[root@ha02 keys]# openssl genrsa -out www.app01.com.key

Generating RSA private key,  bit long modulus

....+++

.....................................+++

e is  (0x10001)

[root@ha02 keys]# openssl req -new -key www.app01.com.key -out www.app01.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:BeiJing

Locality Name (eg, city) [Default City]:BeiJing

Organization Name (eg, company) [Default Company Ltd]:espressos.cn

Organizational Unit Name (eg, section) []:app

Common Name (eg, your name or your server's hostname) []:www.app01.com

Email Address []:ck@..com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@ha02 keys]# ls

www.app01.com.csr  www.app01.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app01.com.csr -signkey www.app01.com.key -out www.app01.com.crt

Signature ok

subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos.cn/OU=app/CN=www.app01.com/emailAddress=ck@..com

Getting Private key
[root@ha02 keys]# cat www.app01.com.crt www.app01.com.key |tee www.app01.com.pem

-----BEGIN CERTIFICATE-----

MIIDkjCCAnoCCQDXDebyNmUGrDANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC

Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxFTATBgNVBAoM

DGVzcHJlc3Nvcy5jbjEMMAoGA1UECwwDYXBwMRYwFAYDVQQDDA13d3cuYXBwMDEu

Y29tMRowGAYJKoZIhvcNAQkBFgtja0AuMTYzLmNvbTAeFw0xNjEyMTcyMDU5MzRa

Fw0xNzEyMTcyMDU5MzRaMIGKMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpSmlu

ZzEQMA4GA1UEBwwHQmVpSmluZzEVMBMGA1UECgwMZXNwcmVzc29zLmNuMQwwCgYD

VQQLDANhcHAxFjAUBgNVBAMMDXd3dy5hcHAwMS5jb20xGjAYBgkqhkiG9w0BCQEW

C2NrQC4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uZv

jbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW6SZ1o8zNl0AQPMZOikVf

KvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0agYLA5r4HpR30r8hj87pDT

p3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtUaFj+S7l4j0i7LVO3Iu3T

oz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuvdVY6VZcvCmIWYPH7PWC4

DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTGxzQsDpI7Bx6Lq2hD0k5m

p/dIvKKz4KzRcLxPtQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAoo30ox/XXPbSJ

