[root@ha02 keys]# openssl genrsa -out www.app01.com.key

Generating RSA private key,  bit long modulus

....+++

.....................................+++

e is  (0x10001)

[root@ha02 keys]# openssl req -new -key www.app01.com.key -out www.app01.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:BeiJing

Locality Name (eg, city) [Default City]:BeiJing

Organization Name (eg, company) [Default Company Ltd]:espressos.cn

Organizational Unit Name (eg, section) []:app

Common Name (eg, your name or your server's hostname) []:www.app01.com

Email Address []:ck@..com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@ha02 keys]# ls

www.app01.com.csr  www.app01.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app01.com.csr -signkey www.app01.com.key -out www.app01.com.crt

Signature ok

subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos.cn/OU=app/CN=www.app01.com/emailAddress=ck@..com

Getting Private key
[root@ha02 keys]# cat www.app01.com.crt www.app01.com.key |tee www.app01.com.pem

-----BEGIN CERTIFICATE-----

MIIDkjCCAnoCCQDXDebyNmUGrDANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC

Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxFTATBgNVBAoM

DGVzcHJlc3Nvcy5jbjEMMAoGA1UECwwDYXBwMRYwFAYDVQQDDA13d3cuYXBwMDEu

Y29tMRowGAYJKoZIhvcNAQkBFgtja0AuMTYzLmNvbTAeFw0xNjEyMTcyMDU5MzRa

Fw0xNzEyMTcyMDU5MzRaMIGKMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpSmlu

ZzEQMA4GA1UEBwwHQmVpSmluZzEVMBMGA1UECgwMZXNwcmVzc29zLmNuMQwwCgYD

VQQLDANhcHAxFjAUBgNVBAMMDXd3dy5hcHAwMS5jb20xGjAYBgkqhkiG9w0BCQEW

C2NrQC4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uZv

jbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW6SZ1o8zNl0AQPMZOikVf

KvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0agYLA5r4HpR30r8hj87pDT

p3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtUaFj+S7l4j0i7LVO3Iu3T

oz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuvdVY6VZcvCmIWYPH7PWC4

DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTGxzQsDpI7Bx6Lq2hD0k5m

p/dIvKKz4KzRcLxPtQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAoo30ox/XXPbSJ

