Otu esi emepụta Asambodo SSL ejiri aka ya bịa na CentOS 8

SSL (Secure Socket Layer), na ụdị ya emelitere, TLS (Transport Socket Layer), bụ ụkpụrụ nchekwa nke a na-eji chekwaa okporo ụzọ webụ ezigara site na ihe nchọgharị weebụ onye ahịa gaa na sava weebụ.

Asambodo SSL bụ asambodo dijitalụ na-emepụta ọwa echedoro n'etiti ihe nchọgharị onye ahịa na sava weebụ. N'ime nke a, data dị nro na nzuzo dị ka data kaadị kredit, nzere nbanye, na ozi nzuzo ndị ọzọ dị oke egwu na-ezoro ezo, na-egbochi ndị hacker ịdebe na izu ohi ozi gị.

Asambodo SSL binyere aka n'onwe ya, n'adịghị ka asambodo SSL ndị ọzọ nke ndị ikike Asambodo (CA) bịanyere aka na ntụkwasị obi, bụ asambodo nke onye nwere ya bịanyere aka na ya.

Ọ bụ n'efu ka ịmepụta otu ma bụrụ ụzọ dị ọnụ ala nke izochi sava weebụ gị na mpaghara gị. Agbanyeghị, iji asambodo SSL binyere aka na aka ya na-akụda mmụọ nke ukwuu na gburugburu nrụpụta maka ebumnuche ndị a:

1. Ebe ọ bụ na Asambodo Asambodo abịanyeghị aka na ya, asambodo SSL binyere aka na ya na-ewepụta ọkwa na ihe nchọgharị weebụ na-adọ ndị ọrụ aka na ntị maka ihe egwu nwere ike ịbịa n'ihu ma ha kpebie ịga n'ihu. Ngosipụta ndị a achọghị ma ga-eme ka ndị ọrụ ghara ịga na webụsaịtị gị, nwere ike ibute mbelata okporo ụzọ weebụ. Dị ka ihe mgbaka maka ọkwa ndị a, òtù dị iche iche na-agbakarị ndị ọrụ ha ume ka ha leghara ọkwa ahụ anya wee gaa n'ihu. Nke a nwere ike ịkpalite àgwà dị ize ndụ n'etiti ndị ọrụ nwere ike kpebie ịga n'ihu na-eleghara ihe ngosi ndị a anya na saịtị ịntanetị ndị ọzọ, nwere ike ịdaba na saịtị phishing.
2. Asambodo ejiri aka ya bịa nwere ọkwa nchekwa dị ala ebe ha na-emejuputa teknụzụ cipher dị ala na hashes. Yabụ na ọkwa nchekwa nwere ike ọ gaghị adabara na ụkpụrụ nchekwa ọkọlọtọ.
3. Na mgbakwunye, enweghị nkwado maka ọrụ igodo igodo ọha (PKI).

Nke ahụ kwuru, iji akwụkwọ SSL ejiri aka ya bịanyere aka na ya abụghị echiche ọjọọ maka ọrụ nnwale na ngwa na igwe mpaghara chọrọ izo ya ezo TLS/SSL.

N'ime ntuziaka a, ị ga-amụta ka esi etinye akwụkwọ SSL n'onwe ya na sava weebụ Apache localhost na sistemụ sava CentOS 8.

Tupu ịmalite, hụ na ị nwere ihe ndị a chọrọ:

1. Ihe atụ nke sava CentOS 8.
2. Apache webụsaịtị arụnyere na sava
3. Ahaziri aha nnabata na kọwapụta ya na faịlụ /etc/hosts. Maka ntuziaka a, anyị ga-eji tecmint.local aha nnabata maka sava anyị.

Kwụpụ 1: Wụnye Mod_SSL na CentOS

1. Iji malite, ịkwesịrị ịchọpụta na arụnyere sava weebụ Apache ma na-agba ọsọ.

$ sudo systemctl status httpd

Nke a bụ ihe a tụrụ anya ya.

Ọ bụrụ na sava weebụ anaghị agba ọsọ, ị nwere ike ịmalite ma mee ka ọ rụọ ọrụ mgbe ị na-eji iwu ahụ.

$ sudo systemctl start httpd
$ sudo systemctl enable httpd

Ị nwere ike mechaa kwenye ma Apache na-arụ ọrụ.

2. Iji mee ka nrụnye na nhazi nke akwụkwọ SSL ejiri aka ya bịanyere aka na ya, achọrọ ngwugwu mod_ssl.

$ sudo dnf install mod_ssl

Ozugbo arụnyere, ị nwere ike nyochaa nrụnye ya site na-agba ọsọ.

$ sudo rpm -q mod_ssl

Ọzọkwa, hụ na arụnyere ngwungwu OpenSSL (OpenSSL na-abịa na ndabara na CentOS 8).

$ sudo rpm -q openssl 

Kwụpụ 2: Mepụta Asambodo SSL ejiri aka ya bịa maka Apache

3. Site na sava weebụ Apache na ihe niile achọrọ na nlele, ịkwesịrị ịmepụta ndekọ n'ime nke a ga-echekwa igodo cryptographic.

