[root@server0 conf.

d]# cd /etc/pki/tls
[root@server0 tls]# ll
總計 12
lrwxrwxrwx. 1 root root 49 May 7 2014 cert.pem ->
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
drwxr-xr-x. 2 root root 112 May 7 2014 certs
drwxr-xr-x. 2 root root 69 May 7 2014 misc
-rw-r--r--. 1 root root 10923 Apr 8 2014 openssl.cnf
drwxr-xr-x. 2 root root 6 Apr 8 2014 private
[root@server0 tls]# cd private/
[root@server0 private]# ll
總計 0
[root@server0 private]# wget
http://classroom.example.com/pub/tls/private/server0.key
--2018-03-18 00:24:36-- http://classroom.example.com/pub/tls/private/server0.key
正在查找主機 classroom.example.com (classroom.example.com)... 172.25.254.254
正在連接 classroom.example.com (classroom.example.com)|172.25.254.254|:80... 連上了。
已送出 HTTP 要求，正在等候回應... 200 OK
長度: 916
Saving to: ‘server0.key’

100%[======================================>] 916 --.-K/s in 0s

2018-03-18 00:24:36 (156 MB/s) - ‘server0.key’ saved [916/916]

[root@server0 private]# chmod 600 server0.key

[root@server0 private]# ll
總計 4
-rw-------. 1 root root 916 Jan 7 2015 server0.key
[root@server0 private]# cd ../certs/
[root@server0 certs]# wget http://classroom.example.com/pub/tls/certs/server0.crt
--2018-03-18 00:25:07-- http://classroom.example.com/pub/tls/certs/server0.crt
正在查找主機 classroom.example.com (classroom.example.com)... 172.25.254.254
正在連接 classroom.example.com (classroom.example.com)|172.25.254.254|:80... 連上了。
已送出 HTTP 要求，正在等候回應... 200 OK
長度: 3505 (3.4K) [application/x-x509-ca-cert]
Saving to: ‘server0.crt’

100%[======================================>] 3,505 --.-K/s in 0s

2018-03-18 00:25:07 (597 MB/s) - ‘server0.crt’ saved [3505/3505]

[root@server0 certs]# wget http://classroom.example.com/pub/example-ca.crt

--2018-03-18 00:25:21-- http://classroom.example.com/pub/example-ca.crt
正在查找主機 classroom.example.com (classroom.example.com)... 172.25.254.254
正在連接 classroom.example.com (classroom.example.com)|172.25.254.254|:80... 連上了。
已送出 HTTP 要求，正在等候回應... 200 OK
長度: 1220 (1.2K) [application/x-x509-ca-cert]
Saving to: ‘example-ca.crt’

100%[======================================>] 1,220 --.-K/s in 0s

2018-03-18 00:25:21 (219 MB/s) - ‘example-ca.crt’ saved [1220/1220]

[root@server0 certs]# ll
總計 20
lrwxrwxrwx. 1 root root 49 May 7 2014 ca-bundle.crt ->
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 May 7 2014 ca-bundle.trust.crt -> /etc/pki/ca-
trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1220 Jan 7 2015 example-ca.crt
-rwxr-xr-x. 1 root root 610 Apr 8 2014 make-dummy-cert
-rw-r--r--. 1 root root 2388 Apr 8 2014 Makefile
-rwxr-xr-x. 1 root root 829 Apr 8 2014 renew-dummy-cert
-rw-r--r--. 1 root root 3505 Jan 7 2015 server0.crt
[root@server0 certs]# cd /etc/httpd/conf.d
[root@server0 conf.d]#

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[root@server0 conf.d]# yum install mod_ssl

Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.4.6-17.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mod_ssl x86_64 1:2.4.6-17.el7 rhel_dvd 97 k

Transaction Summary
================================================================================
Install 1 Package

Total download size: 97 k

Installed size: 219 k
Is this ok [y/d/N]: y
Downloading packages:
mod_ssl-2.4.6-17.el7.x86_64.rpm | 97 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1
Verifying : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1

Installed:
mod_ssl.x86_64 1:2.4.6-17.el7

Complete!

[root@server0 conf.d]# cat 00-server.conf

<VirtualHost 172.25.0.11:80>
ServerName server0.example.com
ServerAdmin root@local
Documentroot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
Require all granted
</Directory>
<VirtualHost 172.25.0.11:443>
ServerName server0.example.com
ServerAdmin root@local
Documentroot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>

[root@server0 conf.d]# systemctl restart httpd

[root@server0 conf.d]#