Enable SSL access under Apache, that is, https

Source: Internet
Author: User
Tags install openssl openssl rsa openssl windows openssl x509

The compiled command line program in OpenSSL windows:

Http://downloads.sourceforge.net/gnuwin32/openssl-0.9.8h-1-bin.zip

Lamp enables SSL

First, install the OpenSSL and Apache SSL modules and execute:

Yum install OpenSSL mod_ssl-y

The configuration method is similar to the following:

Wamp enable SSL


1. # modify the httpd. conf file
Loadmodule ssl_module modules/mod_ssl.so
Include CONF/extra/httpd-ssl.conf
# Remove "#" from the first two rows "#"
2. # modify CONF/extra/httpd-ssl.conf
Sslcertificatefile "D:/Wamp/apache2/bin/server. CRT"
Sslcertificatekeyfile "D:/Wamp/apache2/bin/server. Key"
3. # modify the file location for your certificate generation
DocumentRoot "E:/www" # modify the DocumentRoot value to be consistent with the DocumentRoot value in the httpd. conf file.
4. # solve the problem that Apache cannot be started

Set the configuration file (in the httpd-ssl.conf CONF/extra directory)

Sslmutex "file: D:/programfiles2003/Wamp/apache2/logs/ssl_mutex"

Change to 68: sslmutex default
5. # Replace all Apache paths in the httpd-ssl.conf file with your Apache path

# The configuration file has been modified.

Ii. certificate generation method

Windows --

# Run the following command in the Apache/bin directory:

OpenSSL req-config ../CONF/OpenSSL. CNF-New-out server. CSR-keyout server. pem

OpenSSL. CNF is the OpenSSL configuration file that comes with Apache and is referenced to the complete path of the file.

Enter the password twice, whatever the password, and press enter to skip the following input.

# Issuing a certificate

OpenSSL RSA-in server. pem-out server. Key

Enter the password you just created

# Generate a key file
OpenSSL X509-in server. CSR-out server. CRT-req-signkey server. Key-days 365
# Generate a certificate file

Copy server. Key and server. CRT to the conf folder.

Linux --

Generate the server private key:
# OpenSSL Gen RSA-des3-out server. Key 1024

Generate a server certificate request and fill in the relevant certificate information as required:
# OpenSSL req-New-key server. Key-out server. CSR

Visa:
# OpenSSL X509-req-days 700-in server. CSR-signkey server. Key-out server. Cert
Signature OK


Restart Apache

OK. Congratulations, you can use HTTPS to access your root directory.

Of course, we also need an SSL Virtual Host

You need to configure the VM file to write a VM that listens to port 443 in the file. For example:

<Virtualhost wosau: 443>
DocumentRoot/home/ownfire/www/woosau
Servername woosau
Sslengine on
Sslcertificatefile/etc/httpd/CONF/server. CRT
Sslcertificatekeyfile/etc/httpd/CONF/server. Key
</Virtualhost>

Because the specified host name is woosau, you need to write a virtual host name rule.

Namevirtualhost wool: 443

Now, you can access https: // woosau.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.