vrIBcAK7ZPWNV7pW8KQ2sZ4LPkNVylwIpKirOmRQ6e9ZBHdPIxU0Ic+aNhsEJ5Et

b11fWwMxAmLMmpwx7ngWsIrFXLBkyda5Zq8DLzLmFQACAW53O4/6EN+HBPXPTP0b

tmzNQaf8AIVpviraOMLSk291+lEws/c0ATvkz5FaRjw5oZjDDozoY3doRnap/hQO

n+i07uJ8PEXnX9P4Th2gYxle/7AvK46Dk7zglG3dpcoveRqOKChKVSZIxta5A0eL

6fpp7R+oU8S4trQY8GB1ECX7/cqUi4G8JwSiC63PKys9JEeLmdpNTZ1d6uv+fHUH

RUeiLjAX

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

MIIEpQIBAAKCAQEA2uZvjbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW

6SZ1o8zNl0AQPMZOikVfKvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0ag

YLA5r4HpR30r8hj87pDTp3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtU

aFj+S7l4j0i7LVO3Iu3Toz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuv

dVY6VZcvCmIWYPH7PWC4DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTG

xzQsDpI7Bx6Lq2hD0k5mp/dIvKKz4KzRcLxPtQIDAQABAoIBAQCtb0hRVjIQtFUi

hHVawGDX92tcz+Cy3+e0N1geEE04OuA+Lhe9cJhiiIEX5k03KdPOn/owH25o48La

qw+vxjtIqxmq2Zj5XG2+UmDAjpU9ZBmrtKCbGuUJln+TAazQ61VzW1Im78JqEQ0n

QDybpNYGmeJlvkxxVA++Wvq0buB8/RLJJokKiPe1e0AeGAUkvHcdxqUrcJfqbzZz

z/XUmI1GJMLnJw0WB8mxTtHq0YEATOOqgsAdoK2bAIl9LhCw4N4anSoD+KgRBbFG

k2SSCsk3bvBWmLBx7yq35hX92U511j42xVg/OxAC/LdVjPX20wBQp85CDZAkfYjb

48BONOMdAoGBAPuPVUEigz6Nk0FpQ+7bV0MXtuQga1OzwFcOsVToQS8CH4kI8q9s

iGutOEvL9GKHY/8nSRpJ/l204lpO1DKB8eCilO2eqMteq3JWAyvuU9TlKdMlD3Ed

Z7D2zX7S40M4cDoF1/AQNBdlBEYzLP7KgTrmxVoumhu8Wu7pqqtIidJPAoGBAN7D

h8w5N/PDjtI50pfFRUml3u6X9us2PcymP+LIMdmNL22zFcT8wk6fVlhUaa6pRA4Y

xEhxoQUNTEiv5sg0AkX2ms0iMUK2CCbOumRqux7V0NMw0iCEZ3QRtqZOn2YpvSFd

alC4KEpF31UbtLbUnx4VBbQ6tkcx5jvYKsSVeVC7AoGBAMHy4Gg3k7jGrqHf5uBh

fAXeYsO/uv/ttn1odpBgAOGdYXLl0zYtF4DtLFpEBUdx20b9ov8BzXux2lKGNFQ8

m5/1uZz6lmk1tDmS1x8nwLqDdJu2FxG++hMWNZlyPoW1HdGeb75Gv+LJn2IAUtCe

kMQ46C9/fpGjxvgsb8lfQ+NBAoGAY2iiazKFk5SLYalIH057UxhgWd0a5XA5N+Bg

1hU8mbb1mWC3sEaTd36Hi7dvye/jXN8UiLecgaKjjjRhKqp68TnRbwV5MioFjTvn

1fQDOQl1vSkmPDiZ6iQVfDXN0EuECSWk0gy8fhicR2CrzoMn1sbO2tTwjujns4EN

5NhHYQ0CgYEAlp6XGwJ+Dih/uQgrRQA5BXB3GYlYpMOEUNJk/3oWh+tl+/vzPRjy

IEZ9jsJ7E3DGhWC9l/MTY8rWEq30B8Qca9trZilcKgLTlHUIVQJnlkLAS3t+48qa

faL1ev3/gJMIw06u/OT8Yl5D8ZzyK1R4YDvjOusdpfRSE6Jwq9Wrgoo=

-----END RSA PRIVATE KEY-----
[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.csr  www.app01.com.key  www.app01.com.pem

按照以上方法依次生www.app02.com.pem

[root@ha02 keys]# openssl genrsa -out www.app02.com.key

Generating RSA private key,  bit long modulus

..........................................................................+++

..................................+++

e is  (0x10001)

[root@ha02 keys]# openssl req -new -key www.app02.com.key -out www.app02.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:BeiJing

Locality Name (eg, city) [Default City]:BeiJing

Organization Name (eg, company) [Default Company Ltd]:espressos

Organizational Unit Name (eg, section) []:espressos

Common Name (eg, your name or your server's hostname) []:www.app02.com

Email Address []:ck@.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.key  www.app02.com.csr

www.app01.com.csr  www.app01.com.pem  www.app02.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app02.com.csr -signkey www.app02.com.key -out www.app02.com.crt

Signature ok

subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos/OU=espressos/CN=www.app02.com/emailAddress=ck@.com

