale

Continue to

Check the server certificate and click "Not secure"

Experimental Summary

CA – Server Certificate – Use CA to sign server certificate – Deploy certificate – View certificate

This is the end of this article about cryptography and apache deployment of https. For more relevant content about apache deployment of https, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!