This article is from
Http://raibledesigns.com/wiki/wiki.jsp?page=apachessl, and makes necessary modifications, supplements, and simplify. In my WinXP Apache1.3.31 below
assumed:
You are familiar with the installation and configuration of apache
You have a certain understanding of the basic common sense of SSL security connection.
You have a certain understanding of PHP
1 .: Install Apache
Download the Apache installation package and install from www.apache.org. It is recommended to install the 1.3.31 version, which is more convenient to the following configuration.
Don't confuse the 1.3 and 2.0 versions of Apache, different versions correspond to different mod_ssl.
Modify the following fields of httpd.conf:
[All www.my-server.dom is replaced with your own domain name!] Note: If you are tested on your own PC, you can add a line name and local IP record at the HOSTS file, and then use this Domain name is tested. For Hosts file knowledge, please understand it.
Port 80 is changed to # Port 80 Listen 80 (Standard web port) Listen 443 (listening SSL port) Servername www.my-server.dom
Restart the Apache service.
Open http://www.my-server.dom: 443 /. Connection does not encryption but represents your Apache can use 443 ports. 2 .: OpenSSL and MOD_SSL
Download from http://hunter.campbus.com/ and decompress apache_2.0.49-openssl_0.9.7d-win32.zipapache_1.3.31-mod_ssl_2.8.20-openssl_0.9.7d-win32.zipopenssl-0.9.7d-win32.zip
Copy SSLEAY32.DLL and LIBEAY32.DLL from the OpenSSL compression package to WinNT / System32. About 70% of people do not have this result to fail.
Download and install Cygwin from http://www.cygwin.com. Pay attention to the installation of the OpenSSL package.
You need an OpenSSL.EXE configuration file. If you use Cygwin, then it has been automatically included. Otherwise you need to download an openssl.conf http://www.securityfocus.com/data/tools/openssl.conf
3.: Establish a test certificate
The following description comes from http://www.apache-ssl.org/#faq. Note: The following commands can be run in Cygwin, or running OpenSSSL-0.9.7D-win32.zip after decompression (you need to copy OpenSSL. Conf, if it is incorrect, add -conf openssl.conf behind the command line.
OpenSSL Req -new -out Server.csr This statement creates a certificate sign request and a private key. When the system prompts "CommON Name (EG, Your Websites Domain Name), gives an exact web server name (for example, www.my-server.dom). If the actual name is not in line, the browser will report an error.
OpenSSL RSA -IN Privkey.pem -out Server.Key
This statement removes Passphrase from the private key.
Server.Key can only be managed by Apache and Administrator. delete
.rnd file, it may be utilized to attack the private key.
OpenSSL X509 -IN Server.csr -out Server.CRT -RT -REQ -SIGNKEY Server.Key-Days 365
This statement has established a self-signed certificate, you can use this until you get a real certificate from authority. You can expand the parameters of -days 365 to avoid expiration after a year. If your user uses MS Internet Explorer 4.0 and wants to install the certificate to the certificate storage (download and open), you need to create a Der-Encoded version of the certificate. OpenSSL X509 -IN Server.crt -Or Server.der.crt -Outform Der
Create a directory apache / conf / SSL and copy server.key and server.crt. For Linux, establish two directory ssl.key and ssl.crt. Copy Server.CRT to SSL.CRT; Copy Server.Key to SSL.Key.
4.: Configuration Apache and Mod_ssl
Copy all (* .exe, * .dll, * .so) files from the downloaded apache-mod_ssl package to the original Apache directory. Be careful not to overwrite the original profile httpd.conf. Note: Find these suffix files in all subdirectories, copy to the corresponding directory and overwrite.
Locate the location of the LoadModule instruction at the httpd.conf file. Add the following instructions:
LoadModule SSL_MODULE MODULES / MOD_SSL.so At the last side of the AddModule instruction section, addModule MOD_SSL.C
Copy from the OpenSSL source file
Ssl.conf to apache / conf /. can also be downloaded
Http://www.raibledesigns.com/tomcat/ssl.conf.
In the final increase of the following instructions in httpd.conf
# see http://www.modssl.org/docs/2.4/ssl_reference.html for more info
SSLMutex Sem
SSLrandomseed Startup Builtin
SSLSESSIONCACHE NONE
Errorlog logs / ssl.log
Loglevel Info
# You can Later change "info" to "warn" if everything is ok
SSLENGINE ON
SSLCERTIFICATEFILE CONF / SSL / Server.CRT
SSLCERTIFICATEYFILE CONF / SSL / Server.Key
If the IFDefine instruction is valid if the configuration file is valid, you should add the -D SSL parameter when running apache.
Note: When using multiple virtual hosts, you must use an IP-based configuration because SSL needs to configure a specified port 443. If the name-based instruction is used (for all ports), the Apache server will report an error.
[Error] VirtualHost _Default_: 443 - MIXING * PORTS AND NON- * Ports with a namevirtualhost address is not supported, proceding with undefined results
Start an apache server, if you will see D: / apache> apache -d ssl [Tue Oct 19 22:18:32 2004] [WARN] loading DSO D: /apore/php/sapi/php4apache.dll Uses Plain Apache 1.3 API, this Module Might Crash Under EAPI! Apache / 1.3.31 (Win32) mod_ssl / 2.8.19 openssl / 0.9.7d PHP / 4.3.6 Running ... If not properly started, Take a closer look at the screen prompt, you will get a solution. If everything goes well, then open IE, access https: // localhost reference documentation and related links:
Http://raibledesigns.com/wiki/wiki.jsp?page=apachessl
Http://www.yesky.com/softchannel/72356686970486784/20030807/1719982_2.shtml
Http://hunter.campbus.com/
http://www.cygwin.com/
http://www.shininglightpro.com/
