Bookmark and Share
[how-to] appserv 啟動 apache ssl 加密連線瀏覽設置
(Publish Date: 2013-7-14 12:21am, Total Visits: 1835, Today: 2, This Week: 8, This Month: 31)

[how-to] appserv 啟動 apache ssl 加密連線瀏覽設置

@準備工作

C:\AppServ\Apache2.2\bin\ssl 中建兩個檔

index.txt 保持空白
serial鍵入01 (不需要副檔名)

@Apache: httpd.conf 檔設定

編輯 C:\AppServ\Apache2.2\conf 下的 httpd.conf

1. 將LoadModule ssl_module modules/mod_ssl.so 這行前面的#註解拿掉並存檔

2. 將 #Virtual host with SSL 下

Include C:\Appserv\Apache2.2\conf\extra\httpd-ssl.conf 這行前面的#註解拿掉並存檔 

 

@網站SSL憑證設定

將apache2.2/conf/openssl.conf檔 copy至apache2.2/bin/下以便製作憑證

建立一個新資料夾 ssl

編輯openssl.conf 改以下區塊

#############################################

[ CA_default ]

 

dir = ssl

certs = $dir\\certs

crl_dir = $dir\\crl

database = $dir\\index.txt

new_certs_dir = $dir

 

certificate = $dir\\cacert.pem

serial = $dir\\serial

crlnumber = $dir\\crlnumber

crl = $dir\\crl.pem

private_key = $dir\\private.pem

RANDFILE = $dir\\private.rand

 

#x509_extensions = usr_cert


@執行openssl.exe, 依以下步驟輸入指令

1. 產生 server 端 rsa 私鑰 

 

genrsa -out ssl/server.key 1024

2. 產生憑證簽署要求檔

req -new -out ssl/server.csr -key ssl/server.key -config openssl.cnf

設定如下:

Country Name為國籍鍵入TW

State or Province Name為省份鍵入Taiwan

Locality Name為所在地

Organization Name為組織名稱

Organizational Unit Name為組織內單位

Common Name為domain name

Email Address為管理者的電子信箱

...剩餘兩項可不填入

 

3. 產生ca的rsa私鑰

genrsa -out ssl/ca.key 1024

4. 利用ca私鑰產生簽署憑證檔

req -new -x509 -days 3650 -key ssl/ca.key -out ssl/ca.crt -config openssl.cnf

設定如前 (step 2)

5. 利用ca替網站簽署認證 (-days 3650, 十年有效)

ca -in ssl/server.csr -out ssl/server.crt -cert ssl/ca.crt -keyfile ssl/ca.key -config openssl.cnf -days 3650

6. 將C:\AppServ\Apache2.2\bin\ssl底下的server.crt與server.key兩個檔案, 複製至C:\AppServ\Apache2.2\conf\ssl資料夾底下

7. 編輯conf/extra/httpd-ssl.conf

#修改

SSLSessionCache "shmcb:D:/AppServ/Apache2.2/logs/ssl_scache(512000)"

 

#SSLMutex default改成SSLMutex none

#SSLMutex default

SSLMutex none

 

##修改

## SSL Virtual Host Context

##

 

#   General setup for the virtual host

DocumentRoot "C:/AppServ/www"

#DocumentRoot "C:/Apache2.2/htdocs"

ServerName domain_name:443

#ServerAdmin x@x.com

#ErrorLog "C:/Apache2.2/logs/error.log"

#TransferLog "C:/Apache2.2/logs/access.log"

ErrorLog "C:/AppServ/Apache2.2/logs/error.log"

TransferLog "C:/AppServ/Apache2.2/logs/access.log"

 

 

#修改

SSLCertificateFile "D:/AppServ/Apache2.2/conf/ssl/server.crt"

 

SSLCertificateKeyFile "D:/AppServ/Apache2.2/conf/ssl/server.key"

 

SSLCertificateChainFile "D:/AppServ/Apache2.2/conf/ssl/ca.crt"

8. 關閉 apache stop 再啓動 start (註意apache restart 不一定有用!) 

