Configure SSL certificates for Apache under Window

Source: Internet
Author: User
Tags builtin openssl x509 ssl certificate

Reproduced from the sub-non-fish blog slightly modified the first step: rely on

To configure the Apache server to support the HTTPS protocol and SSL certificate, the most basic requirement is that Apache contains the OpenSSL module. Fortunately, the Apache/bin directory has libeay32.dll ,, openssl.exe ssleay32.dll and comes with the SSL module, if not the module, you need to download a separate OpenSSL.

Step two: Start the module

Boot module is relatively simple, open Apache configuration file conf/httpd.conf, remove the SSL module in front of the #

LoadModule ssl_module modules/mod_ssl.so...Include conf/extra/httpd-ssl.conf
Step Three: Configure the certificate

If you have a certificate, then there will be malinlin.cn.crt malinlin.cn.key , two files, under the Conf set up an SSL folder to store certificates. After the original conf/extra/httpd-ssl.conf backup, create a new one httpd-ssl.conf . Here's what I always configure for eggs:

Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin<virtualhost *:443>DocumentRoot"C:/wamp/www" servername malinlin.cn:443ServerAdmin [email  Protected]errorlog  "C:/wamp/bin/apache/apache2.2.22/logs /ssl-error.log "transferlog " c:/wamp/bin/apache/ Apache2.2.22/logs/sll-access.log "sslengine onsslcertificatefile sslcertificatekeyfile " c:/wamp/bin/ Apache/apache2.2.22/conf/ssl/malinlin.cn.key "sslcertificatechainfile " C:/WAMP/BIN/APACHE/APACHE2.2.22/CONF/SSL/MALINLIN.CN.CRT "</ Virtualhost>              

If you want to change the original httpd-sll.conf, remember to comment out the three lines. If there is no comment, start wamp will be the yellow color of the failure.

#SSLSessionCache         "dbm:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache        "shmcb:D:/wamp/bin/apache/apache2.4.9/logs/ssl_scache(512000)"#SSLSessionCacheTimeout 300
Test

Once configured, restart the Wamp and the browser will be able to access it after the reboot is complete.

Extra

If this has solved your problem, then there is no need to look down, the following is the introduction of no certificate can also experience, our strong OpenSSL can also generate certificates, and then Access https://localhost (ah, what domain names are ok)

1. Use DOS command to enter Apache Bin directory

Because the directory has libeay32.dll , openssl.exe ,, and ssleay32.dll other files.

2. Setting the OpenSSL environment variable

Execute the command in the bin directory using the DOS command: Set openssl_conf=. \CONF\OPENSSL.CNF, this command sets the environment variable for OpenSSL, and if you do not execute this command, the subsequent operation will error.

set OPENSSL_CONF=..\conf\openssl.cnf
3. Generate Server.key

DOS Execute command: OpenSSL genrsa 4096 > server.key, executed this command, will generate Server.key in the bin directory. Note: This is a key generated using the 128-bit RSA algorithm, and other algorithms can be used to generate the key, and related usages can be searched using search engines. 4096 is the length of the key, preferably with a value of more than 4096, and must be a full number of 2.

4096 > server.key
4. Generate unsigned SERVER.CSR

DOS command execution: OpenSSL req-new-key server.key > SERVER.CSR, this command uses the generated key file Server.key generate a certificate request file SERVER.CSR, after executing this command, you will also enter many parameters later.

OpensslReq-new-keyServer. Key >Server. CSRCountryName (2LetterCode[AU]: CNISO country code (two-bit characters only)StateOrProvinceName (FullName[Some-state]: HuBei ProvinceLocalityName (egCity[]: WuCities in Han RegionOrganizationName (egCompany[Internet widgits Pty LTD]: MarkCompany NameOrganizationalUnitName (egSection[]: IT Organization Namecommon name (e< Span class= "Hljs-selector-class" >.g. server FQDN Span class= "Hljs-selector-tag" >or your name) []:www.com the domain name of the application certificate email address []:[email  Protected]163.com Admin mailbox Please enter the following ' extra ' attributesto is sent with your Certi Ficate requesta Challenge Password []: Exchange key can be empty an optional company name []: Nullable       span>           
5. Sign the server certificate file server.crt

DOS command execution: OpenSSL req-x509-days 365-key server.key-in SERVER.CSR > SERVER.CRT, this command uses the keys and certificates generated by the third and fourth steps to generate the certificate Server.crt,-days parameter represents the certificate validity period, in days, X509 indicates the generation of the certificate.

365 -key server.key -in server.csr > server.crt
6. View Certificate Details

DOS Execute command: OpenSSL x509-noout-text-in server.crt, this command can view the details of the certificate

openssl x509 -noout -text -in server.crt
7. Start deployment

After executing all of the above commands, three files are generated in the Apache Bin directory server.key server.csr server.crt . You can move it to a folder that specifically places certificates.
To modify the httpd-ssl.conf, here is my configuration:

Listen 443Sslciphersuite high:medium:!anull:! MD5Sslpassphrasedialog Builtin#SSLSessionCache "Dbm:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache"#SSLSessionCache "Shmcb:d:/wamp/bin/apache/apache2.4.9/logs/ssl_scache (512000)"#SSLSessionCacheTimeout 300<virtualhost _default_:443>DocumentRoot"E:/kuaipan/code/win_www"ServerName localhost:443ServerAdmin [email protected]errorlog "D:/wamp/bin/apache/apache2.4.9/logs /ssl-error.log "transferlog " D:/wamp/bin/apache/apache2.4.9/logs/sll-access.log "SSLEngine  on Sslcertificatefile " d:/wamp/bin/apache/apache2.4.9/conf/ssl/server.crt"sslcertificatekeyfile " D:/ Wamp/bin/apache/apache2.4.9/conf/ssl/server.key "sslcertificatechainfile " d:/wamp/bin/apache/ Apache2.4.9/conf/ssl/server.crt "</VirtualHost>         
8. Restart Apache Server

Browser access Https://localhost after reboot

Available, but HTTPS is a fork, unlike the picture above is green. This happens because the certificates we make ourselves are not trusted by the browser. We view the certificate details:

Configure SSL certificates for Apache under Window

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.