1.yum install mod_ssl openssl
2.生成签名证书(可以申请免费的腾讯云证书,1年有效期)
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs/
cp ca.key /etc/pki/tls/private/
cp ca.csr /etc/pki/tls/private/
3.修改apache配置
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Systemctl restart iptables.service
4.修改防火墙,增加443端口(很关键,当初忘记在防火墙中增加443端口)
vi /etc/sysconfig/iptables
增加-AINPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
systemctl restart iptables.service