vrIBcAK7ZPWNV7pW8KQ2sZ4LPkNVylwIpKirOmRQ6e9ZBHdPIxU0Ic+aNhsEJ5Et

b11fWwMxAmLMmpwx7ngWsIrFXLBkyda5Zq8DLzLmFQACAW53O4/6EN+HBPXPTP0b

tmzNQaf8AIVpviraOMLSk291+lEws/c0ATvkz5FaRjw5oZjDDozoY3doRnap/hQO

n+i07uJ8PEXnX9P4Th2gYxle/7AvK46Dk7zglG3dpcoveRqOKChKVSZIxta5A0eL

6fpp7R+oU8S4trQY8GB1ECX7/cqUi4G8JwSiC63PKys9JEeLmdpNTZ1d6uv+fHUH

RUeiLjAX

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

MIIEpQIBAAKCAQEA2uZvjbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW

6SZ1o8zNl0AQPMZOikVfKvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0ag

YLA5r4HpR30r8hj87pDTp3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtU

aFj+S7l4j0i7LVO3Iu3Toz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuv

dVY6VZcvCmIWYPH7PWC4DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTG

xzQsDpI7Bx6Lq2hD0k5mp/dIvKKz4KzRcLxPtQIDAQABAoIBAQCtb0hRVjIQtFUi

hHVawGDX92tcz+Cy3+e0N1geEE04OuA+Lhe9cJhiiIEX5k03KdPOn/owH25o48La

qw+vxjtIqxmq2Zj5XG2+UmDAjpU9ZBmrtKCbGuUJln+TAazQ61VzW1Im78JqEQ0n

QDybpNYGmeJlvkxxVA++Wvq0buB8/RLJJokKiPe1e0AeGAUkvHcdxqUrcJfqbzZz

z/XUmI1GJMLnJw0WB8mxTtHq0YEATOOqgsAdoK2bAIl9LhCw4N4anSoD+KgRBbFG

k2SSCsk3bvBWmLBx7yq35hX92U511j42xVg/OxAC/LdVjPX20wBQp85CDZAkfYjb

48BONOMdAoGBAPuPVUEigz6Nk0FpQ+7bV0MXtuQga1OzwFcOsVToQS8CH4kI8q9s

iGutOEvL9GKHY/8nSRpJ/l204lpO1DKB8eCilO2eqMteq3JWAyvuU9TlKdMlD3Ed

Z7D2zX7S40M4cDoF1/AQNBdlBEYzLP7KgTrmxVoumhu8Wu7pqqtIidJPAoGBAN7D

h8w5N/PDjtI50pfFRUml3u6X9us2PcymP+LIMdmNL22zFcT8wk6fVlhUaa6pRA4Y

xEhxoQUNTEiv5sg0AkX2ms0iMUK2CCbOumRqux7V0NMw0iCEZ3QRtqZOn2YpvSFd

alC4KEpF31UbtLbUnx4VBbQ6tkcx5jvYKsSVeVC7AoGBAMHy4Gg3k7jGrqHf5uBh

fAXeYsO/uv/ttn1odpBgAOGdYXLl0zYtF4DtLFpEBUdx20b9ov8BzXux2lKGNFQ8

m5/1uZz6lmk1tDmS1x8nwLqDdJu2FxG++hMWNZlyPoW1HdGeb75Gv+LJn2IAUtCe

kMQ46C9/fpGjxvgsb8lfQ+NBAoGAY2iiazKFk5SLYalIH057UxhgWd0a5XA5N+Bg

1hU8mbb1mWC3sEaTd36Hi7dvye/jXN8UiLecgaKjjjRhKqp68TnRbwV5MioFjTvn

1fQDOQl1vSkmPDiZ6iQVfDXN0EuECSWk0gy8fhicR2CrzoMn1sbO2tTwjujns4EN

5NhHYQ0CgYEAlp6XGwJ+Dih/uQgrRQA5BXB3GYlYpMOEUNJk/3oWh+tl+/vzPRjy

IEZ9jsJ7E3DGhWC9l/MTY8rWEq30B8Qca9trZilcKgLTlHUIVQJnlkLAS3t+48qa

faL1ev3/gJMIw06u/OT8Yl5D8ZzyK1R4YDvjOusdpfRSE6Jwq9Wrgoo=

-----END RSA PRIVATE KEY-----
[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.csr  www.app01.com.key  www.app01.com.pem

按照以上方法依次生www.app02.com.pem

[root@ha02 keys]# openssl genrsa -out www.app02.com.key

Generating RSA private key,  bit long modulus

..........................................................................+++

..................................+++

e is  (0x10001)

[root@ha02 keys]# openssl req -new -key www.app02.com.key -out www.app02.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:BeiJing

Locality Name (eg, city) [Default City]:BeiJing

Organization Name (eg, company) [Default Company Ltd]:espressos

Organizational Unit Name (eg, section) []:espressos

Common Name (eg, your name or your server's hostname) []:www.app02.com

Email Address []:ck@.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.key  www.app02.com.csr

www.app01.com.csr  www.app01.com.pem  www.app02.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app02.com.csr -signkey www.app02.com.key -out www.app02.com.crt

Signature ok

subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos/OU=espressos/CN=www.app02.com/emailAddress=ck@.com

