Open the apache setting method SSL

Others 2020-03-07 14:10:08 views: null

443 communication port opening

If the server is deployed in the cloud, remember that open communication permission port 443

 

 

Production ssl certificate

The first: Free Website: https://freessl.cn/

The second: openssl (phpstudy own)

1, set the environment variable openssl

Use DOS command to enter the Apache bin directory because the directory only libeay32.dll, openssl.exe, ssleay32.dlland other documents.

Run using DOS commands in the bin directory: set OPENSSL_CONF = .. \ conf \ openssl.cnf, set by this command openssl environment variable, if the command is not executed, the operation will be given later.

set OPENSSL_CONF=..\conf\openssl.cnf

2, the server private key generated

Note: This is a 128-bit key using the RSA algorithm generated can also use other algorithms to generate the key, related usage can use the search engine. 4096 is the length of the key, the value is preferably at least 4096 to use the value must be an integer power of two.

openssl genrsa 4096 > server.key

3, generating unsigned server.csr

openssl req -new -key server.key > server.csr

The Name Country ( 2 Letter code) [AU]: CN ISO country code (supports only two characters)
The Name Province or State (Full name) [s Some - State]: Hu Bei province where
Locality Name (eg, city) []: Wu Han city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Mark Company Name
Organizational Unit Name (eg, section) []: IT organization name
Common Name (eg server FQDN or YOUR name) []: www.phpmarker.com certificate application domain
Address Email []: phpmarker @ 163 .com Administrator mailbox
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: can exchange key blank
An optional company name []: Nullable

You may be given: ordinal xxx can not be located in the dynamic link library libeay32.dll, solution: Copy the files in the bin directory libeay32.dll apache to c: \ windows \ system32 next.

4, signed server certificate file server.crt

This command uses the third step and the fourth step of generating keys and certificates to generate a certificate server.crt, -days parameter indicates the certificate is valid, in days, x509 is generated to represent X.509 certificates.

openssl req -x509 -days 365 -key server.key -in server.csr > server.crt

5, View certificate details

openssl x509 -noout -text -in server.crt

SSL deployment

1, confirm whether there ssl apache module

Configuring Apache server supports https protocol and SSL certificates, most basic requirement is included openssl Apache module. Some have the apache / bin directory libeay32.dll, , openssl.exe, ssleay32.dllcomes ssl module if the module does not need to download their own separate openssl.

2, configuration file open apache conf / httpd.conf, remove the front of the module # ssl

LoadModule ssl_module modules/mod_ssl.so
...
Include conf/extra/httpd-ssl.conf

3, backup modified httpd-ssl.conf

Listen 443
SSLPassPhraseDialog  builtin
<VirtualHost _default_:443>
    DocumentRoot "C:\Program Files\api"
    ServerName api.test.com
    ServerAlias api.test.com
    ErrorLog "C:\Program Files\api\logs\websslapi-error.log"
    TransferLog "C:\Program Files\api\logs\websslapi-access.log"
  <Directory "C:\Program Files\api">
      Options FollowSymLinks ExecCGI
      AllowOverride All
      Order allow,deny
      Allow from all
      Require all granted
  </Directory>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile "C:\phpstudy\Apache\conf\ssl\api.test.com.crt"
    SSLCertificateKeyFile "C:\phpstudy\Apache\conf\ssl\api.test.com.key"
    SSLCertificateChainFile "C:\phpstudy\Apache\conf\ssl\api.test.com_ca_bundle.crt"
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "C:\Program Files\api\logs\ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

4, test configuration

C:\phpstudy\Apache\bin>httpd.exe -t
Syntax OK

5, dynamic load the new configuration

C:\phpstudy\Apache\bin>httpd.exe -k restart -n apache2a

6, open the browser test

 

 

httpd-ssl.conf

Guess you like

Origin www.cnblogs.com/lixiaobin/p/apachessl.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com