Apache configuration HTTPS protocol with SSL configuration

Before you set up Apache + SSL, you need to do:

To install Apache, see: Installation and virtual directory configuration of Apache in Windows environment, download Apache installer with SSL version when downloading and installing Apache. Before you proceed to the next step, make sure that Apache is installed and functioning properly. And SSL requires files in the following location: [Apache installation directory]/modules/mod_ssl.so [Apache installation directory]/bin/openssl.exe, Libeay32.dll, Ssleay32.dll [Apa Che install directory]/conf/openssl.cnf create an SSL certificate open cmd and go to the bin directory under the Apache installation directory to execute the command:

OpenSSL genrsa 1024x768 >server.key

(The default length of the RSA key pair is 1024, the value is 2 of the whole number of parties, and the key length is about long, security is relatively high) if you are prompted to do this command, you will be asked to add a command before executing this command: Set Openssl_./conf/openssl.cnf conf=. /CONF/OPENSSL.CNF and other key Server.key after the production is finished to the next operation. Production for the signed SERVER.CSR continues to execute commands in the bin directory:

OpenSSL req-new-config. /conf/openssl.cnf-key Server.key >SERVER.CSR

(If you do not add-config.) /CONF/OPENSSL.CNF parameter, the regular report unable to load config info from/usr/local/ssl/openssl.cnf) will then be required to enter a series of parameters: Country Name (2 Letter code) [AU]:CN ISO Country code (two-bit characters only) state or province name (full name) [Some-state]:zj province locality name (eg, city) []: HZ City Organization name (eg, company): Corporate name organizational Unit name (eg, section) []: Organization name Common name (eg, YOUR name) [ ]: The domain name of the application for the certificate email Address []:[email protected] Admin mailbox Please enter the following ' extra ' attributes-be sent with your CER Tificate Request A Challenge Password []: Exchange key an optional company name []: note: Common name must and httpd.conf in server name must be Consistent, otherwise Apache will not boot (the error prompt when starting Apache: Server RSA Certificate commonname (CN) ' Kedou ' does not match server name!? ) Sign the server certificate file SERVER.CRT continue in the bin directory, execute command-line command:

OpenSSL req-x509-days 4000-config. /conf/openssl.cnf-key server.key-in SERVER.CSR >SERVER.CRT

Note: This is a certificate request that uses steps to generate certificates the Server.crt,-days parameter indicates the certificate validity period, in days, and X509 represents the generation of the certificate. In the bin directory, locate the Server.crtserver.csrserver.key three files and copy the three files to the Apache Conf directory. Configure Httpd.conf. The httpd_ssl.conf file in the Apache Conf\extra directory is a configuration of SSL and is part of the httpd.conf. Locate the following line in httpd.conf loadmodule ssl_module modules/mod_ssl.soinclude conf/extra/httpd-ssl.conf Remove the previous # will ServerName The latter 80 is changed to 443. Save httpd.conf. In the Conf\extra directory, edit httpd_ssl.conf find <virtualhost _default_:443> Modify the following sslengine on Sslcertificatefile "C:/Program Files/apache software Foundation/apache2.2/conf/server.crt" (Select the certificate directory you just created) sslcertificatekeyfile "C:/Program Files/apache software Foundation/apache2.2/conf/server.key" after saving, Restart the Apache service. Access the Https://locakhost through the web. See if you can access it properly, if you have access to it, the configuration is successful. second time method: Reference http://my.oschina.net/xpbug/blog/197454?fromerr=vjwomOJ9

Problems that may occur when you visit a Web site after successful installation:

1. Access HTTPS Web site prompts to display only secure content.
The reason is that the site references external resources and uses HTTPS. Or there is no HTTPS connection within the site.

2. Web site Access tips are not secure.
It would be nice to add the certificate to the list of trusted certificates.

Apache configuration HTTPS protocol with SSL configuration