Getting Private key

[root@ha02 keys]# cat www.app02.com.crt www.app02.com.key |tee www.app02.com.pem

-----BEGIN CERTIFICATE-----

MIIDljCCAn4CCQCReUnUAKlUyDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC

Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxEjAQBgNVBAoM

CWVzcHJlc3NvczESMBAGA1UECwwJZXNwcmVzc29zMRYwFAYDVQQDDA13d3cuYXBw

MDIuY29tMRkwFwYJKoZIhvcNAQkBFgpja0AxNjMuY29tMB4XDTE2MTIxNzIxMDgy

MFoXDTE3MTIxNzIxMDgyMFowgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlK

aW5nMRAwDgYDVQQHDAdCZWlKaW5nMRIwEAYDVQQKDAllc3ByZXNzb3MxEjAQBgNV

BAsMCWVzcHJlc3NvczEWMBQGA1UEAwwNd3d3LmFwcDAyLmNvbTEZMBcGCSqGSIb3

DQEJARYKY2tAMTYzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

AK4xvT3wr0ndQqIJWjlHwZZ4fA/OzqXF4Nfg7WwnP4tITVnv/t2UdVAGJllCjcK6

cC6zLXVQ7vHkXVGlmuKhlwgrkXfFd6L1PuS4H5QTT8jFxIVJ+GsyqzXyceqxOcn4

n4yhyc+is0CdapC5QuRjXLFja6fjA2QJzlH2D2gFuQVOD80hhu+lLTlW+hkxUUfz

bthuUDg4WobUVENCdwlr1HjQPqmuo9Nh8tn6BXLtDYiQ4QPHJSFYQutYCbMovUuf

ETP49ovvahdCe2QaB0mrl32hQLTc8FRHqf9doukNycthI7KpVchcPoDseJcjVg34

UOSmQtN50vsC2UyFCb9fb8sCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEATHnHS+ZF

qUf8NuuZn6Iyw/U9ip5ArsJ/13pzjQmmD+eEDmw13ZDkHeiHD8bKxparZqq4zkg5

bBaj8bFWtWcMOc7MCFmd8RIjDATwOs15Uv7x+JHnxUVWCzOVFT0RNovVG1yEp+Rq

6Hu1zBj+yhK6Uj2cFTZOzBZH7+KSGzLOhSJmmqRoNVtnaw7bGqbUgUY/FgFS1rFw

5XXR1Ky02hx58HptF7GXEPav596g8HB+8SiLgkwESl//PYOISbb/KSVg68g7+c8N

SOdS1hci8GtmEW+c1b8tVy5xQZqO3T2Ob024xkNnZkvR0xeCor5loJh9EliSljCy

9s1F/eE2Rv2n4g==

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEArjG9PfCvSd1CoglaOUfBlnh8D87OpcXg1+DtbCc/i0hNWe/+

