Reproduced from the sub-non-fish blog slightly modified the first step: rely on
To configure the Apache server to support the HTTPS protocol and SSL certificate, the most basic requirement is that Apache contains the OpenSSL module. Fortunately, the Apache/bin directory has libeay32.dll
,, openssl.exe
ssleay32.dll
and comes with the SSL module, if not the module, you need to download a separate OpenSSL.
Step two: Start the module
Boot module is relatively simple, open Apache configuration file conf/httpd.conf, remove the SSL module in front of the #
LoadModule ssl_module modules/mod_ssl.so...Include conf/extra/httpd-ssl.conf
Step Three: Configure the certificate
If you have a certificate, then there will be malinlin.cn.crt
malinlin.cn.key
, two files, under the Conf set up an SSL folder to store certificates. After the original conf/extra/httpd-ssl.conf
backup, create a new one httpd-ssl.conf
. Here's what I always configure for eggs:
Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin<virtualhost *:443>DocumentRoot"C:/wamp/www" servername malinlin.cn:443ServerAdmin [email Protected]errorlog "C:/wamp/bin/apache/apache2.2.22/logs /ssl-error.log "transferlog " c:/wamp/bin/apache/ Apache2.2.22/logs/sll-access.log "sslengine onsslcertificatefile sslcertificatekeyfile " c:/wamp/bin/ Apache/apache2.2.22/conf/ssl/malinlin.cn.key "sslcertificatechainfile " C:/WAMP/BIN/APACHE/APACHE2.2.22/CONF/SSL/MALINLIN.CN.CRT "</ Virtualhost>
If you want to change the original httpd-sll.conf, remember to comment out the three lines. If there is no comment, start wamp will be the yellow color of the failure.
#SSLSessionCache "dbm:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache "shmcb:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache(512000)"#SSLSessionCacheTimeout 300
Test
Once configured, restart the Wamp and the browser will be able to access it after the reboot is complete.
Extra
If this has solved your problem, then there is no need to look down, the following is the introduction of no certificate can also experience, our strong OpenSSL can also generate certificates, and then Access https://localhost
(ah, what domain names are ok)
1. Use DOS command to enter Apache Bin directory
Because the directory has libeay32.dll
, openssl.exe
,, and ssleay32.dll
other files.
2. Setting the OpenSSL environment variable
Execute the command in the bin directory using the DOS command: Set openssl_conf=. \CONF\OPENSSL.CNF, this command sets the environment variable for OpenSSL, and if you do not execute this command, the subsequent operation will error.
set OPENSSL_CONF=..\conf\openssl.cnf
3. Generate Server.key
DOS Execute command: OpenSSL genrsa 4096 > server.key, executed this command, will generate Server.key in the bin directory. Note: This is a key generated using the 128-bit RSA algorithm, and other algorithms can be used to generate the key, and related usages can be searched using search engines. 4096 is the length of the key, preferably with a value of more than 4096, and must be a full number of 2.
4096 > server.key
4. Generate unsigned SERVER.CSR
DOS command execution: OpenSSL req-new-key server.key > SERVER.CSR, this command uses the generated key file Server.key generate a certificate request file SERVER.CSR, after executing this command, you will also enter many parameters later.
OpensslReq-new-keyServer. Key >Server. CSRCountryName (2LetterCode[AU]: CNISO country code (two-bit characters only)StateOrProvinceName (FullName[Some-state]: HuBei ProvinceLocalityName (egCity[]: WuCities in Han RegionOrganizationName (egCompany[Internet widgits Pty LTD]: MarkCompany NameOrganizationalUnitName (egSection[]: IT Organization Namecommon name (e< Span class= "Hljs-selector-class" >.g. server FQDN Span class= "Hljs-selector-tag" >or your name) []:www.com the domain name of the application certificate email address []:[email Protected]163.com Admin mailbox Please enter the following ' extra ' attributesto is sent with your Certi Ficate requesta Challenge Password []: Exchange key can be empty an optional company name []: Nullable span>
5. Sign the server certificate file server.crt
DOS command execution: OpenSSL req-x509-days 365-key server.key-in SERVER.CSR > SERVER.CRT, this command uses the keys and certificates generated by the third and fourth steps to generate the certificate Server.crt,-days parameter represents the certificate validity period, in days, X509 indicates the generation of the certificate.
365 -key server.key -in server.csr > server.crt
6. View Certificate Details
DOS Execute command: OpenSSL x509-noout-text-in server.crt, this command can view the details of the certificate
openssl x509 -noout -text -in server.crt
7. Start deployment
After executing all of the above commands, three files are generated in the Apache Bin directory server.key
server.csr
server.crt
. You can move it to a folder that specifically places certificates.
To modify the httpd-ssl.conf, here is my configuration:
Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin#SSLSessionCache "Dbm:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache "Shmcb:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache (512000)"#SSLSessionCacheTimeout 300<virtualhost _default_:443>DocumentRoot"E:/kuaipan/code/win_www"ServerName localhost:443ServerAdmin [email protected]errorlog "D:/wamp/bin/apache/apache2.4.9/logs /ssl-error.log "transferlog " D:/wamp/bin/apache/apache2.4.9/logs/sll-access.log "SSLEngine on Sslcertificatefile " d:/wamp/bin/apache/apache2.4.9/conf/ssl/server.crt"sslcertificatekeyfile " D:/ Wamp/bin/apache/apache2.4.9/conf/ssl/server.key "sslcertificatechainfile " d:/wamp/bin/apache/ Apache2.4.9/conf/ssl/server.crt "</VirtualHost>
8. Restart Apache Server
Browser access Https://localhost after reboot
Available, but HTTPS is a fork, unlike the picture above is green. This happens because the certificates we make ourselves are not trusted by the browser. We view the certificate details:
Configure SSL certificates for Apache under Window