如何在WAMP服务器中启用SSL ?

时间:2022-01-23 22:56:29

I have installed WAMP server on my machine.

我已经在我的机器上安装了WAMP服务器。

Now how do I secure traffic to and from my site with SSL/TLS?

现在,我如何使用SSL/TLS保护我的站点与站点之间的通信?

3 个解决方案

#1

22  

STEP BY STEP tutorial

一步一步的教程

Copied from the link:

复制链接:

Enabling SSL on WAMP

启用SSL在里面

This step by step guide explains how you can enble SSL on WAMP.

这一步一步指南解释了如何在WAMP上使用SSL。

  1. Download WampServer 2.0 from here and install it to the default location (c:\wamp).

    从这里下载WampServer 2.0并将其安装到默认位置(c:\wamp)。

  2. Now, we need to have a private/public key pair as well as a CA to sign our public key.

    现在,我们需要一个私钥/公钥对以及一个CA来签署我们的公钥。

First, lets see how we can create a private/public key pair.

首先,让我们看看如何创建一个私有/公共密钥对。

keytool -genkey -alias rpcert -keyalg RSA -keysize 1024 -dname "CN=identity-rp,L=SL,S=WS,C=LK" -keypass wso2key -keystore rpkeystore.jks -storepass wso2key

This will create a keystore [rpkeystore.jks] with public/private key pair.

这将创建一个密钥存储库[rpkeystore]。具有公钥/私钥对。

My previous post explains how you can export your private key from the keystore. Just follow the steps given there and you'll end up with a file server.key, which is your private key.

我之前的文章解释了如何从密钥存储库导出私钥。只要按照上面的步骤操作,就会得到一个文件服务器。钥匙,这是你的私钥。

Now, we need to sign our public certificate with a CA.

现在,我们需要用CA在我们的公共证书上签名。

This - requires us to create a sample CA and following explains how to do that.

这需要我们创建一个示例CA,下面说明如何实现这一点。

Here we use OpenSSL to build the required CA infrastructure. For Windows you can download Win32 OpenSSL v0.9.8g from here.

在这里,我们使用OpenSSL来构建所需的CA基础设施。对于Windows,您可以从这里下载Win32 OpenSSL v0.9.8g。

Once installed make sure you add C:\OpenSSL\bin [i.e [INSTALLED_LOCATION]\bin] to the PATH env variable.

安装完成后,请确保添加C:\OpenSSL\bin [i]。e [INSTALLED_LOCATION]\bin]到路径env变量。

openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.crt

The above will creare a public/private key pair for our sample CA.

上面将为我们的示例CA创建一个公共/私有密钥对。

Now, we need to create a certificate signing request to our server.

现在,我们需要向服务器创建一个证书签名请求。

Go to the folder where you created the keystore [rpkeystore.jks] and issue the following command.

转到创建密钥存储库的文件夹[rpkeystore]。并发出以下命令。

keytool -certreq -v -alias rpcert -file csr.pem -keypass wso2key -storepass wso2key -keystore rpkeystore.jks

Now copy the csr.pem to the folder where you generated keys for the CA and issue the following command from there.

现在复制csr。pem到您为CA生成密钥的文件夹,并从该文件夹发出以下命令。

openssl x509 -req -days 365 -in csr.pem -CA cacert.crt -CAkey cakey.pem -CAcreateserial -out server.crt

By now we have all the requiured files.

现在我们已经有了所有需要的文件。

cacert.crt --> CA public certificate server.crt --> Server public certificate signed by the CA server.key --> Server private key.

cacert。crt——> CA公共证书服务器。crt——由CA服务器签名的>服务器公共证书。密钥——>服务器私钥。

Copy all the above three files to c:\wamp\bin\apache\apache2.2.8\conf assuming you installed WAMP to the default location.

将以上三个文件复制到c:\wamp\bin\ apache2.2.8\conf假设您安装了wamp到默认位置。

Also edit c:\WINDOWS\system32\drivers\etc\hosts file and add the following entry.