3ZR1UAYmWUKNwrpwLrMtdVDu8eRdUaWa4qGXCCuRd8V3ovU+5LgflBNPyMXEhUn4

azKrNfJx6rE5yfifjKHJz6KzQJ1qkLlC5GNcsWNrp+MDZAnOUfYPaAW5BU4PzSGG

76UtOVb6GTFRR/Nu2G5QODhahtRUQ0J3CWvUeNA+qa6j02Hy2foFcu0NiJDhA8cl

IVhC61gJsyi9S58RM/j2i+9qF0J7ZBoHSauXfaFAtNzwVEep/12i6Q3Jy2EjsqlV

yFw+gOx4lyNWDfhQ5KZC03nS+wLZTIUJv19vywIDAQABAoIBAQCMRgOVqIcPnTy2

TX+5Vr5e1IFbHXetaM6qKTgn+uch20Rm42vCtXVOztT81ipgIFCMWr+FlHoGkpZP

VGOIkwWTj7oh0AOKV6Gg/2B2lqKOFCwwBaQldvUGiUkQ7EyUB0E8N2DTcrqUku8o

wfdLAXS4aE5eMOIfIgJiYBqB8vHOgXxhouuTGVrIucEUtdNFsAzgfEP6ZIA82Ju6

AAw0yL1jZSEDVcpNaiPk3aUDQab3PdafSq7/Jv+r4ON9UFxjSWBUHO28Fv4tBLnP

/dDzy6+wNwOhMywMtyMIk9QCks3hw2FM6rF6XELTI0yqJrVhY0C34uaLtg9kSy6x

Xhjl9vfBAoGBAOA9zBONdoN9a60Ow2HZQGe59rZBYU9S7l728UAnlFqrOvbLcNrV

sTzLTqIsv1cTGGoFOlkVQavrT86YlWSMmQ81WAySJz5/5Tde1FswUXJhJ+YHuCTH

HOBOPIE5Fhr614cNB78sdWvNN1WF/fRFxqJOSSuPoYjsTBfbfzw8AUTrAoGBAMbd

aRcrid9yRZ+ZSk5ut5gxjyZT/fpZdCpwuTRWGwHuDT+PtAtJHicq9OWp41RrlK15

C5hX8d2M7NxpJPf0lQP7KLUd3QSEpoXlRLyAXDgAKpQJKf01nU5rnk7Z3pUs616Q

tHhyUm/OojcMzYHpwib86TfZf42uNavqeQMtU0ihAoGAGSb1WBAbBf6wcDXitnv+

3GOgh6rntlUQBbjfMJn/6vef4oTJQNKNUctgI5KvV539tA6oD8vxlM4NIpg80Y1v

saQDH03ZdwozdLV/TkcqK5E4P3YIMp/e3k4IPVpg31/Zgv10K/5ZoWDgXwhrhtW4

xQXQ8UDoFoqisl5ddC0q20cCgYA9TozTY8zBYg0swqkxvNhExyKGgmZOA73YR6AR

DmqNEcJr0fWDdSsikA+nrdQzdmcDg8mbUaFy17s9x/xppLE75PYLwAUfG3Xq2V9z

bW8ApKx7rsePFDRGtM69KFWCT7LQGHRKnZPkfCNuLTg90L7WHioX2amFGCvbsBFW

dWazgQKBgCNS9WU81O67RnE18ymcjzmogBCV1us1SxaWQ7zJZwAc5of8717TqB+l

ZSgPkb8aSkQIVBp3qKYOgNn51/WK6fSFE2jKVQFHCGrVcs7f1Ofru3Wey38qMZ0y

xz5HBI0G/G+ICzsQwTUNTjw2vcUWWwV4jaKpQkOGUlcJVDIJO/l6

-----END RSA PRIVATE KEY-----

[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.key  www.app02.com.crt  www.app02.com.key

www.app01.com.csr  www.app01.com.pem  www.app02.com.csr  www.app02.com.pem
[root@ha02 haproxy-1.4.]# cat conf/haproxy.cfg

global

    log 127.0.0.1 local0 info

    maxconn

    user nobody

    group nobody

    daemon

    nbproc

    pidfile /var/run/haproxy.pid

defaults

    log global

    option tcplog

    option httpclose

    option forwardfor except 127.0.0.0/

    option redispatch

    option dontlognull

    retries

    timeout client 1m

    timeout server 1m

    timeout http-request    10s

    timeout    http-keep-alive    10s

    timeout    queue    1m

    maxconn

listen admin_stats

    bind 0.0.0.0:

    stats refresh 30s

    stats uri /vip

    stats realm hello chenlin

    stats auth admin:admin@!

    stats hide-version

    stats admin if TRUE

    mode http

    #server sshd 192.168.1.104: check port  inter  fall 

frontend www.app01.com

    mode http

    bind 0.0.0.0: ssl crt /etc/ssl/keys/www.app01.com.pem crt /etc/ssl/keys/www.app02.com.pem

    use_backend www_app01_com if { ssl_fc_sni www.app01.com }

    use_backend www_app02_com if { ssl_fc_sni www.app02.com }

backend www_app01_com

    mode http

    server app01 192.168.1.108:

backend www_app02_com

    mode http

    server app02 192.168.1.109:

haproxy 实现了多域https

[root@ha02 haproxy-1.5.]# ./sbin/haproxy -v

HA-Proxy version 1.5-dev19 //

Copyright - Willy Tarreau <w@1wt.eu>

haproxy 实现多域名证书https的更多相关文章

  1. [转帖]一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS https://home.cnblogs.com/u/beyang/ 一台服务器,两个域名 首先购买https,获取到CA证 ...

  2. 配置Nginx支持SSL SNI(一个IP绑定多个证书) 以及Haproxy实现多域名证书

    概述 传统的每个SSL证书签发,每个证书都需要独立ip,假如你编译openssl和nginx时候开启TLS SNI (Server Name Identification) 支持,这样你可以安装多个S ...

  3. Nginx实现多域名证书HTTPS

    目前公司有2个域名,其中这次涉及到3个子域名需要更改为HTTPS传输,分别为: passport.abc.com www.test.com admin.test.com 那么就涉及到购买ssl证书的问 ...

  4. 一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一台服务器,两个域名 首先购买https,获取到CA证书,两个域名就得到两套证书 第二步:现在就是Nginx和OpenSSL的安装与配置(这里注意,一般情况下一个IP只支持一个SSL证书,那么我们现在 ...

