wamp5 开启 ssl
安装环境:Wampserver集成安装包;window7 x64系统。
openssl.exe 所在位置 E:\wamp\bin\apache\apache2.4.9\bin
1.打开cmd,进入openssl.exe所在位置
cd E:\wamp\bin\apache\apache2.4.9\bin
2.设置配置文件
set OPENSSL_CONF=../conf/openssl.cnf
3.生成需要的私钥
openssl genrsa > root.key // 生成根密钥
openssl genrsa > server.key// 生成服务端密钥
openssl genrsa > client.key// 生成客户端密钥
4.生成自签名的根证书
openssl req -x509 -new -key root.key > root.crt
openssl req -new -key server.key -out server.csr
openssl req -new -key client.key -out client.csr
Country Name (2 letter code) :CNISO国家代码(只支持两位字符)
State or Province Name (full name) :ZJ所在省份
Locality Name (eg, city) []:HZ所在城市
Organization Name (eg, company):THS公司名称
Organizational Unit Name (eg, section) []:THS组织名称
Common Name (eg, YOUR name) []:localhost(申请证书的域名或IP地址)
Email Address []:laoniangke@xxx.com管理员邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:交换密钥
An optional company name []:
5.配置openssl.cnf
md demoCA
md demoCA\newcerts
md demoCA\private
cd. > demoCA\index.txt
echo 01 > demoCA\serial
echo 01 > demoCA\crlnumber
openssl genrsa -out demoCA/private/cakey.pem 2048
openssl req -out demoCA/cacert.pem -x509 -new -key demoCA/private/cakey.pem
6.使用根证书为服务端及客户端签名
openssl ca -in server.csr -cert root.crt -keyfile root.key -out server.crt
openssl ca -in client.csr -cert root.crt -keyfile root.key -out client.crt
7.将客户端证书转成pfx格式,并在浏览器上导入该证书
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.pfx
8.配置http.conf,所在位置E:\wamp\bin\apache\apache2.4.9\conf\http.conf,反注释(只列出修改部分)
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule sslmodule modules/modssl.so
Include conf/extra/httpd-ssl.conf
9.配置http-ssl.conf,所在位置E:\wamp\bin\apache\apache2.4.9\conf\extra\http-ssl.conf(只列出修改部分)
SSLSessionCache "shmcb:E:/wamp/logs/ssl_scache"
Mutex default
<VirtualHost _default_:443>
DocumentRoot "E:/wamp/www"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "E:/wamp/logs/apache_error.log"
TransferLog "E:/wamp/logs/access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "E:/wamp/bin/apache/apache2.4.9/bin/server.crt"
SSLCertificateKeyFile "E:/wamp/bin/apache/apache2.4.9/bin/server.key"
SSLCACertificateFile "E:/wamp/bin/apache/apache2.4.9/bin/root.crt"
SSLVerifyClient require
SSLVerifyDepth10
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
CustomLog "E:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
重启 wampserver,如有问题,查看E:\wamp\logs\apache_error.log
如果发现apache 重启不了
后面有问题就到apache的/bin/httpd.exe -t 来看错误
也要看一下是否有程序占用443端口
I've also enabled "LoadModule status_module modules/mod_status.so" using the following configuration in httpd.conf:
<IfModule status_module>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
</Location>
</IfModule>
You can check now your server status here
https://localhost/server-status/
页:
[1]