[root@ha02 keys]# openssl genrsa -out www.app01.com.key
Generating RSA private key, bit long modulus
....+++
.....................................+++
e is (0x10001)
[root@ha02 keys]# openssl req -new -key www.app01.com.key -out www.app01.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:espressos.cn
Organizational Unit Name (eg, section) []:app
Common Name (eg, your name or your server's hostname) []:www.app01.com
Email Address []:ck@..com Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@ha02 keys]# ls
www.app01.com.csr www.app01.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app01.com.csr -signkey www.app01.com.key -out www.app01.com.crt
Signature ok
subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos.cn/OU=app/CN=www.app01.com/emailAddress=ck@..com
Getting Private key
[root@ha02 keys]# cat www.app01.com.crt www.app01.com.key |tee www.app01.com.pem
-----BEGIN CERTIFICATE-----
MIIDkjCCAnoCCQDXDebyNmUGrDANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxFTATBgNVBAoM
DGVzcHJlc3Nvcy5jbjEMMAoGA1UECwwDYXBwMRYwFAYDVQQDDA13d3cuYXBwMDEu
Y29tMRowGAYJKoZIhvcNAQkBFgtja0AuMTYzLmNvbTAeFw0xNjEyMTcyMDU5MzRa
Fw0xNzEyMTcyMDU5MzRaMIGKMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpSmlu
ZzEQMA4GA1UEBwwHQmVpSmluZzEVMBMGA1UECgwMZXNwcmVzc29zLmNuMQwwCgYD
VQQLDANhcHAxFjAUBgNVBAMMDXd3dy5hcHAwMS5jb20xGjAYBgkqhkiG9w0BCQEW
C2NrQC4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uZv
jbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW6SZ1o8zNl0AQPMZOikVf
KvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0agYLA5r4HpR30r8hj87pDT
p3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtUaFj+S7l4j0i7LVO3Iu3T
oz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuvdVY6VZcvCmIWYPH7PWC4
DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTGxzQsDpI7Bx6Lq2hD0k5m
p/dIvKKz4KzRcLxPtQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAoo30ox/XXPbSJ
vrIBcAK7ZPWNV7pW8KQ2sZ4LPkNVylwIpKirOmRQ6e9ZBHdPIxU0Ic+aNhsEJ5Et
b11fWwMxAmLMmpwx7ngWsIrFXLBkyda5Zq8DLzLmFQACAW53O4/6EN+HBPXPTP0b
