Apache2 ssl two-way authentication

Source: Internet
Author: User
Tags openssl x509 website server


Apache2 ssl two-way authentication read a lot of information online, not a relatively complete, now the configuration is successful, write a record. Environment: linux (ubuntu) + openssl + apache2 1. First, switch to the apache directory, create a CA folder sudo mkdir CA sudo chmod 777 CA 2, and then go to the CA folder cp CA 3, create another file www.2cto.com mkdir demoCA/newcerts mkdir demoCA/private touch demoCA/index.txt echo "01"> demoCA/serial 4. Enter "openssl genrsa-out server. key 1024 "to generate the public key file server of the website server. key. Enter openssl req-new-out server. csr-key server. enter "openssl genrsa-out ca. key 1024 "to generate the CA private key file ca. key. Enter "openssl req-new-x509-days 365-key ca. key-out ca. crt" to generate the CA certificate. Enter "openssl ca-in server. csr-out server. crt-cert ca. crt-keyfile ca. key ", and then we will see an additional server under the bin directory. crt file. This is the signed server certificate. Open the browser and import the ca certificate (ca. crt) into the browser. 5. Generate the client. key openssl genrsa-out client. key 1024: generate the client certificate. crt www.2cto.com openssl req-new-key client. key-out client. csr. crt. pfx certificate openssl x509-req-days 365-CA ca. crt-CAkey ca. key-CAcreateserial-in client. csr-out client. crt sets client. crt. pfx certificate openssl pkcs12-export-clcerts-in client. crt-inkey client. key-out client. p12 double-click client. p12 imports it into the browser. 6. Configure httpd. conf www.2cto.com [html] <VirtualHost _ default _: 443> ServerAdmin crm.xiaolong.com DocumentRoot/var/www LogLevel warn ErrorLog/var/log/apache2/error. log CustomLog/var/log/apache2/ssl_access.log combined [html] SSLEngine on SSLCertificateFile/etc/apache2/CA/server. crt SSLCertificateKeyFile/etc/apache2/CA/server. key SSLCACertificateFile/etc/apache2/CA/ca. crt SSLVerifyClient require SSLVerifyDepth 10 </VirtualHost>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.