编辑c:\WINDOWS\system32\drivers\etc\hosts文件并添加以下条目。

127.0.0.1 identity-rp

If you could recall, when we creating the public certificate for our server, we created it for identity-rp.

如果您还记得,当我们为服务器创建公共证书时,我们为identity-rp创建了它。

  1. Edit httpd.conf [C:\wamp\bin\apache\apache2.2.8\conf]
  2. 编辑httpd。参看[C:\ wamp \ bin \ apache \ apache2.2.8 \ conf)

Uncomment the following two lines.

取消以下两行注释。

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Find Listen 80 and change it to Listen 12081 - that is our server is running on port number 12081.

查找Listen 80并将其更改为Listen 12081—这是我们的服务器在端口号12081上运行。

Find ServerName and set it to ServerName identity-rp:12081.

查找ServerName并将其设置为ServerName标识-rp:12081。

  1. Edit httpd-ssl.conf [C:\wamp\bin\apache\apache2.2.8\conf\extra]

    编辑httpd-ssl。参看[C:\ wamp \ bin \ apache \ apache2.2.8额外\ conf \]

    Set Listen identity-rp:12444 - we are listening to port 12444 for secure communication.

    设置监听标识-rp:12444 -我们正在监听端口12444,以便进行安全通信。

    Set

    Set DocumentRoot "C:/wamp/www/"

    设置DocumentRoot“C:/里面/ www /”

    Set ServerName identity-rp:12444

    将ServerName identity-rp:12444

For the entire file find "C:/Program Files/Apache Software Foundation/Apache2.2" and replace with "C:/wamp/bin/apache/apache2.2.8".

对于整个文件,找到“C:/Program Files/Apache Software Foundation/Apache2.2”,并用“C:/wamp/bin/ Apache /apache2.2.8”替换。

Find SSLCertificateFile and set SSLCertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/server.crt"

查找sslcertification文件并设置sslcertification文件“C:/wamp/bin/apache/apache2.2.8/conf/server.crt”

Find SSLCertificateKeyFile and set SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.2.8/conf/server.key"

查找sslcertification keyfile并设置SSLCertificateKeyFile“C:/wamp/bin/apache/apache2.2.8/conf/server.key”

Find SSLCACertificateFile and set SSLCACertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt"

查找SSLCACertificateFile并设置SSLCACertificateFile“C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt”

  1. Edit php.ini (C:\wamp\bin\apache\apache2.2.8\bin)
  2. 编辑php。ini(C:\ wamp \ bin \ apache \ apache2.2.8 \ bin)

Uncomment the line extension=php_openssl.dll

取消= php_openssl.dll线延伸

  1. Now we are done - do a syntax check and start the apache server.

    现在我们完成了—进行语法检查并启动apache服务器。

    :> cd C:\wamp\bin\apache\apache2.2.8\bin :> httpd -t :> httpd --start

    :> cd C:\wamp\bin\ apache2.2.8\bin:> httpd -t:> httpd -start

  2. Type https://identity-rp:12444 on your browser - you'll see a certificate error at the brower - to avoid it install CA certificate in your browser.

    在浏览器上输入https://identityrp:12444 -你会在浏览器上看到一个证书错误-以避免在浏览器中安装CA证书。

#2

9  

This is the best article I found for this purpose.

这是我为此找到的最好的文章。

But it missed only one point. It is the path of the HTTPD-SSL.CONF it is in the apache/confg folder.

但它只漏掉了一点。它是HTTPD-SSL的路径。CONF位于apache/confg文件夹中。

Follow all the steps carefully.

仔细地按照所有步骤操作。

#3

5  

The easy way for local host SSL / HTTPS communication:

本地主机SSL / HTTPS通信的简单方法:

Go download: cacert.pem file

去下载:cacert。pem文件

In php.ini * un-comment and change: curl.cainfo = "c:/wamp/bin/php/php5.5.12/cacert.pem"

在php中。ini * un-comment和change: curl。cainfo = " c:/里面/ bin / php / php5.5.12 / cacert.pem”

  • You can find where your php.ini file is on your machine by running php --ini in your CLI
  • 您可以找到您的php。ini文件通过在CLI中运行php -ini在您的计算机上运行
  • I placed my cacert.pem in the same directory as php.ini for ease.
  • 我把我的cacert。和php在同一个目录下。ini缓解。

#1

22  

STEP BY STEP tutorial

一步一步的教程

Copied from the link:

复制链接:

Enabling SSL on WAMP

启用SSL在里面

This step by step guide explains how you can enble SSL on WAMP.