Getting Private key

[root@ha02 keys]# cat www.app02.com.crt www.app02.com.key |tee www.app02.com.pem

-----BEGIN CERTIFICATE-----

MIIDljCCAn4CCQCReUnUAKlUyDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC

Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxEjAQBgNVBAoM

CWVzcHJlc3NvczESMBAGA1UECwwJZXNwcmVzc29zMRYwFAYDVQQDDA13d3cuYXBw

MDIuY29tMRkwFwYJKoZIhvcNAQkBFgpja0AxNjMuY29tMB4XDTE2MTIxNzIxMDgy

MFoXDTE3MTIxNzIxMDgyMFowgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlK

aW5nMRAwDgYDVQQHDAdCZWlKaW5nMRIwEAYDVQQKDAllc3ByZXNzb3MxEjAQBgNV

BAsMCWVzcHJlc3NvczEWMBQGA1UEAwwNd3d3LmFwcDAyLmNvbTEZMBcGCSqGSIb3

DQEJARYKY2tAMTYzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

AK4xvT3wr0ndQqIJWjlHwZZ4fA/OzqXF4Nfg7WwnP4tITVnv/t2UdVAGJllCjcK6

cC6zLXVQ7vHkXVGlmuKhlwgrkXfFd6L1PuS4H5QTT8jFxIVJ+GsyqzXyceqxOcn4

n4yhyc+is0CdapC5QuRjXLFja6fjA2QJzlH2D2gFuQVOD80hhu+lLTlW+hkxUUfz

bthuUDg4WobUVENCdwlr1HjQPqmuo9Nh8tn6BXLtDYiQ4QPHJSFYQutYCbMovUuf

ETP49ovvahdCe2QaB0mrl32hQLTc8FRHqf9doukNycthI7KpVchcPoDseJcjVg34

UOSmQtN50vsC2UyFCb9fb8sCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEATHnHS+ZF

qUf8NuuZn6Iyw/U9ip5ArsJ/13pzjQmmD+eEDmw13ZDkHeiHD8bKxparZqq4zkg5

bBaj8bFWtWcMOc7MCFmd8RIjDATwOs15Uv7x+JHnxUVWCzOVFT0RNovVG1yEp+Rq

6Hu1zBj+yhK6Uj2cFTZOzBZH7+KSGzLOhSJmmqRoNVtnaw7bGqbUgUY/FgFS1rFw

5XXR1Ky02hx58HptF7GXEPav596g8HB+8SiLgkwESl//PYOISbb/KSVg68g7+c8N

SOdS1hci8GtmEW+c1b8tVy5xQZqO3T2Ob024xkNnZkvR0xeCor5loJh9EliSljCy

9s1F/eE2Rv2n4g==

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEArjG9PfCvSd1CoglaOUfBlnh8D87OpcXg1+DtbCc/i0hNWe/+

