參考:
- http://www.bootf.com/563.html
- http://www.sunjianhe.com/?p=1238
- http://www.fwolf.com/blog/post/405
- http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
安裝:
yum install -y openssl #使用openssl可手動創建證書 yum install -y httpd yum install -y mod_ssl
#防火牆打開80、443端口,然后重啟 firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload
#Apache開啟
systemctl enable httpd systemctl start httpd
強制HTTP-->HTTPS:
#vim /etc/httpd/conf/httpd.conf 添加如下內容
RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ #另一種寫法:RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] #301表示永久移走
【Tomcat開啟SSL】
http://sanketdangi.com/post/43734145363/secure-tomcat-through-apache-using-ajp
#vi /etc/httpd/conf.d/ssl.conf 添加如下內容 application1,application2代表tomcat應用,請替換 ProxyPass /application1 ajp://127.0.0.1/application1 ProxyPass /application2 ajp://127.0.0.1/application2 ProxyPassReverse /application1 ajp://127.0.0.1/application1 ProxyPassReverse /application2 ajp://127.0.0.1/application2 <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy>
#vim /usr/share/tomcat/conf/server.xml <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> || \ / <Connector port="8009" protocol="AJP/1.3" redirectPort="8080" />
[work]
http://blog.csdn.net/lifetragedy/article/details/7699236
[解決[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]
原因:requests模塊驗證證書,自簽名證書驗證失敗。
http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror
http://stackoverflow.com/questions/18999517/python-requests-certificate-verify-failed
http://www.python-requests.org/en/latest/user/advanced/
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
http://viraj-workstuff.blogspot.jp/2011/07/python-httplib2-certificate-verify.html
方案一:
requests.get(url,verify=False)
方案二:
復制pem文件內容至/usr/lib/python2.7/site-packages/requests/cacert.pem