參考資料

http://joe01032002.pixnet.net/blog/post/92665237-【php】利用openssl實作ssl網頁加密

http://vanity-generation.blogspot.tw/2012/09/appserv-2510-ssl.html

 


[Total Users: 1]

I want to comment on it

1

Display: 1 - 1 of 1, Total Pages: 1

lovelin1987 : [url=http://www.longchampoutletstore.org/][b]Longchamp Outlet Store[/b][/url] [url=http://www.nfljerseys.us/][b]NFL Jerseys[/b][/url] [url=http://www.yeezyboost350.us.com/][b]Yeezy Boost 350[/b][/url] [url=http://www.jordan4.us/][b]Jordan 4[/b][/url] [url=http://www.nikeoutletsstore.com/][b]Nike Outlet[/b][/url] [url=http://www.longchampbags.us.com/][b]Longchamp Handbags[/b][/url] [url=http://www.airmax2016.us.com/][b]Nike Air Max 2016[/b][/url] [url=http://www.adidas-uk.org.uk/][b]Adidas UK[/b][/url] [url=http://www.yeezys.org/][b]Yeezys[/b][/url] [url=http://www.underarmouroutlet.us.com/][b]Under Armour Outlet[/b][/url] [url=http://www.timberlanduk.org.uk/][b]Timberland UK[/b][/url] [url=http://www.jordan12.us/][b]Jordan 12[/b][/url] [url=http://www.poloralphlaurenoutlets.us.com/][b]Polo Ralph Lauren Outlet Online[/b][/url] [url=http://www.yeezy-shoes.us.com/][b]Yeezy[/b][/url] [url=http://www.nikeoutlet.org.uk/][b]Nike Outlet[/b][/url] [url=http://www.nikehuarache.us/][b]Nike Huarache[/b][/url] [url=http://www.kedsshoesforwomen.com/][b]Keds Shoes For Women[/b][/url] [url=http://www.nikerosherun.us.com/][b]Roshe Run[/b][/url] [url=http://www.yeezy.com.co/][b]Yeezy Shoes[/b][/url] [url=http://www.nikeairmax.us/][b]Nike Air Max[/b][/url] [url=http://www.oakleyoutlet-sale.us/][b]Oakley Outlet[/b][/url] [url=http://www.adidasnmd.us.com/][b]Adidas NMD[/b][/url] [url=http://www.rayban-outlets.com/][b]Ray Ban Outlet Store[/b][/url] [url=http://www.cheap--jordanshoes.us.com/][b]Jordan Shoes[/b][/url] [url=http://www.outlettoms.us/][b]Toms Outlet[/b][/url] [url=http://www.ultraboostuncaged.us/][b]Ultra Boost Uncaged[/b][/url] [url=http://www.mlb-jerseys.us/][b]MLB Jerseys[/b][/url] [url=http://www.uggboots-outlets.com/][b]Ugg Boots Outlet[/b][/url] [url=http://www.katespadeoutlets.us/][b]Kate Spade Outlet[/b][/url] [url=http://www.uggbootsclearanceoutlet.us/][b]Ugg Clearance Sale Outlet[/b][/url] [url=http://www.uggs-outletboots.us/][b]Uggs Boots Outlet[/b][/url] [url=http://www.timberland-outlet.us/][b]Timberland Outlet[/b][/url] [url=http://www.ray-banoutlets.us/][b]Ray Ban Outlet[/b][/url] [url=http://www.rayban-sunglasses.ca/][b]Ray Ban Sunglasses[/b][/url] [url=http://www.adidas-nmd.org.uk/][b]Adidas NMD[/b][/url] [url=http://www.katespadeoutlet.us.org/][b]Kate Spade Outlet[/b][/url] [url=http://www.ralphlaurens.org.uk/][b]Ralph Lauren[/b][/url] (2016/11) [Reply]