Configuration to access by HTTPS with SSL in Apache HTTP

Part One, https enable with SSL

1. eable module by remove "#"
 in file conf/http.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"

3. Generate certificate and key file for Server Side:
server.key:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
server.csr:
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config ..\conf\openssl.cnf
Input the asked information.

4. Generate Signture Certificate  for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024

Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name is server domain, if is local, it is local IP.

Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below files:
index.txt, with content is serial:serial 01, other is null and create a folder: newcerts. then run agin.it will generate server.crt.

5. copy server.key and server.crt(not server.csr) to conf/

Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/mod_rewrite.so

2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations

The Apache service named  reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes     .

It is caused by line 62(original)
#SSLSessionCache"shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such log. eg:
#SSLSessionCache"shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
Resolution:
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in server.key.org -out server.key
Then use this one instead.

Part Three

Verify the private key and certificate whether can match.


View the certificate modulus using the following command:
openssl x509 -noout -text -in certfile -modulus
or
openssl x509 -noout -text -in certfile -modulus | openssl md5

View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
or
openssl rsa -noout -text -in keyfile -modulus | openssl md5



发布了59 篇原创文章 · 获赞 5 · 访问量 13万+
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览