https实现:httpd利用https协议通过证书安全加密,使得资源进行加密传输 //SSL会话是基于IP地址所构建的,所以单IP地址的服务器,仅可以创建一个基于https的虚拟主机

        创建私有CA:OpenSSL
            1.创建CA的私钥:
                ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
            2.生成CA的自签证书:
                ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3653
            3.完善CA所必需目录级文件要求和文本文件级文件要求:
                ~]# touch /etc/pki/CA/index.txt
                ~]# echo 01 > /etc/pki/CA/serial
        创建https站点:
            1.为httpd服务器生成密钥并生成证书请求:
                ~]# mkdir /etc/httpd/ssl
                ~]# cd /etc/httpd/ssl
                ~]# (umask 077;openssl genrsa -out httpd.key 2048)
                ~]# openssl req -new -key httpd.key -out httpd.csr -days 3653
            2.将证书请求发送到CA:
                ~]# scp httpd.csr CA_SERVER:/tmp
            3.在CA上为此次请求签发证书:
                ~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 3653
            4.在CA上将CA签发的证书传送到httpd服务器:
                ~]# scp /etc/pki/CA/certs/httpd.crt HTTP_SERVER:/etc/httpd/ssl
            5.在httpd服务器上,删除证书请求文件:
                ~]# rm -f httpd.csr
            6.在httpd服务器上配置ssl支持:
                1) 保证mod_ssl模块被正确装载;如果没有,则需要单独安装;
                    yum -y install mod_ssl
                        /etc/httpd/conf.d/ssl.conf
                        /usr/lib64/httpd/modules/mod_ssl.so
                2) 配置https的虚拟主机:
                    
                        DocumentRoot "/myvhost/https"
                        ServerName www.a.com
                        SSLCertificateFile /etc/httpd/ssl/httpd.crt
                        SSLCertificateKeyFile /etc/httpd/ssl/httpd.key