Deploy the SSL Credential in the BCC-Apache
Configure the SSL certificate for the Web service in the Apache environment based on the Centos-7.2 Deployment LAMP Environement Tutorial. The domain name needs to be prepared in advance. The following steps are the entire process to configure and deploy the certificate.
1. Download and Decompress a Certificate
Enter "Baidu AI Cloud Console" -- "Security and Management" -- "SSL Certificate Service" -- "Purchased Certificate List", and then click "View Information" based on the certificate information applied for the domain name bound with this BCC.
Click "Download Certificate", and select the PEM_Apache format, and then set the 4-digit decompression password.
After the successful download locally, double click "Open", and then you can see the cer, crt and key files. Select "Decompress to", and set the path, and then enter the 4-digit password you just set on the console.
2. Upload Certificate Files to BCC
Upload the cer, crt and key files decompressed in the previous step to the BCC's Apche configuration directory /etc/httpd/conf through FTP or other tools.
3. Install mod_ssl and Configure the Certificate
For Apache is directly installed from yum, you fail to directly compile and add the SSL module during the installation, so you need to install it again.
yum install mod_ssl openssl
After the successful installation of Apache, there is an additional file ssl.conf under the directory /etc/httpd/conf.d.
vim /etc/httpd/conf.d/ssl.conf
Search ServerName, uncomment this line, and change the domain name to the certificate domain name.
Fill in the location path of three certificate files correctly.
After you restart httpd, you can access this site through the domain name https: //.
4. HTTP to HTTPS Forcibly
For Apache is installed from yum, there are not the ssl.so and httpd-ssl.conf module paths in the Apache configuration file. You can add the rewrite rules manually.
vim vim /etc/httpd/conf/httpd.conf
In<Directory>
......
</Directory>
Add:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]
After you restart Apache, HTTP forcibly jumps to HTTPS when you access the site.