Lập Trình C#, PHP, C++, Java, Python, Javascript, UML
1) Tạo ra file Keystore và CSR (tạo nó trong server mình sẻ gắn SSL vào) 1.1) Tạo ra keystore với dòng lệnh
|
1 |
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore |
sau khi chạy dòng lệnh trên thì …
1) Mở port 443 2) Cài đặt mod_ssl 3) Tạo file ssl.conf trong thư mục httpd/conf.d Lấy file private key và public key rồi ghi vào file ssl.config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {Ref : AWSEBSecurityGroup} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 packages: yum: mod24_ssl : [] files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" ProxyPass / http://localhost:80/ retry=0 ProxyPassReverse / http://localhost:80/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log </VirtualHost> /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root content: | -----BEGIN CERTIFICATE----- your-certificate-here -----END CERTIFICATE----- /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root content: | -----BEGIN RSA PRIVATE KEY----- your-key-here -----END RSA PRIVATE KEY----- |
Hoặc …