这一步一步指南解释了如何在WAMP上使用SSL。

  1. Download WampServer 2.0 from here and install it to the default location (c:\wamp).

    从这里下载WampServer 2.0并将其安装到默认位置(c:\wamp)。

  2. Now, we need to have a private/public key pair as well as a CA to sign our public key.

    现在,我们需要一个私钥/公钥对以及一个CA来签署我们的公钥。

First, lets see how we can create a private/public key pair.

首先,让我们看看如何创建一个私有/公共密钥对。

keytool -genkey -alias rpcert -keyalg RSA -keysize 1024 -dname "CN=identity-rp,L=SL,S=WS,C=LK" -keypass wso2key -keystore rpkeystore.jks -storepass wso2key

This will create a keystore [rpkeystore.jks] with public/private key pair.

这将创建一个密钥存储库[rpkeystore]。具有公钥/私钥对。

My previous post explains how you can export your private key from the keystore. Just follow the steps given there and you'll end up with a file server.key, which is your private key.

我之前的文章解释了如何从密钥存储库导出私钥。只要按照上面的步骤操作,就会得到一个文件服务器。钥匙,这是你的私钥。

Now, we need to sign our public certificate with a CA.

现在,我们需要用CA在我们的公共证书上签名。

This - requires us to create a sample CA and following explains how to do that.

这需要我们创建一个示例CA,下面说明如何实现这一点。

Here we use OpenSSL to build the required CA infrastructure. For Windows you can download Win32 OpenSSL v0.9.8g from here.

在这里,我们使用OpenSSL来构建所需的CA基础设施。对于Windows,您可以从这里下载Win32 OpenSSL v0.9.8g。

Once installed make sure you add C:\OpenSSL\bin [i.e [INSTALLED_LOCATION]\bin] to the PATH env variable.

安装完成后,请确保添加C:\OpenSSL\bin [i]。e [INSTALLED_LOCATION]\bin]到路径env变量。

openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.crt

The above will creare a public/private key pair for our sample CA.

上面将为我们的示例CA创建一个公共/私有密钥对。

Now, we need to create a certificate signing request to our server.

现在,我们需要向服务器创建一个证书签名请求。

Go to the folder where you created the keystore [rpkeystore.jks] and issue the following command.

转到创建密钥存储库的文件夹[rpkeystore]。并发出以下命令。

keytool -certreq -v -alias rpcert -file csr.pem -keypass wso2key -storepass wso2key -keystore rpkeystore.jks

Now copy the csr.pem to the folder where you generated keys for the CA and issue the following command from there.

现在复制csr。pem到您为CA生成密钥的文件夹,并从该文件夹发出以下命令。

openssl x509 -req -days 365 -in csr.pem -CA cacert.crt -CAkey cakey.pem -CAcreateserial -out server.crt

By now we have all the requiured files.

现在我们已经有了所有需要的文件。

cacert.crt --> CA public certificate server.crt --> Server public certificate signed by the CA server.key --> Server private key.

cacert。crt——> CA公共证书服务器。crt——由CA服务器签名的>服务器公共证书。密钥——>服务器私钥。

Copy all the above three files to c:\wamp\bin\apache\apache2.2.8\conf assuming you installed WAMP to the default location.

将以上三个文件复制到c:\wamp\bin\ apache2.2.8\conf假设您安装了wamp到默认位置。

Also edit c:\WINDOWS\system32\drivers\etc\hosts file and add the following entry.

编辑c:\WINDOWS\system32\drivers\etc\hosts文件并添加以下条目。

127.0.0.1 identity-rp

If you could recall, when we creating the public certificate for our server, we created it for identity-rp.

