VPS & Máy chủ chuyên dụng (Trung tâm kiểm soát dịch vụ lưu trữ) Trợ giúp

How to install OpenSSL on CentOS using a self-signed certificate

Since visitors and search engines put increased trust into sites that are secured with SSL, certificate usage is on the rise. While you would often use a trusted certificate from a well-known CA, sometimes it makes sense to use a self-signed cert. This is especially true when setting up a test or development environment. It takes a few minutes, but it's pretty straightforward and gives you the nice little lock in the browser bar when it's working. I set mine up on my VPS and it worked without issue.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 30 min
RELATED PRODUCTS CentOS-based VPS or dedicated servers

Recipe

Install the necessary libraries

yum install mod_ssl

Create a directory to store the keys

mkdir /etc/httpd/pki

Create a self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/pki/apache.key -out /etc/httpd/pki/apache.crt

You'll be asked to fill out a few fields. The most important line is "Common Name." Enter your official domain name here or, if you don't have one yet, enter your site's IP address.

Edit the config file

vi /etc/httpd/conf.d/ssl.conf

Scroll down until you find the VirtualHost _default_:443 section.

Uncomment the DocumentRoot and ServerName lines.

Change example.com in the ServerName line to either your domain name or server's IP address. Important: This needs to match the common name on the certificate.

ServerName example.com:443

Scroll down and ensure that SSL is configured with the following lines.

SSLEngine on
SSLCertificateFile /etc/httpd/pki/apache.crt
SSLCertificateKeyFile /etc/httpd/pki/apache.key

Save and exit.

Restart Apache

/etc/init.d/httpd restart

That's it!

Test the configuration

Browse to https://your domain name

You should see your site over an SSL connection.

Note: Your browser will likely ask you to trust the self-signed certificate before allowing access to the site. This is an artifact of using a self-signed certificate. For using a certificate that is globally-trusted, here is a link on how to get a trusted SSL certificate.

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.


Bài này có hữu ích không?
Cảm ơn về phản hồi của bạn. Để nói chuyện với một đại diện của dịch vụ khách hàng, vui lòng sử dụng số điện thoại hỗ trợ hoặc tùy chọn trò chuyện ở trên.
Rất vui vì chúng tôi đã giúp được bạn! Chúng tôi có thể làm gì thêm cho bạn?
Rất tiếc về điều đó. Vui lòng cho chúng tôi biết điều gì làm cho bạn bối rối và vì sao giải pháp không khắc phục được vấn đề này.