[架站] AppServ 2.5.10 開 SSL

OS:win7 & windows server 2008
AppServ 2.5.10本身就有openssl。



D:\AppServ\Apache2.2\conf\openssl.cnf

修改
dir = ssl
certs = $dir\\certs
crl_dir = $dir\\crl
database = $dir\\index.txt
new_certs_dir = $dir

certificate = $dir\\cacert.pem
serial = $dir\\serial
crlnumber = $dir\\crlnumber

crl = $dir\\crl.pem
private_key = $dir\\private.pem
RANDFILE = $dir\\private.rand

#x509_extensions = usr_cert

修改完後複製到
D:\AppServ\Apache2.2\bin 當中
建立 ssl 資料夾
D:\AppServ\Apache2.2\bin\ssl
當中建立兩個檔案
index.txt
保持空白
serial
鍵入01,不需要副檔名



D:\AppServ\Apache2.2\bin中開啟cmd利用以下指令產生私鑰
1.
openssl genrsa -des3 -out ssl/ca.key 1024
2.
openssl req -config openssl.cnf -new -key ssl/ca.key -out ssl/ca.csr
3.
openssl x509 -days 3650 -req -signkey ssl/ca.key -in ssl/ca.csr -out ssl/ca.crt
4.
openSSL genrsa -out ssl/server.key 1024
5.
openssl req -config openssl.cnf -new -key ssl/server.key -out ssl/server.csr
6.
openssl ca -config openssl.cnf -days 3650 -cert ssl/ca.crt -keyfile ssl/ca.key -in ssl/server.csr -out ssl/server.crt

將bin底下的ssl拷到D:\AppServ\Apache2.2\conf\底下



D:\AppServ\Apache2.2\conf\extra\httpd-ssl.conf

修改
SSLSessionCache "shmcb:D:/AppServ/Apache2.2/logs/ssl_scache(512000)"

註解SSLMutex default改成SSLMutex none
#SSLMutex default
SSLMutex none

依照httpd.conf設定
DocumentRoot "D:/AppServ/www"

ServerName IP:443
ErrorLog "D:/AppServ/Apache2.2/logs/error.log"
TransferLog "D:/AppServ/Apache2.2/logs/access.log"

SSLCertificateFile "D:/AppServ/Apache2.2/conf/ssl/server.crt"

SSLCertificateKeyFile "D:/AppServ/Apache2.2/conf/ssl/server.key"

SSLCertificateChainFile "D:/AppServ/Apache2.2/conf/ssl/ca.crt"



D:\AppServ\Apache2.2\conf\httpd.conf

引入module
LoadModule ssl_module modules/mod_ssl.so

引入ssl設定檔
Include conf/extra/httpd-ssl.conf

重新啟動apache即可看到~

張貼留言

0 留言