http protocol:
The application layer protocol using port 80 by default uses the TCP protocol for transmission. The http protocol is mainly used to access resources on the World Wide Web.
ssl (Secure Sockets Layer) protocol:
The full name is Secure Sockets Layer. Between the work and transport layers, network connections for application layer protocols are encrypted and protected.
https protocol:
http protocol ssl protocol. By default, TCP port 443 is used.
Working process of https protocol:
Client initiates HTTPS request
The user enters an https URL in the browser, and then connects to the 443 port of the serverConfiguration of the server
A server that uses the HTTPS protocol must There is a set of digital certificates that you can make yourself or apply to an organization. The difference is that the certificate issued by yourself needs to be verified by the client before you can continue to access it, while if you use a certificate applied by a trusted company, the prompt page will not pop up. This set of certificates is actually a pair of public and private keys.Transfers the server’s certificate to the client
The certificate is actually the public key, and it also contains many Information, such as the issuing authority of the certificate, expiration time, etc.Client parses and verifies the server certificate
This part of the work is completed by the client's TLS. First It will verify whether the public key is valid, such as the issuing authority, expiration time, etc. If an abnormality is found, a warning box will pop up, indicating that there is a problem with the certificate. If there is no problem with the certificate, then a random value is generated. Then use the public key in the certificate to asymmetrically encrypt the random valueThe client transmits the encrypted information to the server
This part of the transmission is encrypted with the certificate The purpose of the random value is to let the server get this random value. In the future, the communication between the client and the server can be encrypted and decrypted through this random value.Server-side decryption information
After the server decrypts the encrypted information sent by the client with the server's private key, it obtains the random value passed by the clientThe server encrypts the information and sends the information
The server symmetrically encrypts the data using random values, and then sends it to the clientThe client receives and decrypts the information
The client uses the previously generated The random value decrypts the data passed by the service segment, and then obtains the decrypted content
The process of apache implementing https:
Apache is a modularized Feature software, many functions rely on different modules to provide. Loading the corresponding module can realize the corresponding function.
Process:
1. Apply for a certificate for the apache server
2. Configure the https function of apache
3. Verify https
How apache applies for a certificate
1. Build a private CA to issue certificates
2. Use CentOS7 to quickly generate a self-signed certificate
[root@ansible certs]# pwd
/etc/pki/tls/certs
[root@ansible certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
#取消makefile文件中对私钥文件的加密
[root@ansible certs]# vim Makefile
%.key:
umask 77 ; \
#/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
/usr/bin/openssl genrsa $(KEYLEN) > $@
#生成证书
[root@ansible certs]# make Makefile httpds.crt3. Through websites such as Alibaba Cloud Download the free certificate (requires a domain name)
Configure the https function of apache
Install the mod_ssl software package. After installing the mod_ssl software package, the ssl configuration file and module of apache will be automatically generated.
[root@CentOS8 ~]# rpm -ql mod_ssl /etc/httpd/conf.d/ssl.conf #ssl模块的配置文件 /etc/httpd/conf.modules.d/00-ssl.conf #加载ssl模块 /usr/lib/.build-id /usr/lib/.build-id/e6/046e586d8d19fb92e3f8484a62203e841c3e2a /usr/lib/systemd/system/httpd-init.service /usr/lib/systemd/system/httpd.socket.d/10-listen443.conf /usr/lib64/httpd/modules/mod_ssl.so #模块文件 /usr/libexec/httpd-ssl-gencerts /usr/libexec/httpd-ssl-pass-dialog /usr/share/man/man8/httpd-init.service.8.gz /var/cache/httpd/ssl
Modify the configuration file:
[root@CentOS8 ~]# vim /etc/httpd/conf.d/ssl.conf SSLCertificateFile /data/apache/apache1.crt #apache的证书文件 SSLCertificateKeyFile /data/apache/apache1.key #apache的私钥文件 SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #apache的证书链文件 证书链文件:不指定证书链文件,它就不知道这个证书是谁颁发的。证书链就是上级CA的证书
Verification:
Set the windows hosts file for verification
windows的hosts文件位置:C:\Windows\System32\drivers\etc 格式:ip地址 名字
The above is the detailed content of How to configure https in Linux apache. For more information, please follow other related articles on the PHP Chinese website!
什么是linux设备节点Apr 18, 2022 pm 08:10 PMlinux设备节点是应用程序和设备驱动程序沟通的一个桥梁;设备节点被创建在“/dev”,是连接内核与用户层的枢纽,相当于硬盘的inode一样的东西,记录了硬件设备的位置和信息。设备节点使用户可以与内核进行硬件的沟通,读写设备以及其他的操作。
Linux中open和fopen的区别有哪些Apr 29, 2022 pm 06:57 PM区别:1、open是UNIX系统调用函数,而fopen是ANSIC标准中的C语言库函数;2、open的移植性没fopen好;3、fopen只能操纵普通正规文件,而open可以操作普通文件、网络套接字等;4、open无缓冲,fopen有缓冲。
linux中什么叫端口映射May 09, 2022 pm 01:49 PM端口映射又称端口转发,是指将外部主机的IP地址的端口映射到Intranet中的一台计算机,当用户访问外网IP的这个端口时,服务器自动将请求映射到对应局域网内部的机器上;可以通过使用动态或固定的公共网络IP路由ADSL宽带路由器来实现。
linux中eof是什么May 07, 2022 pm 04:26 PM在linux中,eof是自定义终止符,是“END Of File”的缩写;因为是自定义的终止符,所以eof就不是固定的,可以随意的设置别名,linux中按“ctrl+d”就代表eof,eof一般会配合cat命令用于多行文本输出,指文件末尾。
什么是linux交叉编译Apr 29, 2022 pm 06:47 PM在linux中,交叉编译是指在一个平台上生成另一个平台上的可执行代码,即编译源代码的平台和执行源代码编译后程序的平台是两个不同的平台。使用交叉编译的原因:1、目标系统没有能力在其上进行本地编译;2、有能力进行源代码编译的平台与目标平台不同。
linux怎么判断pcre是否安装May 09, 2022 pm 04:14 PM在linux中,可以利用“rpm -qa pcre”命令判断pcre是否安装;rpm命令专门用于管理各项套件,使用该命令后,若结果中出现pcre的版本信息,则表示pcre已经安装,若没有出现版本信息,则表示没有安装pcre。
linux中rpc是什么意思May 07, 2022 pm 04:48 PM在linux中,rpc是远程过程调用的意思,是Reomote Procedure Call的缩写,特指一种隐藏了过程调用时实际通信细节的IPC方法;linux中通过RPC可以充分利用非共享内存的多处理器环境,提高系统资源的利用率。
linux怎么查询mac地址Apr 24, 2022 pm 08:01 PMlinux查询mac地址的方法:1、打开系统,在桌面中点击鼠标右键,选择“打开终端”;2、在终端中,执行“ifconfig”命令,查看输出结果,在输出信息第四行中紧跟“ether”单词后的字符串就是mac地址。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Zend Studio 13.0.1
Powerful PHP integrated development environment
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
