Windows Apache configuration SSL (HTTPS) server

Source: Internet
Author: User
Tags pfx file

SSL is a secure protocol for HTTP transport, and certificate authentication ensures that the data between the client and the Web server is secure and can be configured with Apache's own OpenSSL:

The steps are as follows:

1. Install the OpenSSL template of Apache, most will have, judge whether there is only need to see apache\bin under the Openssl.exe run program;

2. Configure the apache/conf/httpd.conf file as follows:

#LoadModule Ssl_module modules/mod_ssl.so

#Include conf/extra/httpd-ssl.conf

Remove these two lines before the #

3. Configure the apache/conf/extra/httpd-ssl.conf file as follows:

Sslcertificatefile "CONF/SSL.CRT/SERVER.CRT" (the location of the server certificate)

Sslcertificatekeyfile "Conf/ssl.key/server.key" (the location of the server private key)

#SSLCACertificateFile "C:/APACHE24/CONF/SSL.CRT/CA-BUNDLE.CRT" (the location of the CA root certificate, as required for client authentication)

#SSLVerifyClient require (remove the previous ' # ' sign, required for client authentication)

#SSLVerifyDepth (Remove the previous ' # ' number, change 10 to 1, required for client authentication)

4. generate the private key of the server

Open the cmd command line into the Apache/bin directory to perform the OpenSSL genrsa-out server.key command to generate a server.key private key file in the current bin directory

5. Generate a sign-up request

continue under the current directory command line perform OpenSSL req-new-out server.csr-key server.key-config. \CONF\OPENSSL.CNF command to generate a SERVER.CSR signature file in the current bin directory

This process will be filled in with signed document information, such as the National organization of the city of the province of the state, it is important to note thatCommon name information must be the same as the site domain name or IP address and the servername in the httpd.conf .

6. Generate CA private key file

continue the OpenSSL genrsa-out ca.key under the current directory command line to    generate a Ca.key private key file in the current bin directory

7. Using the CA's private key to generate the CA's self-signed certificate

 continue execution of the OpenSSL req-new-x509-days 365-key ca.key-out ca.crt-config under the current directory command line. \CONF\OPENSSL.CNF   command generates a CA.CRT self-signed certificate in the current bin directory

  This process will be filled in with signed document information, such as the National organization of the city of the province of the state, it is important to note thatCommon name information must be the same as the site domain name or IP address and the servername in the httpd.conf . (consistent with step 5)

8.CA signing a certificate for the Web server

continue execution under the current directory command line OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config. \CONF\OPENSSL.CNF command generates a SERVER.CRT signed certificate file in the current bin directory

There is an error in executing the command here, the workaround is to create the Democa folder under the current folder (Bin directory), where you can create 2 files and a folder: Index.txt The empty file content is 01 without the suffix serial file and Newcert folder, There's no mistake in running the command again.

9. Move files

Copy the generated server.crt,server.key,ca.crt files to the folder that you configured in step 3

10. Configure the Access domain name or IP address of the ServerName in the httpd.conf and httpd-ssl.conf files to restart the Apache service

  

One. open IE, enter the https:// domain name or IP address : 443 will pop up a verification certificate where the click to cancel the discovery did not succeed, the original also to generate a. PFX certificate and import into IE.

  continue execution under the current directory command line OpenSSL pkcs12-export-in ca.crt-inkey ca.key-out ca.pfx generate a ca.pfx file in the middle of the bin, the process of entering a password, to remember this password. Open IE browser-"Tools-" Internet Options-"Content-" certificate, follow the prompts to import, here to enter the password you just entered in the process of generating the. pfx.

The above content for reference http://blog.csdn.net/decajes/article/details/41706739

Http://www.jb51.net/article/23971.htm

I rookie some places not to ask the great God point out!

  

Windows Apache configuration SSL (HTTPS) server

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.