Configuration to access by HTTPS with SSL in Apache HTTP

Part One, https enable with SSL

1. eable module by remove "#"
 in file conf/http.conf:
LoadModule ssl_module modules/
Include conf/extra/httpd-ssl.conf

2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"

3. Generate certificate and key file for Server Side:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config ..\conf\openssl.cnf
Input the asked information.

4. Generate Signture Certificate  for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024

Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name is server domain, if is local, it is local IP.

Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below files:
index.txt, with content is serial:serial 01, other is null and create a folder: newcerts. then run will generate server.crt.

5. copy server.key and server.crt(not server.csr) to conf/

Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/

2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations

The Apache service named  reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes     .

It is caused by line 62(original)
#SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such log. eg:
#SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in -out server.key
Then use this one instead.

Part Three

Verify the private key and certificate whether can match.

View the certificate modulus using the following command:
openssl x509 -noout -text -in certfile -modulus
openssl x509 -noout -text -in certfile -modulus | openssl md5

View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
openssl rsa -noout -text -in keyfile -modulus | openssl md5

已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页