如果您还记得,当我们为服务器创建公共证书时,我们为identity-rp创建了它。

  1. Edit httpd.conf [C:\wamp\bin\apache\apache2.2.8\conf]
  2. 编辑httpd。参看[C:\ wamp \ bin \ apache \ apache2.2.8 \ conf)

Uncomment the following two lines.

取消以下两行注释。

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Find Listen 80 and change it to Listen 12081 - that is our server is running on port number 12081.

查找Listen 80并将其更改为Listen 12081—这是我们的服务器在端口号12081上运行。

Find ServerName and set it to ServerName identity-rp:12081.

查找ServerName并将其设置为ServerName标识-rp:12081。

  1. Edit httpd-ssl.conf [C:\wamp\bin\apache\apache2.2.8\conf\extra]

    编辑httpd-ssl。参看[C:\ wamp \ bin \ apache \ apache2.2.8额外\ conf \]

    Set Listen identity-rp:12444 - we are listening to port 12444 for secure communication.

    设置监听标识-rp:12444 -我们正在监听端口12444,以便进行安全通信。

    Set

    Set DocumentRoot "C:/wamp/www/"

    设置DocumentRoot“C:/里面/ www /”

    Set ServerName identity-rp:12444

    将ServerName identity-rp:12444

For the entire file find "C:/Program Files/Apache Software Foundation/Apache2.2" and replace with "C:/wamp/bin/apache/apache2.2.8".

对于整个文件,找到“C:/Program Files/Apache Software Foundation/Apache2.2”,并用“C:/wamp/bin/ Apache /apache2.2.8”替换。

Find SSLCertificateFile and set SSLCertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/server.crt"

查找sslcertification文件并设置sslcertification文件“C:/wamp/bin/apache/apache2.2.8/conf/server.crt”

Find SSLCertificateKeyFile and set SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.2.8/conf/server.key"

查找sslcertification keyfile并设置SSLCertificateKeyFile“C:/wamp/bin/apache/apache2.2.8/conf/server.key”

Find SSLCACertificateFile and set SSLCACertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt"

查找SSLCACertificateFile并设置SSLCACertificateFile“C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt”

  1. Edit php.ini (C:\wamp\bin\apache\apache2.2.8\bin)
  2. 编辑php。ini(C:\ wamp \ bin \ apache \ apache2.2.8 \ bin)

Uncomment the line extension=php_openssl.dll

取消= php_openssl.dll线延伸

  1. Now we are done - do a syntax check and start the apache server.

    现在我们完成了—进行语法检查并启动apache服务器。

    :> cd C:\wamp\bin\apache\apache2.2.8\bin :> httpd -t :> httpd --start

    :> cd C:\wamp\bin\ apache2.2.8\bin:> httpd -t:> httpd -start

  2. Type https://identity-rp:12444 on your browser - you'll see a certificate error at the brower - to avoid it install CA certificate in your browser.

    在浏览器上输入https://identityrp:12444 -你会在浏览器上看到一个证书错误-以避免在浏览器中安装CA证书。

#2

9  

This is the best article I found for this purpose.

这是我为此找到的最好的文章。

But it missed only one point. It is the path of the HTTPD-SSL.CONF it is in the apache/confg folder.

但它只漏掉了一点。它是HTTPD-SSL的路径。CONF位于apache/confg文件夹中。

Follow all the steps carefully.

仔细地按照所有步骤操作。

#3

5  

The easy way for local host SSL / HTTPS communication:

本地主机SSL / HTTPS通信的简单方法:

Go download: cacert.pem file

去下载:cacert。pem文件

In php.ini * un-comment and change: curl.cainfo = "c:/wamp/bin/php/php5.5.12/cacert.pem"

在php中。ini * un-comment和change: curl。cainfo = " c:/里面/ bin / php / php5.5.12 / cacert.pem”

  • You can find where your php.ini file is on your machine by running php --ini in your CLI
  • 您可以找到您的php。ini文件通过在CLI中运行php -ini在您的计算机上运行
  • I placed my cacert.pem in the same directory as php.ini for ease.
  • 我把我的cacert。和php在同一个目录下。ini缓解。
标签:

相关文章