Part One, https enable with SSL
1. eable module by remove "#"
in file conf/http.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"
3. Generate certificate and key file for Server Side:
server.key:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
server.csr:
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config ..\conf\openssl.cnf
Input the asked information.
4. Generate Signture Certificate for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024
Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name is server domain, if is local, it is local IP.
Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below files:
index.txt, with content is serial:serial 01, other is null and create a folder: newcerts. then run agin.it will generate server.crt.
5. copy server.key and server.crt(not server.csr) to conf/
Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/mod_rewrite.so
2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations
The Apache service named reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes .
It is caused by line 62(original)
#SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such log. eg:
#SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
Resolution:
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in server.key.org -out server.key
Then use this one instead.
Part Three
openssl x509 -noout -text -in certfile -modulus
or
openssl x509 -noout -text -in certfile -modulus | openssl md5
View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
or
openssl rsa -noout -text -in keyfile -modulus | openssl md5
1. eable module by remove "#"
in file conf/http.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"
3. Generate certificate and key file for Server Side:
server.key:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
server.csr:
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config ..\conf\openssl.cnf
Input the asked information.
4. Generate Signture Certificate for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024
Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name is server domain, if is local, it is local IP.
Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below files:
index.txt, with content is serial:serial 01, other is null and create a folder: newcerts. then run agin.it will generate server.crt.
5. copy server.key and server.crt(not server.csr) to conf/
Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/mod_rewrite.so
2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations
The Apache service named reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes .
It is caused by line 62(original)
#SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such log. eg:
#SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
Resolution:
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in server.key.org -out server.key
Then use this one instead.
Part Three
Verify the private key and certificate whether can match.
openssl x509 -noout -text -in certfile -modulus
or
openssl x509 -noout -text -in certfile -modulus | openssl md5
View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
or
openssl rsa -noout -text -in keyfile -modulus | openssl md5
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
