Apache2 ssl two-way authentication

Apache2 ssl two-way authentication read a lot of information online, not a relatively complete, now the configuration is successful, write a record. Environment: linux (ubuntu) + openssl + apache2 1. First, switch to the apache directory, create a CA folder sudo mkdir CA sudo chmod 777 CA 2, and then go to the CA folder cp CA 3, create another file www.2cto.com mkdir demoCA/newcerts mkdir demoCA/private touch demoCA/index.txt echo "01"> demoCA/serial 4. Enter "openssl genrsa-out server. key 1024 "to generate the public key file server of the website server. key. Enter openssl req-new-out server. csr-key server. enter "openssl genrsa-out ca. key 1024 "to generate the CA private key file ca. key. Enter "openssl req-new-x509-days 365-key ca. key-out ca. crt" to generate the CA certificate. Enter "openssl ca-in server. csr-out server. crt-cert ca. crt-keyfile ca. key ", and then we will see an additional server under the bin directory. crt file. This is the signed server certificate. Open the browser and import the ca certificate (ca. crt) into the browser. 5. Generate the client. key openssl genrsa-out client. key 1024: generate the client certificate. crt www.2cto.com openssl req-new-key client. key-out client. csr. crt. pfx certificate openssl x509-req-days 365-CA ca. crt-CAkey ca. key-CAcreateserial-in client. csr-out client. crt sets client. crt. pfx certificate openssl pkcs12-export-clcerts-in client. crt-inkey client. key-out client. p12 double-click client. p12 imports it into the browser. 6. Configure httpd. conf www.2cto.com [html] <VirtualHost _ default _: 443> ServerAdmin crm.xiaolong.com DocumentRoot/var/www LogLevel warn ErrorLog/var/log/apache2/error. log CustomLog/var/log/apache2/ssl_access.log combined [html] SSLEngine on SSLCertificateFile/etc/apache2/CA/server. crt SSLCertificateKeyFile/etc/apache2/CA/server. key SSLCACertificateFile/etc/apache2/CA/ca. crt SSLVerifyClient require SSLVerifyDepth 10 </VirtualHost>