tmzNQaf8AIVpviraOMLSk291+lEws/c0ATvkz5FaRjw5oZjDDozoY3doRnap/hQO
n+i07uJ8PEXnX9P4Th2gYxle/7AvK46Dk7zglG3dpcoveRqOKChKVSZIxta5A0eL
6fpp7R+oU8S4trQY8GB1ECX7/cqUi4G8JwSiC63PKys9JEeLmdpNTZ1d6uv+fHUH
RUeiLjAX
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA2uZvjbDySKIsPOLErlcJGQ+6mpPN+2XvOmS0piY+r14EHfKW
6SZ1o8zNl0AQPMZOikVfKvwDnEhp0FWjnMZOpppRCEYvbuHEwzdgUNoPqwKae0ag
YLA5r4HpR30r8hj87pDTp3ukFzBgRzfuqjUB++1eaot3UEpkV1tMKd/85ziU7CtU
aFj+S7l4j0i7LVO3Iu3Toz80KBB+d31P3qCbgenOcxNs8ohte3Xpk4JWcEKgtYuv
dVY6VZcvCmIWYPH7PWC4DWBkmB6Ub78pdkG5c6PaSFaJrEJdyjel0DuYMpRl7bTG
xzQsDpI7Bx6Lq2hD0k5mp/dIvKKz4KzRcLxPtQIDAQABAoIBAQCtb0hRVjIQtFUi
hHVawGDX92tcz+Cy3+e0N1geEE04OuA+Lhe9cJhiiIEX5k03KdPOn/owH25o48La
qw+vxjtIqxmq2Zj5XG2+UmDAjpU9ZBmrtKCbGuUJln+TAazQ61VzW1Im78JqEQ0n
QDybpNYGmeJlvkxxVA++Wvq0buB8/RLJJokKiPe1e0AeGAUkvHcdxqUrcJfqbzZz
z/XUmI1GJMLnJw0WB8mxTtHq0YEATOOqgsAdoK2bAIl9LhCw4N4anSoD+KgRBbFG
k2SSCsk3bvBWmLBx7yq35hX92U511j42xVg/OxAC/LdVjPX20wBQp85CDZAkfYjb
48BONOMdAoGBAPuPVUEigz6Nk0FpQ+7bV0MXtuQga1OzwFcOsVToQS8CH4kI8q9s
iGutOEvL9GKHY/8nSRpJ/l204lpO1DKB8eCilO2eqMteq3JWAyvuU9TlKdMlD3Ed
Z7D2zX7S40M4cDoF1/AQNBdlBEYzLP7KgTrmxVoumhu8Wu7pqqtIidJPAoGBAN7D
h8w5N/PDjtI50pfFRUml3u6X9us2PcymP+LIMdmNL22zFcT8wk6fVlhUaa6pRA4Y
xEhxoQUNTEiv5sg0AkX2ms0iMUK2CCbOumRqux7V0NMw0iCEZ3QRtqZOn2YpvSFd
alC4KEpF31UbtLbUnx4VBbQ6tkcx5jvYKsSVeVC7AoGBAMHy4Gg3k7jGrqHf5uBh
fAXeYsO/uv/ttn1odpBgAOGdYXLl0zYtF4DtLFpEBUdx20b9ov8BzXux2lKGNFQ8
m5/1uZz6lmk1tDmS1x8nwLqDdJu2FxG++hMWNZlyPoW1HdGeb75Gv+LJn2IAUtCe
kMQ46C9/fpGjxvgsb8lfQ+NBAoGAY2iiazKFk5SLYalIH057UxhgWd0a5XA5N+Bg
1hU8mbb1mWC3sEaTd36Hi7dvye/jXN8UiLecgaKjjjRhKqp68TnRbwV5MioFjTvn
1fQDOQl1vSkmPDiZ6iQVfDXN0EuECSWk0gy8fhicR2CrzoMn1sbO2tTwjujns4EN
5NhHYQ0CgYEAlp6XGwJ+Dih/uQgrRQA5BXB3GYlYpMOEUNJk/3oWh+tl+/vzPRjy
IEZ9jsJ7E3DGhWC9l/MTY8rWEq30B8Qca9trZilcKgLTlHUIVQJnlkLAS3t+48qa
faL1ev3/gJMIw06u/OT8Yl5D8ZzyK1R4YDvjOusdpfRSE6Jwq9Wrgoo=
-----END RSA PRIVATE KEY-----
[root@ha02 keys]# ls
www.app01.com.crt www.app01.com.csr www.app01.com.key www.app01.com.pem

