Configuration to access by HTTPS with SSL in Apache HTTP
2012-06-05 15:59
666 查看
Part
One, https enable with SSL
1. eable module by remove "#"
in file conf/http.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"
3. Generate certificate and key file for Server Side:
server.key:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
server.csr:
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config
..\conf\openssl.cnf
Input the asked information.
4. Generate Signture Certificate for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024
Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt
-config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name
is server domain, if is local, it is local IP.
Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt
-keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below
files:
index.txt, with content is serial:serial 01, other is null and create a folder:
newcerts. then run agin.it will generate server.crt.
5. copy server.key and server.crt(not server.csr) to conf/
Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/mod_rewrite.so
2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations
The Apache service named reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes .
It is caused by line 62(original)
#SSLSessionCache"shmcb:C:/Program
Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such
log. eg:
#SSLSessionCache"shmcb:C:/Program
Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
Resolution:
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in server.key.org -out server.key
Then use this one instead.
Part Three
Verify the private key and certificate whether can match.
View the certificate modulus using the following command:
openssl x509 -noout -text -in certfile -modulus
or
openssl x509 -noout -text -in certfile -modulus | openssl md5
View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
or
openssl rsa -noout -text -in keyfile -modulus | openssl md5
One, https enable with SSL
1. eable module by remove "#"
in file conf/http.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
2. Modify conf/extra/httpd-ssl.conf:
SSLCertificateFile "C:/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"
3. Generate certificate and key file for Server Side:
server.key:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
server.csr:
D:\local\apache2\bin>openssl req -new -out server.csr -key server.key -config
..\conf\openssl.cnf
Input the asked information.
4. Generate Signture Certificate for CA Side:
Primary key, ca.key:
D:\local\apache2\bin\openssl genrsa -out ca.key 1024
Use CA to generate self signature certificate:
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt
-config ..\conf\openssl.cnf
Here may asked to input some information. Please input the infor. Common Name
is server domain, if is local, it is local IP.
Uae CA to generate website serser signature certificate
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt
-keyfile ca.key -config ..\conf\openssl.cnf
Here will enconter error. Create demoCA in current folder, and create below
files:
index.txt, with content is serial:serial 01, other is null and create a folder:
newcerts. then run agin.it will generate server.crt.
5. copy server.key and server.crt(not server.csr) to conf/
Part Two
Redirect http to https access
1. LoadModule rewrite_module modules/mod_rewrite.so
2. Add below configuration
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Part Three (optional) --- For 64Bit OS
1. System Event error log in system lever when start up with above configurations
The Apache service named reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes .
It is caused by line 62(original)
#SSLSessionCache"shmcb:C:/Program
Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
It recognized 86 as cache size. So we need to use another folder for such
log. eg:
#SSLSessionCache"shmcb:C:/Program
Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
2. Error in log folder:
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file xxxx/conf/ssl/jfdscert.key)
Resolution:
a) Put "#" in front of SSLPassPhraseDialog to comment out the line.
b) remove the Pass Phrase for server.key with below command:
openssl rsa -in server.key.org -out server.key
Then use this one instead.
Part Three
Verify the private key and certificate whether can match.
View the certificate modulus using the following command:
openssl x509 -noout -text -in certfile -modulus
or
openssl x509 -noout -text -in certfile -modulus | openssl md5
View the key using the following command:
openssl rsa -noout -text -in keyfile -modulus
or
openssl rsa -noout -text -in keyfile -modulus | openssl md5
相关文章推荐
- Failed to load http://localhost:8080/team.php: Request header field x-jwt-header is not allowed by Access-Control-Allow-Headers in preflight response.
- A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration
- A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration
- webpack打包遇到locals[0] does not appear to be a `module` object with Hot Module replacement API enabled. You should disable react-transform-hmr in production by using `env` section in Babel configuration
- How to ignore SSL certificate errors in Apache HttpClient 4.4
- git clone出现fatal: unable to access 'https://': SSL certificate problem: self signed certificate in c
- git clone出现fatal: unable to access 'https://': SSL certificate problem: self signed certificate in
- Unsafe JavaScript attempt to access frame with URL https://xxx with URL http://xxx.
- How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server
- weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection
- Failed to fetch URL https://dl-ssl.google.com/android/repository/repository-10.xml, reason: HttpHost
- HttpClient post parameters to Https(避免ssl错误)
- LR回放https协议脚本失败:[GENERAL_MSG_CAT_SSL_ERROR]connect to host "XXX" failed:[10054] Connection reset by
- bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way forbidden by it
- How do disable paging by swiping with finger in ViewPager but still be able to swipe programmatically?
- How to respond with HTTP 400 error in a Spring MVC @ResponseBody method returning String?
- windows下apache配置SSL以实现http转换为https
- Failed to fetch URL https://dl-ssl.google.com/glass/gdk/addon.xml, reason: HttpHostConnect Connectio
- The specified named connection is either not found in the configuration, not intended to be used with the EntityClient provider, or not valid
- How to Add/Drop/Resize Redo Log with Physical Standby in place. [ID 473442.1]