Appserv Configuration Ahssl

Open the httpd.conf file and remove the line from the comment:
Include conf/extra/httpd-ahssl.conf
LoadModule Ssl_module modules/mod_ssl.so
ServerName mytsbank.com:80

Open the httpd-ahssl.conf and modify the following:
<virtualhost _default_:443>
Sslengine on
ServerName mytsbank.com:443 #主要修改一下这里
Sslcertificatefile "${SRVROOT}/CONF/SSL/SERVER.CRT"
Sslcertificatekeyfile "${srvroot}/conf/ssl/server.key"
DocumentRoot "C:/appserv/www"
# DocumentRoot Access handled globally in httpd.conf
Customlog "${srvroot}/logs/ssl_request.log" \
"%t%h%{ssl_protocol}x%{ssl_cipher}x \"%r\ "%b"
<directory "C:/appserv/www" >
Options Indexes includes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</virtualhost>

Restart Apache, enter https://www.mytsbank.com

Apache Configuration HTTPS
1, install the Apache environment, pay attention to the SSL version. This is installed in the C:/apache directory.
2. Generate Server Certificate
1) Enter the Apache/bin directory under DOS command
2) You need to set the OpenSSL environment variable in Windows environment first:
Execute command
Set openssl_conf=. \conf\openssl.cnf
Please ensure C:\AppServ\Apache24\conf\openssl.cnf exists before execution, otherwise it will appear: Warning:can ' t open config file:/usr/local/ssl/openssl.cnf Information hint.
Also under Windows System. CNF is treated as a shortcut by default and does not see the extension.
3) generate the private key file:
Execute command
OpenSSL Genrsa 1024>server.key
Note: This is a 128-bit RSA algorithm generated key, get Server.key file. > is the identifier of the output file
This generation method generates a private key file without a key. Of course, Apache provides a command to join the key (Password), which is to add the parameter-des3. The command is:
OpenSSL Genrsa 1024-des3 > Server.key
Using the above command to generate a private key file is required to enter the key, when running will let you enter and confirm your key. However, the following error is caused in the Windows environment: error: Apache boot failure, error message: Init:sslpassphrasedialog Builtin is not supported on Win32 (key file ...)
The reason is that Apache under window does not support encrypted private key files.
Note: The default length of the RSA key pair in the generated certificate is 1024, and the value is 2 of the entire number of times. It is recommended to use more than 4096.
4) Generate the certificate request file.
Execute command
OpenSSL Req-new-key server.key > SERVER.CSR
Note: This is to generate a certificate request file SERVER.CSR with the key of step 3, this step will have many parameters and require one by one input.
Enter a series of parameters as prompted:
Country Name (2 letter code) [AU]:CN ISO country code (two-character only)
State or province name (full name) [Some-state]:zj Province
Locality Name (eg, city) []:hz location
Organization name (eg, company): Sw_tech Corporation Name
Organizational Unit name (eg, section) []:sw_tech Organization name
Common name (eg, YOUR name) []:kedou.com the domain name requesting the certificate
email address []:[email protected] Admin mailbox
Please enter the following ' extra ' attributes-be-sent with your certificate request A challenge Password []: Swap key
An optional company name []: note: Common name must be the same as the server name in httpd.conf, or Apache will not start (the error message when you start Apache is: RSA server certific Ate commonname (CN) ' Kedou ' does not match server name!? ）
5) Sign the server certificate file.
Execute command line
OpenSSL req-x509-days 365-key server.key-in SERVER.CSR > Server.crt
Description: This is a 3,4 key and certificate request to generate a certificate server.crt,-days parameter that indicates the certificate validity period, in days, X509 indicates the generation of the certificate.
The above signed certificate is only for testing purposes and when really running, the CSR should be sent to a CA to return the true certificate. Some documents on the Web describe the process of generating certificate files, because they set up a CA center themselves and then sign SERVER.CSR
You can view the contents of the certificate with OpenSSL x509-noout-text-in server.crt. The certificate actually contains the public Key
3, Configuration httpd.conf
Open the httpd.conf file and remove the line from the comment:
Include conf/extra/httpd-ssl.conf
LoadModule Ssl_module modules/mod_ssl.so

Appserv Configuration Ahssl