3ZR1UAYmWUKNwrpwLrMtdVDu8eRdUaWa4qGXCCuRd8V3ovU+5LgflBNPyMXEhUn4

azKrNfJx6rE5yfifjKHJz6KzQJ1qkLlC5GNcsWNrp+MDZAnOUfYPaAW5BU4PzSGG

76UtOVb6GTFRR/Nu2G5QODhahtRUQ0J3CWvUeNA+qa6j02Hy2foFcu0NiJDhA8cl

IVhC61gJsyi9S58RM/j2i+9qF0J7ZBoHSauXfaFAtNzwVEep/12i6Q3Jy2EjsqlV

yFw+gOx4lyNWDfhQ5KZC03nS+wLZTIUJv19vywIDAQABAoIBAQCMRgOVqIcPnTy2

TX+5Vr5e1IFbHXetaM6qKTgn+uch20Rm42vCtXVOztT81ipgIFCMWr+FlHoGkpZP

VGOIkwWTj7oh0AOKV6Gg/2B2lqKOFCwwBaQldvUGiUkQ7EyUB0E8N2DTcrqUku8o

wfdLAXS4aE5eMOIfIgJiYBqB8vHOgXxhouuTGVrIucEUtdNFsAzgfEP6ZIA82Ju6

AAw0yL1jZSEDVcpNaiPk3aUDQab3PdafSq7/Jv+r4ON9UFxjSWBUHO28Fv4tBLnP

/dDzy6+wNwOhMywMtyMIk9QCks3hw2FM6rF6XELTI0yqJrVhY0C34uaLtg9kSy6x

Xhjl9vfBAoGBAOA9zBONdoN9a60Ow2HZQGe59rZBYU9S7l728UAnlFqrOvbLcNrV

sTzLTqIsv1cTGGoFOlkVQavrT86YlWSMmQ81WAySJz5/5Tde1FswUXJhJ+YHuCTH

HOBOPIE5Fhr614cNB78sdWvNN1WF/fRFxqJOSSuPoYjsTBfbfzw8AUTrAoGBAMbd

aRcrid9yRZ+ZSk5ut5gxjyZT/fpZdCpwuTRWGwHuDT+PtAtJHicq9OWp41RrlK15

C5hX8d2M7NxpJPf0lQP7KLUd3QSEpoXlRLyAXDgAKpQJKf01nU5rnk7Z3pUs616Q

tHhyUm/OojcMzYHpwib86TfZf42uNavqeQMtU0ihAoGAGSb1WBAbBf6wcDXitnv+

3GOgh6rntlUQBbjfMJn/6vef4oTJQNKNUctgI5KvV539tA6oD8vxlM4NIpg80Y1v

saQDH03ZdwozdLV/TkcqK5E4P3YIMp/e3k4IPVpg31/Zgv10K/5ZoWDgXwhrhtW4

xQXQ8UDoFoqisl5ddC0q20cCgYA9TozTY8zBYg0swqkxvNhExyKGgmZOA73YR6AR

DmqNEcJr0fWDdSsikA+nrdQzdmcDg8mbUaFy17s9x/xppLE75PYLwAUfG3Xq2V9z

bW8ApKx7rsePFDRGtM69KFWCT7LQGHRKnZPkfCNuLTg90L7WHioX2amFGCvbsBFW

dWazgQKBgCNS9WU81O67RnE18ymcjzmogBCV1us1SxaWQ7zJZwAc5of8717TqB+l

ZSgPkb8aSkQIVBp3qKYOgNn51/WK6fSFE2jKVQFHCGrVcs7f1Ofru3Wey38qMZ0y

xz5HBI0G/G+ICzsQwTUNTjw2vcUWWwV4jaKpQkOGUlcJVDIJO/l6

-----END RSA PRIVATE KEY-----

[root@ha02 keys]# ls

www.app01.com.crt  www.app01.com.key  www.app02.com.crt  www.app02.com.key

www.app01.com.csr  www.app01.com.pem  www.app02.com.csr  www.app02.com.pem
[root@ha02 haproxy-1.4.]# cat conf/haproxy.cfg

global

    log 127.0.0.1 local0 info

    maxconn

    user nobody

    group nobody

    daemon

    nbproc

    pidfile /var/run/haproxy.pid

defaults

    log global

    option tcplog

    option httpclose

    option forwardfor except 127.0.0.0/

    option redispatch

    option dontlognull

    retries

    timeout client 1m

    timeout server 1m

    timeout http-request    10s

    timeout    http-keep-alive    10s

    timeout    queue    1m

    maxconn

listen admin_stats

    bind 0.0.0.0:

    stats refresh 30s

    stats uri /vip

    stats realm hello chenlin

    stats auth admin:admin@!

    stats hide-version

    stats admin if TRUE

    mode http

    #server sshd 192.168.1.104: check port  inter  fall 

frontend www.app01.com

    mode http

    bind 0.0.0.0: ssl crt /etc/ssl/keys/www.app01.com.pem crt /etc/ssl/keys/www.app02.com.pem

    use_backend www_app01_com if { ssl_fc_sni www.app01.com }

    use_backend www_app02_com if { ssl_fc_sni www.app02.com }

backend www_app01_com

    mode http

    server app01 192.168.1.108:

backend www_app02_com

    mode http

    server app02 192.168.1.109:

haproxy 实现了多域https

[root@ha02 haproxy-1.5.]# ./sbin/haproxy -v

HA-Proxy version 1.5-dev19 //

Copyright - Willy Tarreau <w@1wt.eu>

haproxy 实现多域名证书https的更多相关文章

  1. [转帖]一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS https://home.cnblogs.com/u/beyang/ 一台服务器,两个域名 首先购买https,获取到CA证 ...

  2. 配置Nginx支持SSL SNI(一个IP绑定多个证书) 以及Haproxy实现多域名证书

    概述 传统的每个SSL证书签发,每个证书都需要独立ip,假如你编译openssl和nginx时候开启TLS SNI (Server Name Identification) 支持,这样你可以安装多个S ...

  3. Nginx实现多域名证书HTTPS

    目前公司有2个域名,其中这次涉及到3个子域名需要更改为HTTPS传输,分别为: passport.abc.com www.test.com admin.test.com 那么就涉及到购买ssl证书的问 ...

  4. 一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一台服务器,两个域名 首先购买https,获取到CA证书,两个域名就得到两套证书 第二步:现在就是Nginx和OpenSSL的安装与配置(这里注意,一般情况下一个IP只支持一个SSL证书,那么我们现在 ...

