What is SSL?
SSL (Secure Socket Layer): is a secure protocol for HTTP transport, with certificate authentication to ensure that the data between the client and the Web server is secure. Open ssl:http://www.openssl.org/source/
First, download and install the SSL-enabled Apache
1. Install Apache with SSL module,
Http://httpd.apache.org/download.cgi#apache23
Accessories available Httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
2. Configuration: Open Apache configuration file conf/httpd.conf
- LoadModule Ssl_module modules/mod_ssl.so
- Include conf/extra/httpd-ssl.conf
Remove the two lines in front of the #, custom configuration file. conf can also be included in the include.
Modify the two fields in the httpd-ssl.conf (or the custom *-ssl.conf) file:
- Sslcertificatefile "D:/APACHE2.2/CONF/SERVER.CRT"
- Sslcertificatekeyfile "D:/apache2.2/conf/server.key"
Ii. generate certificates and private key files for Web server
1. Generating an RSA private key for the server Apache
OpenSSL genrsa-out Server.key 1024
Generates a 1024-byte file Server.key, generates a certificate signing request CSR
2. Generate a sign-up request
OpenSSL req-new–out Server.csr-key server.key-config. \conf\openssl.cnf
which
- Country Name: Two-letter country code
- State or province name: province name
- Organization Name: Company
- Organizational Unit name: Department names
The signature file SERVER.CSR is generated at this time.
Iii. signing a certificate for the Web server through a CA
1.Generating RSA private key for CA (1024x768 bit) [Ca.key]
Generate CA private key
OpenSSL genrsa-out Ca.key 1024
Multiple out of Ca.key files
2.Generating Certificate Signing Request for CA [CA.CSR]
Using the CA's private key to generate a self-signed certificate for the CA
OpenSSL req-new-x509-days 365-key ca.key-out ca.crt-config. \conf\openssl.cnf
3.CA signing a certificate for the Web server
Create the Democa in the bin directory, create the following file, the index.txt,serial:serial content is 01, the other is empty, and the folder Newcert. Execute again to generate the Server.crt file
OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config. \conf\openssl.cnf
Then copy the Server.crt,server.key to Apache's conf folder and restart Apache.
- Httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.rar (5.1 MB)
- Download number of times: 162
Original: http://suky.iteye.com/blog/713687