  5. haproxy配置基于ssl证书的https负载均衡

    本实验全部在haproxy1.5.19版本进行测试通过,经过测试1.7.X及haproxy1.3版本以下haproxy配置参数可能不适用,需要注意版本号. 一.业务要求现在根据业务的实际需要,有以下几 ...

  6. [从零开始搭网站六]为域名申请免费SSL证书(https),并为Tomcat配置https域名所用的多SSL证书

    点击下面连接查看从零开始搭网站全系列 从零开始搭网站 由于国内的网络环境比较恶劣,运营商流量劫持的情况比较严重,一般表现为别人打开你的网站的时候会弹一些莫名其妙的广告...更过分的会跳转至别的网站. ...

  7. Nginx实现ssl一级、二级域名证书部署并用https访问代理转发服务器

    1.  规划 域名 解析IP Nginx代理 htpps://www.devcult.com 47.88.10.155   htpps://auto.devcult.com 47.88.10.155 ...

  8. Windows Server2008 R2 服务器域名设置Https安全证书访问

    域名支持Https访问设置 1.首先登陆域名申办公司的域名管理账号添加TXT域名解析信息 以新网域名公司为例:http://dcp.xinnet.com,输入域名:www.xxx.com和密码登录即可 ...

  9. 一键自签本地 TLSv3 多域名 SAN 域名证书工具 HTTPS(最新版 Chrome 浏览器策略测试通过)

    一键自动生成本地自签名SAN域名证书工具 原生OpenSSL生成自签名SAN CA域名(V3签名),在Linux.MacOS系统下签发测试通过. 用于一键快速生成开发和测试场景证书,内部平台授权和私有 ...

随机推荐

  1. Delphi dll 断点调试

    1.dll 要有一个依托的exe(怎么做 相信用dll了一定知道) 2.选项中的compling中的debugging中的选项,linking中的所有选项 3.最后一个也就是最重要的 run中的par ...

  2. jsp中iframe填充装个页面

    首先要引入这个css,由于我之前没有引入这个,导致iframe的高度一只是默认高度,没有改变 <style type="text/css"> body, html { ...

  3. <<< sqlserver、Mysql、Oracle数据库优缺点

    sqlserver 优点: 易用性.适合分布式组织的可伸缩性.用于决策支持的数据仓库功能.与许多其他服务器软件紧密关联的集成性.良好的性价比等:   为数据管理与分析带来了灵活性,允许单位在快速变化的 ...

  4. Linux的inode的理解

    文件名 -> inode -> device block 一.inode是什么? 理解inode,要从文件储存说起. 文件储存在硬盘上,硬盘的最小存储单位叫做"扇区"( ...

  5. 浅谈系统架构<一>

    前言:博主刚刚从事于Web后端开发与学习不久,开发项目经验也是有限的.不过今天依旧将一些个人的想法记录下来,我的构想或许不太正确,还望各位大牛能给我多多建议. 首先:我们从编程开始讲起 博主是偏向于后 ...

  6. GDI画图,判断鼠标点击点在某一画好的多边形、矩形、图形里

    Region.IsVisible方法 简单方便准确 private bool CheckPntInPoly(Point[] points, Point pnt) { || pnt == Point.E ...

  7. linux 安装 ArcSDE10.1

    实验仍未成功,步骤仅供参考. 1:首先检查一下在Linux操作系统下Oracle数据库是否能启动,是否能连通等 [oracle@localhost ~]$ sqlplus SQL*Plus: Rele ...

  8. arguments

    arguments 转数组 通常使用下面的方法来将 arguments 转换成数组: Array.prototype.slice.call(arguments); 还有一个更简短的写法: [].sli ...

  9. CSS3中的动画功能(二)

    上一篇文章讲解了css3动画中的一个即transitions,那么今天来说说另外一个animations.和transitions不同的是animations可以定义多个关键帧以及每个关键帧中元素的属 ...

  10. Python之路【第二十二篇】CMDB项目

    浅谈ITIL TIL即IT基础架构库(Information Technology Infrastructure Library, ITIL,信息技术基础架构库)由英国政府部门CCTA(Central ...