按照以上方法依次生www.app02.com.pem

[root@ha02 keys]# openssl genrsa -out www.app02.com.key
Generating RSA private key, bit long modulus
..........................................................................+++
..................................+++
e is (0x10001)
[root@ha02 keys]# openssl req -new -key www.app02.com.key -out www.app02.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:espressos
Organizational Unit Name (eg, section) []:espressos
Common Name (eg, your name or your server's hostname) []:www.app02.com
Email Address []:ck@.com Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@ha02 keys]# ls
www.app01.com.crt www.app01.com.key www.app02.com.csr
www.app01.com.csr www.app01.com.pem www.app02.com.key
[root@ha02 keys]# openssl x509 -req -days  -in www.app02.com.csr -signkey www.app02.com.key -out www.app02.com.crt
Signature ok
subject=/C=CN/ST=BeiJing/L=BeiJing/O=espressos/OU=espressos/CN=www.app02.com/emailAddress=ck@.com
Getting Private key
[root@ha02 keys]# cat www.app02.com.crt www.app02.com.key |tee www.app02.com.pem
-----BEGIN CERTIFICATE-----
MIIDljCCAn4CCQCReUnUAKlUyDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMC
Q04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxEjAQBgNVBAoM
CWVzcHJlc3NvczESMBAGA1UECwwJZXNwcmVzc29zMRYwFAYDVQQDDA13d3cuYXBw
MDIuY29tMRkwFwYJKoZIhvcNAQkBFgpja0AxNjMuY29tMB4XDTE2MTIxNzIxMDgy
MFoXDTE3MTIxNzIxMDgyMFowgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlK
aW5nMRAwDgYDVQQHDAdCZWlKaW5nMRIwEAYDVQQKDAllc3ByZXNzb3MxEjAQBgNV
BAsMCWVzcHJlc3NvczEWMBQGA1UEAwwNd3d3LmFwcDAyLmNvbTEZMBcGCSqGSIb3
DQEJARYKY2tAMTYzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AK4xvT3wr0ndQqIJWjlHwZZ4fA/OzqXF4Nfg7WwnP4tITVnv/t2UdVAGJllCjcK6
cC6zLXVQ7vHkXVGlmuKhlwgrkXfFd6L1PuS4H5QTT8jFxIVJ+GsyqzXyceqxOcn4
n4yhyc+is0CdapC5QuRjXLFja6fjA2QJzlH2D2gFuQVOD80hhu+lLTlW+hkxUUfz
bthuUDg4WobUVENCdwlr1HjQPqmuo9Nh8tn6BXLtDYiQ4QPHJSFYQutYCbMovUuf
ETP49ovvahdCe2QaB0mrl32hQLTc8FRHqf9doukNycthI7KpVchcPoDseJcjVg34
UOSmQtN50vsC2UyFCb9fb8sCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEATHnHS+ZF
qUf8NuuZn6Iyw/U9ip5ArsJ/13pzjQmmD+eEDmw13ZDkHeiHD8bKxparZqq4zkg5
bBaj8bFWtWcMOc7MCFmd8RIjDATwOs15Uv7x+JHnxUVWCzOVFT0RNovVG1yEp+Rq
6Hu1zBj+yhK6Uj2cFTZOzBZH7+KSGzLOhSJmmqRoNVtnaw7bGqbUgUY/FgFS1rFw
5XXR1Ky02hx58HptF7GXEPav596g8HB+8SiLgkwESl//PYOISbb/KSVg68g7+c8N
SOdS1hci8GtmEW+c1b8tVy5xQZqO3T2Ob024xkNnZkvR0xeCor5loJh9EliSljCy
9s1F/eE2Rv2n4g==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArjG9PfCvSd1CoglaOUfBlnh8D87OpcXg1+DtbCc/i0hNWe/+
3ZR1UAYmWUKNwrpwLrMtdVDu8eRdUaWa4qGXCCuRd8V3ovU+5LgflBNPyMXEhUn4
azKrNfJx6rE5yfifjKHJz6KzQJ1qkLlC5GNcsWNrp+MDZAnOUfYPaAW5BU4PzSGG