  5. haproxy配置基于ssl证书的https负载均衡

    本实验全部在haproxy1.5.19版本进行测试通过,经过测试1.7.X及haproxy1.3版本以下haproxy配置参数可能不适用,需要注意版本号. 一.业务要求现在根据业务的实际需要,有以下几 ...

  6. [从零开始搭网站六]为域名申请免费SSL证书(https),并为Tomcat配置https域名所用的多SSL证书

    点击下面连接查看从零开始搭网站全系列 从零开始搭网站 由于国内的网络环境比较恶劣,运营商流量劫持的情况比较严重,一般表现为别人打开你的网站的时候会弹一些莫名其妙的广告...更过分的会跳转至别的网站. ...

  7. Nginx实现ssl一级、二级域名证书部署并用https访问代理转发服务器

    1.  规划 域名 解析IP Nginx代理 htpps://www.devcult.com 47.88.10.155   htpps://auto.devcult.com 47.88.10.155 ...

  8. Windows Server2008 R2 服务器域名设置Https安全证书访问

    域名支持Https访问设置 1.首先登陆域名申办公司的域名管理账号添加TXT域名解析信息 以新网域名公司为例:http://dcp.xinnet.com,输入域名:www.xxx.com和密码登录即可 ...

  9. 一键自签本地 TLSv3 多域名 SAN 域名证书工具 HTTPS(最新版 Chrome 浏览器策略测试通过)

    一键自动生成本地自签名SAN域名证书工具 原生OpenSSL生成自签名SAN CA域名(V3签名),在Linux.MacOS系统下签发测试通过. 用于一键快速生成开发和测试场景证书,内部平台授权和私有 ...

随机推荐

  1. 【poj1694】 An Old Stone Game

    http://poj.org/problem?id=1694 (题目链接) 题意 一棵树,现在往上面放石子.对于一个节点x,只有当它的直接儿子都放满石子时,才能将它直接儿子中的一个石子放置x上,并回收 ...

  2. #MySQL 5.7.8 支持Json类型

    As of MySQL 5.7.8, MySQL supports a native JSON data type that enables efficient access to data in J ...

  3. iOS提交后申请加急审核

    链接:https://developer.apple.com/appstore/contact/appreviewteam/index.html 在i would like to里选择加急审核 然后填 ...

  4. 【Beta】Scrum04

    Info 由于上次验收基本没有人按时完成,缓冲一个任务周期. 时间:2016.12.06 21:30 时长:25min 地点:大运村1号公寓5楼楼道 类型:日常Scrum会议 NXT:2016.12. ...

  5. 面试题目——《CC150》Java

    package cc150.java; import java.util.Iterator; public class CircularArray { public static void main( ...

  6. LINQ驱动数据的查询功能

    一.LINQ概念 LINQ是微软在.NetFramework3.5中新加入的语言功能,在语言中以程序代码方式处理集合的能力. 1.1 LINQ VS 循环处理 在我刚工作时候,对于集合对象的处理一般是 ...

  7. 深入理解javascript原型和闭包(13)-【作用域】和【上下文环境】

    上文简单介绍了作用域,本文把作用域和上下文环境结合起来说一下,会理解的更深一些. 如上图,我们在上文中已经介绍了,除了全局作用域之外,每个函数都会创建自己的作用域,作用域在函数定义时就已经确定了.而不 ...

  8. php 去掉字符串的最后一个字符

    原字符串1,2,3,4,5,6, 去掉最后一个字符",",最终结果为1,2,3,4,5,6 代码如下: $str = "1,2,3,4,5,6,"; $news ...

  9. NSLog(@"%@",类对象); 默认输出类名

    NSLog()函数输出Objective-c对象时,输出的是该对象的description方法的返回值.也就是说,以下两行代码作用完全一样(假设p是指向任何对象的指针变量). NSLog(@" ...

  10. 微信电脑版-微信for windows客户端发布

    12月份微信Windows版客户端1.0 Alpha推出,昨天微信for windows 1.0客户端(测试版)发布更新,超过三亿人使用的聊天应用,现在登录Windows桌面.你可以在Windows上 ...