在搭建Web服务器的过程中，SSL证书的配置是至关重要的一步，它能够保证你的网站在传输数据时的安全性，防止数据被窃取或者篡改，本文将以CentOS 6和CentOS 7为例，详细介绍如何在这两个操作系统上配置SSL证书。

CentOS 6上搭建web服务器的SSL证书配置

1、安装HTTPS模块

在CentOS 6上，我们需要首先安装mod_ssl模块，它是Apache HTTP服务器的一个扩展，用于支持SSL和TLS协议。

yum install mod_ssl mod_ssldevel

2、生成SSL证书

我们可以使用OpenSSL工具来生成自签名的SSL证书，我们需要创建一个私钥文件：

openssl genrsa out /etc/pki/tls/private/localhost.key 2048

我们使用这个私钥文件来生成一个证书签名请求（CSR）：

openssl req new key /etc/pki/tls/private/localhost.key out /etc/pki/tls/certs/localhost.csr

我们使用私钥和CSR来生成一个自签名的SSL证书：

openssl x509 req days 365 in /etc/pki/tls/certs/localhost.csr signkey /etc/pki/tls/private/localhost.key out /etc/pki/tls/certs/localhost.crt

3、配置Apache服务器

我们需要修改Apache的配置文件httpd.conf，启用mod_ssl模块，并指定SSL证书和私钥的路径。

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpdssl.conf
SSLCertificateFile      /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

4、重启Apache服务器

我们需要重启Apache服务器，使配置生效：

service httpd restart

CentOS 7上搭建web服务器的SSL证书配置

1、安装HTTPS模块

在CentOS 7上，我们同样需要首先安装mod_ssl模块，可以使用以下命令进行安装：

yum install mod_ssl openssl firewalld y

2、生成SSL证书

在CentOS 7上，我们可以使用Let’s Encrypt来自动获取和更新SSL证书，我们需要安装Certbot工具：

yum install epelrelease y && yum install certbot python2certbotnginx y && yum clean all && systemctl start certbot && systemctl enable certbot

我们可以使用Certbot来生成和配置SSL证书：

sudo certbot nginx d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv0 server https://acmev02.api.letsencrypt.org/directory d example.com d www.example.com preferredchallenges http w /var/www/example.com/public_html n secureport=443 standalone m example@example.com d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal vvvvvvvvvvvvvvvvvvvvvvvvvvv0 server https://acmestagingv02.api.letsencrypt.org/directory d example.com d www.example.com preferredchallenges http w /var/www/example.com/public_html n secureport=443 standalone m example@example.com d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal vvv0 server https://acmestagingv02.api.letsencrypt.org/directory d example.com d www.example.com preferredchallenges http w /var/www/example.com/public_html n secureport=443 standalone m example@example.com d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal v0 server https://acmestagingv02.api.letsencrypt.org/directory d example.com d www.example.com preferredchallenges http w /var/www/example.com/public_html n secureport=443 standalone m example@example.com d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal h 0.0.0.0:443 apache d example.com d www.example.com preferredchallenges http w /var/www/example.com/public_html n secureport=443 standalone m example@example.com d example.com d www.example.com redirect registerunsafelywithoutemail agreetos stapleocsp renewby default forcerenewal c /etc/letsencrypt/live/example.com/fullchain.pem k /etc/letsencrypt