76UtOVb6GTFRR/Nu2G5QODhahtRUQ0J3CWvUeNA+qa6j02Hy2foFcu0NiJDhA8cl
IVhC61gJsyi9S58RM/j2i+9qF0J7ZBoHSauXfaFAtNzwVEep/12i6Q3Jy2EjsqlV
yFw+gOx4lyNWDfhQ5KZC03nS+wLZTIUJv19vywIDAQABAoIBAQCMRgOVqIcPnTy2
TX+5Vr5e1IFbHXetaM6qKTgn+uch20Rm42vCtXVOztT81ipgIFCMWr+FlHoGkpZP
VGOIkwWTj7oh0AOKV6Gg/2B2lqKOFCwwBaQldvUGiUkQ7EyUB0E8N2DTcrqUku8o
wfdLAXS4aE5eMOIfIgJiYBqB8vHOgXxhouuTGVrIucEUtdNFsAzgfEP6ZIA82Ju6
AAw0yL1jZSEDVcpNaiPk3aUDQab3PdafSq7/Jv+r4ON9UFxjSWBUHO28Fv4tBLnP
/dDzy6+wNwOhMywMtyMIk9QCks3hw2FM6rF6XELTI0yqJrVhY0C34uaLtg9kSy6x
Xhjl9vfBAoGBAOA9zBONdoN9a60Ow2HZQGe59rZBYU9S7l728UAnlFqrOvbLcNrV
sTzLTqIsv1cTGGoFOlkVQavrT86YlWSMmQ81WAySJz5/5Tde1FswUXJhJ+YHuCTH
HOBOPIE5Fhr614cNB78sdWvNN1WF/fRFxqJOSSuPoYjsTBfbfzw8AUTrAoGBAMbd
aRcrid9yRZ+ZSk5ut5gxjyZT/fpZdCpwuTRWGwHuDT+PtAtJHicq9OWp41RrlK15
C5hX8d2M7NxpJPf0lQP7KLUd3QSEpoXlRLyAXDgAKpQJKf01nU5rnk7Z3pUs616Q
tHhyUm/OojcMzYHpwib86TfZf42uNavqeQMtU0ihAoGAGSb1WBAbBf6wcDXitnv+
3GOgh6rntlUQBbjfMJn/6vef4oTJQNKNUctgI5KvV539tA6oD8vxlM4NIpg80Y1v
saQDH03ZdwozdLV/TkcqK5E4P3YIMp/e3k4IPVpg31/Zgv10K/5ZoWDgXwhrhtW4
xQXQ8UDoFoqisl5ddC0q20cCgYA9TozTY8zBYg0swqkxvNhExyKGgmZOA73YR6AR
DmqNEcJr0fWDdSsikA+nrdQzdmcDg8mbUaFy17s9x/xppLE75PYLwAUfG3Xq2V9z
bW8ApKx7rsePFDRGtM69KFWCT7LQGHRKnZPkfCNuLTg90L7WHioX2amFGCvbsBFW
dWazgQKBgCNS9WU81O67RnE18ymcjzmogBCV1us1SxaWQ7zJZwAc5of8717TqB+l
ZSgPkb8aSkQIVBp3qKYOgNn51/WK6fSFE2jKVQFHCGrVcs7f1Ofru3Wey38qMZ0y
xz5HBI0G/G+ICzsQwTUNTjw2vcUWWwV4jaKpQkOGUlcJVDIJO/l6
-----END RSA PRIVATE KEY-----
[root@ha02 keys]# ls
www.app01.com.crt www.app01.com.key www.app02.com.crt www.app02.com.key
www.app01.com.csr www.app01.com.pem www.app02.com.csr www.app02.com.pem
[root@ha02 haproxy-1.4.]# cat conf/haproxy.cfg
global
log 127.0.0.1 local0 info
maxconn
user nobody
group nobody
daemon
nbproc
pidfile /var/run/haproxy.pid
defaults
log global
option tcplog
option httpclose
option forwardfor except 127.0.0.0/
option redispatch
option dontlognull
retries
timeout client 1m
timeout server 1m
timeout http-request 10s
timeout http-keep-alive 10s
timeout queue 1m
maxconn
listen admin_stats
bind 0.0.0.0:
stats refresh 30s
stats uri /vip
stats realm hello chenlin
stats auth admin:admin@!
stats hide-version
stats admin if TRUE
mode http
#server sshd 192.168.1.104: check port inter fall frontend www.app01.com
mode http
bind 0.0.0.0: ssl crt /etc/ssl/keys/www.app01.com.pem crt /etc/ssl/keys/www.app02.com.pem
use_backend www_app01_com if { ssl_fc_sni www.app01.com }
use_backend www_app02_com if { ssl_fc_sni www.app02.com }
backend www_app01_com
mode http
server app01 192.168.1.108:
backend www_app02_com
mode http
server app02 192.168.1.109:

haproxy 实现了多域https

[root@ha02 haproxy-1.5.]# ./sbin/haproxy -v
HA-Proxy version 1.5-dev19 //
Copyright - Willy Tarreau <w@1wt.eu>

haproxy 实现多域名证书https的更多相关文章

  1. [转帖]一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS https://home.cnblogs.com/u/beyang/ 一台服务器,两个域名 首先购买https,获取到CA证 ...

  2. 配置Nginx支持SSL SNI(一个IP绑定多个证书) 以及Haproxy实现多域名证书

    概述 传统的每个SSL证书签发,每个证书都需要独立ip,假如你编译openssl和nginx时候开启TLS SNI (Server Name Identification) 支持,这样你可以安装多个S ...

  3. Nginx实现多域名证书HTTPS

    目前公司有2个域名,其中这次涉及到3个子域名需要更改为HTTPS传输,分别为: passport.abc.com www.test.com admin.test.com 那么就涉及到购买ssl证书的问 ...

  4. 一个ip对应多个域名多个ssl证书配置-Nginx实现多域名证书HTTPS

    一台服务器,两个域名 首先购买https,获取到CA证书,两个域名就得到两套证书 第二步:现在就是Nginx和OpenSSL的安装与配置(这里注意,一般情况下一个IP只支持一个SSL证书,那么我们现在 ...

  5. haproxy配置基于ssl证书的https负载均衡

    本实验全部在haproxy1.5.19版本进行测试通过,经过测试1.7.X及haproxy1.3版本以下haproxy配置参数可能不适用,需要注意版本号. 一.业务要求现在根据业务的实际需要,有以下几 ...

  6. [从零开始搭网站六]为域名申请免费SSL证书(https),并为Tomcat配置https域名所用的多SSL证书

    点击下面连接查看从零开始搭网站全系列 从零开始搭网站 由于国内的网络环境比较恶劣,运营商流量劫持的情况比较严重,一般表现为别人打开你的网站的时候会弹一些莫名其妙的广告...更过分的会跳转至别的网站. ...

  7. Nginx实现ssl一级、二级域名证书部署并用https访问代理转发服务器

    1.  规划 域名 解析IP Nginx代理 htpps://www.devcult.com 47.88.10.155   htpps://auto.devcult.com 47.88.10.155 ...

  8. Windows Server2008 R2 服务器域名设置Https安全证书访问

    域名支持Https访问设置 1.首先登陆域名申办公司的域名管理账号添加TXT域名解析信息 以新网域名公司为例:http://dcp.xinnet.com,输入域名:www.xxx.com和密码登录即可 ...

  9. 一键自签本地 TLSv3 多域名 SAN 域名证书工具 HTTPS(最新版 Chrome 浏览器策略测试通过)

    一键自动生成本地自签名SAN域名证书工具 原生OpenSSL生成自签名SAN CA域名(V3签名),在Linux.MacOS系统下签发测试通过. 用于一键快速生成开发和测试场景证书,内部平台授权和私有 ...

随机推荐

  1. 使用gulp-connect实现web服务器

    安装插件安装gulp-connect插件,安装命令如下 npm install --save-dev gulp-connect 定义web服务,gulpfile.js代码 var gulp = req ...

  2. redis之理解

    http://www.cnblogs.com/stephen-liu74/category/354125.html

  3. js 获取据当前时间n天前的时间

    <script type="text/javascript"> function getLastDate() { var date = new Date(); ; va ...

  4. [转载]用 grub2 启动 clover.iso 来启动 OS X

    这个帖子只用来解决特定问题,是楼主这两天辛苦的结晶,如果你遇到了跟我差不多的情形,你就可以尝试这个解决方案. 特定情景:1.不管你的机器支不支持 UEFI ,反正你现在是用传统 BISO + MBR ...

  5. 直接操作 SDL_Overlay YUV叠加上的像素

    根据这篇解码出yuv数据后 海思h264解码库 y,u,v数据全部存进数组内,          IntPtr y = _decodeFrame.pY;                 IntPtr ...

  6. React.js入门笔记

    # React.js入门笔记 核心提示 这是本人学习react.js的第一篇入门笔记,估计也会是该系列涵盖内容最多的笔记,主要内容来自英文官方文档的快速上手部分和阮一峰博客教程.当然,还有我自己尝试的 ...

  7. TypePerf.exe使用命令查找计数器

    TypePerf.exe是一个命令行工具,包括把Windows操作系统的性能计数器数据输出到命令窗口或写入到支持该功能的日志文件格式中. 通过以下两个参数获取计数器信息: -q [object] 列出 ...

  8. JSON.parse和eval的区别

    JSON.parse和eval的区别 JSON(JavaScript Object Notation)是一种轻量级的数据格式,采用完全独立于语言的文本格式,是理想的数据交换格式.同时,JSON是Jav ...

  9. 使用ajax技术实现txt弹出在页面上

    使用ajax技术实现txt弹出在页面上   使用ajax技术实现点击按钮,将TXT文本里的内容通过弹出框显示到页面上 /*事件会在页面加载完成后触发.*/ <script> window. ...

  10. Hadoop家族的各个成员

    官方定义:hadoop是一个开发和运行处理大规模数据的软件平台.核心词语是平台,也就是说我们有大量的数据,又有好几个电脑,我们知道应该把处理数据的任务分解到各个电脑上,但是不知道怎样分配任务,怎样回收 ...