To configure the Apache server to support the HTTPS protocol and SSL certificate, the most basic requirement is that Apache contains the OpenSSL module. Fortunately, the Apache/bin directory has libeay32.dll ,, openssl.exe ssleay32.dll and comes with the SSL module, if not the module, you need to download a separate OpenSSL.
Boot module is relatively simple, open Apache configuration file conf/httpd.conf, remove the SSL module in front of the #
Step Three: Configure the certificateLoadModule ssl_module modules/mod_ssl.so...Include conf/extra/httpd-ssl.conf
If you have a certificate, then there will be malinlin.cn.crt malinlin.cn.key , two files, under the Conf set up an SSL folder to store certificates. After the original conf/extra/httpd-ssl.conf backup, create a new one httpd-ssl.conf . Here's what I always configure for eggs:
Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin<virtualhost *:443>DocumentRoot"C:/wamp/www" servername malinlin.cn:443ServerAdmin [email Protected]errorlog "C:/wamp/bin/apache/apache2.2.22/logs /ssl-error.log "transferlog " c:/wamp/bin/apache/ Apache2.2.22/logs/sll-access.log "sslengine onsslcertificatefile sslcertificatekeyfile " c:/wamp/bin/ Apache/apache2.2.22/conf/ssl/malinlin.cn.key "sslcertificatechainfile " C:/WAMP/BIN/APACHE/APACHE2.2.22/CONF/SSL/MALINLIN.CN.CRT "</ Virtualhost> If you want to change the original httpd-sll.conf, remember to comment out the three lines. If there is no comment, start wamp will be the yellow color of the failure.
Test#SSLSessionCache "dbm:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache "shmcb:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache(512000)"#SSLSessionCacheTimeout 300
Once configured, restart the Wamp and the browser will be able to access it after the reboot is complete.
If this has solved your problem, then there is no need to look down, the following is the introduction of no certificate can also experience, our strong OpenSSL can also generate certificates, and then Access https://localhost (ah, what domain names are ok)
Because the directory has libeay32.dll , openssl.exe ,, and ssleay32.dll other files.
Execute the command in the bin directory using the DOS command: Set openssl_conf=. \CONF\OPENSSL.CNF, this command sets the environment variable for OpenSSL, and if you do not execute this command, the subsequent operation will error.
3. Generate Server.keyset OPENSSL_CONF=..\conf\openssl.cnf
DOS Execute command: OpenSSL genrsa 4096 > server.key, executed this command, will generate Server.key in the bin directory. Note: This is a key generated using the 128-bit RSA algorithm, and other algorithms can be used to generate the key, and related usages can be searched using search engines. 4096 is the length of the key, preferably with a value of more than 4096, and must be a full number of 2.
4. Generate unsigned SERVER.CSR4096 > server.key
DOS command execution: OpenSSL req-new-key server.key > SERVER.CSR, this command uses the generated key file Server.key generate a certificate request file SERVER.CSR, after executing this command, you will also enter many parameters later.
OpensslReq-new-keyServer. Key >Server. CSRCountryName (2LetterCode[AU]: CNISO country code (two-bit characters only)StateOrProvinceName (FullName[Some-state]: HuBei ProvinceLocalityName (egCity[]: WuCities in Han RegionOrganizationName (egCompany[Internet widgits Pty LTD]: MarkCompany NameOrganizationalUnitName (egSection[]: IT Organization Namecommon name (e< Span class= "Hljs-selector-class" >.g. server FQDN Span class= "Hljs-selector-tag" >or your name) []:www.com the domain name of the application certificate email address []:[email Protected]163.com Admin mailbox Please enter the following ' extra ' attributesto is sent with your Certi Ficate requesta Challenge Password []: Exchange key can be empty an optional company name []: Nullable span> DOS command execution: OpenSSL req-x509-days 365-key server.key-in SERVER.CSR > SERVER.CRT, this command uses the keys and certificates generated by the third and fourth steps to generate the certificate Server.crt,-days parameter represents the certificate validity period, in days, X509 indicates the generation of the certificate.
6. View Certificate Details365 -key server.key -in server.csr > server.crt
DOS Execute command: OpenSSL x509-noout-text-in server.crt, this command can view the details of the certificate
7. Start deploymentopenssl x509 -noout -text -in server.crt
After executing all of the above commands, three files are generated in the Apache Bin directory server.key server.csr server.crt . You can move it to a folder that specifically places certificates.
To modify the httpd-ssl.conf, here is my configuration:
Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin#SSLSessionCache "Dbm:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache "Shmcb:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache (512000)"#SSLSessionCacheTimeout 300<virtualhost _default_:443>DocumentRoot"E:/kuaipan/code/win_www"ServerName localhost:443ServerAdmin [email protected]errorlog "D:/wamp/bin/apache/apache2.4.9/logs /ssl-error.log "transferlog " D:/wamp/bin/apache/apache2.4.9/logs/sll-access.log "SSLEngine on Sslcertificatefile " d:/wamp/bin/apache/apache2.4.9/conf/ssl/server.crt"sslcertificatekeyfile " D:/ Wamp/bin/apache/apache2.4.9/conf/ssl/server.key "sslcertificatechainfile " d:/wamp/bin/apache/ Apache2.4.9/conf/ssl/server.crt "</VirtualHost> Browser access Https://localhost after reboot
Available, but HTTPS is a fork, unlike the picture above is green. This happens because the certificates we make ourselves are not trusted by the browser. We view the certificate details:
Configure SSL certificates for Apache under Window
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
