Reference: http://www.yuansir-web.com/2011/05/12/hello-world/
Test environment: Windows2003 32-bit + Apache2.4 + PHP5.4
First, the preparatory work
Install Apache + OpenSSL.
Win32openssl http://slproweb.com/products/Win32OpenSSL.html, it's best to download the full package (or you can build OpenSSL yourself)
VC + + 2008 Installation
Ii. Generating CA certificates
First cmd command enters {apache}/bin directory
1, into the Web server public key file Server.key
OpenSSL genrsa-out Server.key 1024
2. Generate SERVER.CSR
OpenSSL req-new-out Server.csr-key server.key-config. \conf\openssl.cnf
(The openssl.cnf shown here under Windows is the OpenSSL type for speed dial)
3. Generate CA private key file Ca.key
OpenSSL genrsa-out Ca.key 1024
4. Generate CA Certificate
OpenSSL req-new-x509-days 365-key ca.key-out ca.crt-config. \conf\openssl.cnf
Iii. generating a server-side certificate
Create the Democa folder under the {Apache}/bin file and create the Newcerts folder, index.txt file, serial file in the Democa folder, and the serial file content is 01.
1. server certificate after signing
OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config. \conf\openssl.cnf
2. Copy the Server.crt,server.key,ca.crt file to the {apache}/conf folder below
Iv. Generating a client certificate
1. Create the client private key
OpenSSL genrsa-aes256-passout pass:pldsec-out D:/WAMP/PRIVATE/CLIENT.KEY.PEM 2048
2. Create a client certificate signing request
OpenSSL req-passin pass:pldsec-new-key d:/wamp/private/client.key.pem-out d:/wamp/private/client.csr-subj '/C=CN/ST =sz/l=sz/o=pldsec/ou=pldsec/cn=192.168.1.203 '-config d:/wamp/apache24/conf/openssl.cnf
3. Issuing the client certificate with CA root certificate
OpenSSL x509-req-days 3650-ca d:/wamp/apache24/conf/ca.crt-cakey d:/wamp/apache24/bin/ca.key-cacreateserial-in D:/W Amp/private/client.csr-out D:/WAMP/CERTIFICATES/CLIENT.CRT
4. Convert CLIENT.CRT to. pfx format certificate
OpenSSL pkcs12-export-clcerts-inkey d:/wamp/private/client.key.pem-in d:/wamp/certificates/client.crt-out D:/Wamp/ Certificates/client.p12-passin Pass:pldsec-passout pass:pldsec
V. Configuring two-way HTTPS in httpd
1, edit the httpd.conf, find the following 2 lines of code, and remove the previous #, (the premise is that in the compilation of HTTPd, the SSL module has been compiled)
LoadModule Socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule Socache_dbm_module modules/mod_socache_dbm.so
LoadModule Socache_memcache_module modules/mod_socache_memcache.so
LoadModule Ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
<ifmodule ssl_module>
Sslrandomseed Startup Builtin
Sslrandomseed Connect Builtin
</IfModule>
2. Edit {apache}/conf/extra/httpd-ssl.conf
Sslengine on
Sslcertificatefile "D:/WAMP/APACHE24/CONF/SERVER.CRT"
Sslcertificatekeyfile "D:/wamp/apache24/conf/server.key"
Sslcacertificatefile "D:/WAMP/APACHE24/CONF/CA.CRT"
Sslverifyclient require
Sslverifydepth 10
The first 3 Open is a one-way HTTPS authentication, the back 3 is two-way HTTPS authentication
Add SSL module under Windows Apache