SSL is a secure protocol for HTTP transport, and certificate authentication ensures that the data between the client and the Web server is secure and can be configured with Apache's own OpenSSL:
The steps are as follows:
1. Install the OpenSSL template of Apache, most will have, judge whether there is only need to see apache\bin under the Openssl.exe run program;
2. Configure the apache/conf/httpd.conf file as follows:
#LoadModule Ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
Remove these two lines before the #
3. Configure the apache/conf/extra/httpd-ssl.conf file as follows:
Sslcertificatefile "CONF/SSL.CRT/SERVER.CRT" (the location of the server certificate)
Sslcertificatekeyfile "Conf/ssl.key/server.key" (the location of the server private key)
#SSLCACertificateFile "C:/APACHE24/CONF/SSL.CRT/CA-BUNDLE.CRT" (the location of the CA root certificate, as required for client authentication)
#SSLVerifyClient require (remove the previous ' # ' sign, required for client authentication)
#SSLVerifyDepth (Remove the previous ' # ' number, change 10 to 1, required for client authentication)
4. generate the private key of the server
Open the cmd command line into the Apache/bin directory to perform the OpenSSL genrsa-out server.key command to generate a server.key private key file in the current bin directory
5. Generate a sign-up request
continue under the current directory command line perform OpenSSL req-new-out server.csr-key server.key-config. \CONF\OPENSSL.CNF command to generate a SERVER.CSR signature file in the current bin directory
This process will be filled in with signed document information, such as the National organization of the city of the province of the state, it is important to note thatCommon name information must be the same as the site domain name or IP address and the servername in the httpd.conf .
6. Generate CA private key file
continue the OpenSSL genrsa-out ca.key under the current directory command line to generate a Ca.key private key file in the current bin directory
7. Using the CA's private key to generate the CA's self-signed certificate
continue execution of the OpenSSL req-new-x509-days 365-key ca.key-out ca.crt-config under the current directory command line. \CONF\OPENSSL.CNF command generates a CA.CRT self-signed certificate in the current bin directory
This process will be filled in with signed document information, such as the National organization of the city of the province of the state, it is important to note thatCommon name information must be the same as the site domain name or IP address and the servername in the httpd.conf . (consistent with step 5)
8.CA signing a certificate for the Web server
continue execution under the current directory command line OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config. \CONF\OPENSSL.CNF command generates a SERVER.CRT signed certificate file in the current bin directory
There is an error in executing the command here, the workaround is to create the Democa folder under the current folder (Bin directory), where you can create 2 files and a folder: Index.txt The empty file content is 01 without the suffix serial file and Newcert folder, There's no mistake in running the command again.
9. Move files
Copy the generated server.crt,server.key,ca.crt files to the folder that you configured in step 3
10. Configure the Access domain name or IP address of the ServerName in the httpd.conf and httpd-ssl.conf files to restart the Apache service
One. open IE, enter the https:// domain name or IP address : 443 will pop up a verification certificate where the click to cancel the discovery did not succeed, the original also to generate a. PFX certificate and import into IE.
continue execution under the current directory command line OpenSSL pkcs12-export-in ca.crt-inkey ca.key-out ca.pfx generate a ca.pfx file in the middle of the bin, the process of entering a password, to remember this password. Open IE browser-"Tools-" Internet Options-"Content-" certificate, follow the prompts to import, here to enter the password you just entered in the process of generating the. pfx.
The above content for reference http://blog.csdn.net/decajes/article/details/41706739
Http://www.jb51.net/article/23971.htm
I rookie some places not to ask the great God point out!
Windows Apache configuration SSL (HTTPS) server