修改证书口令失败加密模块不存在(修改证书口令失败加密模块不存在 0x22)

下面简单演示一下Apache - https加密访问下基于加密的认证访问。

1.DNS解析：

[root@localhost html]# nslookup www.downcc.com

Server: 192.168.2.115

Address: 192.168.2.115#53

Name: www.downcc.com

Address: 192.168.2.115

2.安装Apache SSL支持模块:# yum install -y mod_ssl(默认情况下，yum安装httpd时不安装该模块。

安装后自动生成/etc/httpd/conf.d/ssl.conf文件)并生成证书。

[root@localhost certs]# pwd

/etc/pki/tls/certs

[root@localhost certs]# ls

ca-bundle.crt index.html localhost.crt Makefile

ca-bundle.trust.crt localhost1.crt make-dummy-cert

[root@localhost certs]# openssl req -utf8 -new -key ./private/localhost.key -x509 -days 3650 -outabc_com.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:510510

Locality Name (eg, city) [Default City]:GZ

Organization Name (eg, company) [Default Company Ltd]:ABC.COM

Organizational Unit Name (eg, section) []:Mr.Zhang

Common Name (eg, your name or your server's hostname) []:www.downcc.com

Email Address []:root@abc.com

[root@localhost certs]#

3.配置Apache，基本配置这里不多说了。以下是www.downcc.com站点的http访问配置。

[root@localhost html]# tail -n 8 /etc/httpd/conf/httpd.conf

NameVirtualhost 192.168.2.115:80

VirtualHostwww.downcc.com:80

ServeRadmin webmaster@dummy-host.example.com

DocumentRoot /var/www/html

ServerName www.downcc.com

ErrorLog logs/dummy-host.example.com-error_log

CustomLog logs/dummy-host.example.com-access_log common

/VirtualHost

[root@localhost html]#tail /var/www/html/index.html

www.downcc.com

[root@localhost html]#

4.配置Apache支持https访问www.downcc.com站点，编辑vim /etc/httpd/conf.d/ssl.conf文件，制定使用https访问www.downcc.com网站时的相关信息。添加以下配置。

VirtualHost www.downcc.com:443

document root '/var/www/html/www . kutatest . net ' #//为了展示效果，这里的站点目录是不一样的。通常，域名应该指向同一个目录。

ServerName www.downcc.com:443

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:ADH:EXPORT:SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/abc_com.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Files ~ '\.(cgi|shtml|phtml|php3?)$'

SSLOptions +StdEnvVars

/Files

Directory '/var/www/cgi-bin'

SSLOptions +StdEnvVars

/Directory

SetEnvIf User-Agent '.*MSIE.*' \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

'%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x '%r' %b'

/VirtualHost

5.重启Apache服务，测试访问。

测试http访问的结果。

测试https访问的结果

查看证书信息与自建crt信息一致。

https访问的最终结果