Otu esi emepụta Asambodo SSL nke onwe ya na igodo maka Apache na RHEL/CentOS 7.0

SSL (Secure Sockets Layer) bụ ụkpụrụ nzuzo nke na-enye ohere data echekwara echekwabara n'etiti sava na ndị ahịa ya site na iji igodo symmetric/asymmetric site na iji asambodo dijitalụ nke ndị ikike Asambodo (CA) bịanyere aka na ya.

1. Nwụnye LAMP bụ isi na RHEL/CentOS 7.0

Nkuzi a na-enye uzo esi edobe Secure Sockets Layer(SSL) protocol cryptographic protocol na Apache Web Server arụnyere na Red Hat Enterprise Linux/CentOS 7.0, ma wepụta Asambodo na igodo nwere onwe ya. enyemaka nke edemede bash nke na-eme ka usoro ahụ dị mfe nke ukwuu.

Kwụpụ 1: Wụnye ma hazie Apache SSL

1. Iji mee ka SSL dị na Apache HTTP Server jiri iwu na-esonụ iji wụnye SSL Module na OpenSSL tool-kit nke achọrọ maka nkwado SSL/TLS.

# yum install mod_ssl openssl

2. Mgbe etinyere modul SSL, malitegharịa HTTPD daemon wee gbakwunye iwu Firewall ọhụrụ iji hụ na ọdụ ụgbọ mmiri SSL – 443 - meghere ya na njikọ ndị ọzọ na igwe gị na-ege ntị. steeti.

# systemctl restart httpd
# firewall-cmd --add-service=https   ## On-fly rule

# firewall-cmd --permanent  --add-service=https   ## Permanent rule – needs firewalld restart

3. Iji nwalee njikọ SSL, mepee ihe nchọgharị dịpụrụ adịpụ wee gaa na adreesị IP nkesa gị site na iji HTPS protocol na https://server_IP.

Kwụpụ 2: Mepụta Asambodo SSL na igodo

4. Nkwurịta okwu SSL gara aga n'etiti ihe nkesa na onye ahịa mere site na iji Asambodo ndabara na igodo na-emepụta na-akpaghị aka na nwụnye. Iji wepụta igodo nzuzo ọhụrụ yana ụzọ abụọ ejiri aka ya bịanyere aka na ya mepụta script bash na ụzọ sistemu enwere ike ime ya (PATH).

Maka nkuzi a ahọpụtara /usr/local/bin/ ụzọ, gbaa mbọ hụ na edemede nwere executable bit set na, mgbe ahụ, jiri ya dị ka iwu ka ịmepụta ọhụrụ SSL ụzọ abụọ na /etc/ httpd/ssl/ dị ka Asambodo na igodo ndabara ọnọdụ.

# nano /usr/local/bin/apache_ssl

Jiri ọdịnaya faịlụ ndị a.

#!/bin/bash
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Apache SSL Certificate and Key!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The Certificate and Key for $cert has been generated!\nPlease link it to Apache SSL available website!"
ls -all /etc/httpd/ssl
exit 0

5. Ugbu a, mee ka nke a script executable na ẹkedori ya n'ịwa ọhụrụ ụzọ nke Asambodo na Key maka gị Apache SSL Virtual Host.

Jupụta ya na ozi gị ma ṅaa ntị na uru Aha A na-ahụkarị iji dakọtara na sava gị FQDN ma ọ bụ na nke Virtual Bochum dabara na adreesị Weebụ ị ga-enweta mgbe ị na-ejikọ na webụsaịtị echekwara.

# chmod +x /usr/local/bin/apache_ssl
# apache_ssl

6. Mgbe emechara Asambodo na igodo ahụ, edemede ahụ ga-eweta ndepụta ogologo nke abụọ Apache SSL gị echekwara na /etc/httpd/ssl/ebe.

7. Ụzọ ọzọ maka ịmepụta SSL Asambodo na igodo bụ site na ịwụnye ngwugwu crypto-utils na sistemụ gị wee mepụta ụzọ abụọ site na iji genkeyiwu, nke nwere ike weta nsogbu ụfọdụ karịsịa mgbe ejiri ya. a Putty ihuenyo ọnụ.

Ya mere, m na-atụ aro ka ị jiri usoro a naanị mgbe ejikọtara gị na nyocha ihuenyo.

# yum install crypto-utils
# genkey your_FQDN

8. Iji tinye akwụkwọ ọhụrụ na igodo na webụsaịtị SSL gị, mepee faịlụ nhazi webụsaịtị gị wee dochie SSLCertificateFile na SSLCertificateKeyFile nkwupụta nwere ọnọdụ abụọ na aha ọhụrụ ahụ.

9. Ọ bụrụ na Asambodo na-adịghị nyere site a tụkwasịrị obi CA – Asambodo ikike ma ọ bụ hostname si akwụkwọ ekwekọghị na hostname onye guzosie ike njikọ, njehie kwesịrị ịpụta na ihe nchọgharị gị na ị ga-aka na-anabata akwụkwọ.

Ọ bụ ya! Ugbu a, ị nwere ike iji apache_ssl dị ka ahịrị iwu na RHEL/CentOS 7.0 iji wepụta ọtụtụ ụzọ abụọ nke asambodo na igodo ejiri aka gị bịa, a ga-edobe ihe niile na /etc/httpd/ ssl/ ụzọ nwere faịlụ igodo ejiri ikike 700 chebe.