在Apache HTTP服务器上配置 TLS加密

1. 安装mod_ssl软件包

[root@localhost conf.d]# dnf install mod_ssl -y

此时查看监听端口多了一个443端口

2. 自己构造证书

[root@localhost conf.d]# cd /etc/pki/tls/certs/
[root@localhost certs]# openssl genrsa > jiami.key
[root@localhost certs]# openssl req -utf8 -new -key jiami.key -x509 -days 100 -out jiami.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shaaxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:rhce
Organizational Unit Name (eg, section) []:peihua
Common Name (eg, your name or your server's hostname) []:www.hehe.com
Email Address []:admin@hehe.com
[root@localhost certs]# mv jiami.key ../private/
[root@localhost certs]# cd -
/etc/httpd/conf.d
[root@localhost conf.d]# ll
total 32
-rw-r--r--. 1 root root 2916 Jul 20  2023 autoindex.conf
-rw-r--r--. 1 root root  400 Jul 20  2023 README
-rw-r--r--. 1 root root 8720 Jul 20  2023 ssl.conf
-rw-r--r--. 1 root root 1252 Jul 20  2023 userdir.conf
-rw-r--r--. 1 root root 1171 Jul  5 15:41 vhost.conf
-rw-r--r--. 1 root root  653 Jul 20  2023 welcome.conf

修改配置文件

[root@localhost conf.d]# vim ssl.conf 

重启服务

[root@localhost conf.d]# systemctl restart httpd

测试

3. 在vhost.conf配置文件中添加信息

4. 测试
   之前在/www/hehe/index.html里写的东西现在还都能访问，证书也构造成功。
   

在本地访问需要在本地解析文件中添加www.hehe.com主机名

[root@localhost conf.d]# vim /etc/hosts

[root@localhost conf.d]# curl -k https://www.hehe.com
welcome to hehe