N'ihe atụ a, anyị ekepụtala akwụkwọ ndekọ aha na /etc/ssl/private.

$ sudo mkdir -p /etc/ssl/private

Ugbu a mepụta igodo asambodo SSL mpaghara na faịlụ site na iji iwu:

$ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout tecmint.local.key -out tecmint.local.crt

Ka anyị lee ihe ụfọdụ nhọrọ dị n'iwu ahụ pụtara n'ezie:

• req -x509 – Nke a na-egosi na anyị na-eji arịrịọ x509 nbanye Asambodo (CSR).
• -ọnụ – Nhọrọ a na-agwa OpenSSL ka ịfefe iji passphrase na-ezobe asambodo SSL. Echiche ebe a bụ ikwe ka Apache nwee ike ịgụ faịlụ ahụ na-enweghị ụdị enyemaka onye ọrụ ọ bụla nke na-agaghị ekwe omume ma ọ bụrụ na e nyere passphrase.
• -newkey rsa: 2048 - Nke a na-egosi na anyị chọrọ ime otu igodo ọhụrụ na akwụkwọ ọhụrụ. Akụkụ rsa:2048 na-egosi na anyị chọrọ ịmepụta igodo RSA 2048-bit.
• -keyout – Nhọrọ a na-akọwapụta ebe a ga-echekwa faịlụ igodo onwe ewepụtara n’elu okike.
• -apụ - Nhọrọ ahụ na-akọwapụta ebe a ga-edowe asambodo SSL emepụtara.

Kwụpụ 3: Wụnye Asambodo SSL ejiri aka ya bịa na Apache

4. N'ịbụ onye mepụtara faịlụ akwụkwọ SSL, ọ bụ ugbu a oge iji wụnye akwụkwọ site na iji ntọala sava weebụ Apache. Mepee wee dezie faịlụ nhazi /etc/httpd/conf.d/ssl.conf.

$ sudo vi /etc/httpd/conf.d/ssl.conf

Gbaa mbọ hụ na ị nwere ahịrị ndị a n'etiti mkpado nnabata nke mebere.

<VirtualHost *:443>
    ServerAdmin [email 
    ServerName www.tecmint.local
    ServerAlias tecmint.local
 
    DocumentRoot /var/www/html
 
    SSLEngine on
    SSLCertificateFile /etc/ssl/private/tecmint.local.crt
    SSLCertificateKeyFile /etc/ssl/private/tecmint.local.key
</VirtualHost>

Chekwaa wee pụọ na faịlụ ahụ. Maka mgbanwe ndị a ga-eme, malitegharịa Apache site na iji iwu:

$ sudo systemctl restart httpd

5. Maka ndị ọrụ mpụga iji nweta ihe nkesa gị, ịkwesịrị imepe ọdụ ụgbọ mmiri 443 site na firewall dị ka egosiri.

$ sudo firewall-cmd --add-port=443 --zone=public --permanent
$ sudo firewall-cmd --reload

Kwụpụ 3: Nyochaa Asambodo SSL ejiri aka ya bịa na Apache

N'iji nhazi niile dị n'ebe ahụ, gbanye ihe nchọgharị gị ma jiri adreesị IP ma ọ bụ aha ngalaba nke ihe nkesa na-eji https protocol chọgharịa na adreesị nkesa gị.

Iji megharia ule a, ị nwere ike ịtụle ibugharị protocol HTTP gaa na HTTPS na sava weebụ Apache. Nke a bụ na mgbe ọ bụla ị na-eme nchọgharị na ngalaba na HTTP dị larịị, a ga-ebugharị ya na-akpaghị aka na protocol HTTPS.

Ya mere chọgharịa na ngalaba ihe nkesa gị ma ọ bụ IP

https://domain_name/

Ị ga-enweta ọkwa na-agwa gị na njikọ adịghị echekwa dị ka egosiri. Nke a ga-adịgasị iche site n'otu ihe nchọgharị gaa na nke ọzọ. Dị ka ị nwere ike iche, njikere ahụ bụ n'ihi na Asambodo Asambodo abanyeghị na asambodo SSL yana ihe nchọgharị na-edeba aha ya ma na-akọ na enweghị ike ịtụkwasị obi na asambodo ahụ.

Iji gaa n'ihu na webụsaịtị gị, pịa taabụ 'Advanced' dị ka egosiri n'elu:

Ọzọ, tinye ewepu na ihe nchọgharị ahụ.

N'ikpeazụ, bugharịa ihe nchọgharị gị wee hụ na ị nwere ike ịnweta ihe nkesa ugbu a, n'agbanyeghị, a ga-enwe ịdọ aka ná ntị na URL mmanya na saịtị ahụ adịghị echekwa nke ọma n'ihi otu ihe kpatara na akwụkwọ SSL ji aka ya bịa ma ọ bụghị ya. Akwụkwọ ikike.

Ọ bụ olile anya anyị na ị nwere ike ịga n'ihu wee mepụta ma wụnye asambodo SSL ejiri aka ya bịa na sava weebụ Apache localhost na CentOS 8.