I am trying to set ssl on local host i have follwed the http://madurad.wordpress.com/2014/04/25/redirect-http-to-https-with-wamp-server/ and many others but unable to get success. i stuck in the syntax of httpd-ssl.conf. my apache server get down when i set the
我试图在本地主机上设置ssl,我在http://madurad.wordpress.com/2014/04/25/redirect- https-with-wamp-server/和许多其他的服务器上,但无法获得成功。我插入了httpd-ssl.conf的语法。当我设置的时候,我的apache服务器崩溃了。
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
SSLOptions +StdEnvVars
</Directory>
i have tried many others like
我已经试过很多类似的方法了。
<Directory "c:/wamp/www/">
SSLOptions +StdEnvVars
</Directory>
what is issue not able to get....
是什么问题不能得到....
7 个解决方案
#1
64
How to Configure WAMPServer to use HTTPS SSL
如何配置WAMPServer来使用HTTPS SSL ?
*This is not a trivial process. This tutorial will, hopefully, get SSL working for you. However getting it configured correctly once it is working is TOTALLY DOWN TO YOU.
这不是一个简单的过程。本教程将希望让SSL为您工作。但是,一旦它正确地配置了,就完全取决于你了。
Additional reading for all who travel this road
为所有旅行这条路的人额外阅读。
Ok,
好吧,
I have based this tutorial on the creation of a site called www.wamphelpers.dev So whereever you see that name change it to the site name you are trying to secure.
我在本教程的基础上创建了一个名为www.wambeacpers.dev的网站,您可以在这里看到这个名称将它更改为您想要保护的站点名称。
I started by creating a unsecured site, in \wamp\www\wamphelpers
我开始创建一个不安全的网站,在\wamp\ wamphelpers。
added a Virtual Host for that site, in \wamp\bin\apache\apache{version}\conf\extra\httpd-vhosts.conf
为该站点添加了一个虚拟主机,在\wamp\bin\apache\apache{version}\conf\extra\httpd-vhosts.conf中。
<VirtualHost *:80>
DocumentRoot "c:/wamp/www"
ServerName localhost
ServerAlias localhost
<Directory "c:/wamp/www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev
ServerAlias www.wamphelpers.dev
<Directory "c:/wamp/www/wamphelpers">
AllowOverride All
Require local
</Directory>
</VirtualHost>
Added its domainname to the C:\windows\system32\drivers\etc\hosts
将它的域名添加到C:\windows\system32\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
Some virus checkers block access to the HOSTS file so you may need to disable your virus checker, or configure it not to block the hosts file temporarily.
一些病毒检查程序阻塞对主机文件的访问,因此您可能需要禁用病毒检查器,或者配置它来临时阻止主机文件。
127.0.0.1 wamphelpers.dev www.wamphelpers.dev
::1 wamphelpers.dev www.wamphelpers.dev
Now restart the dnscache as follows from a command windows launched using 'Run as Administrator'
现在重新启动使用“Run as Administrator”启动的命令窗口中的dnscache
net stop dnscache
net start dnscache
Then created a simple script in \wamp\www\wamphelpers\index.php
然后,创建了一个简单的脚本,在\wamp\ wamphelpers\index.php。
<?php
echo 'Hello, this is the WAMPHELPERS.DEV site homepage';
?>
Now to activate the new Virtual Hosts you have defined, edit \wamp\bin\apache\apache{version}\conf\httpd.conf and find this line
现在,要激活您已经定义的新的虚拟主机,编辑\wamp\bin\apache\ conf\httpd。找到这条线。
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
and remove the # comment character like so
并删除这样的#注释字符。
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Save the file.
保存文件。
Now restart Apache and make sure that your simple unsecured Virtually Hosted site is working before continuing.
现在重新启动Apache,并确保在继续之前,您的简单无担保虚拟主机站点正在工作。
The openssl toolkit. The openssl.exe, ssleay32.dll and libeay32.dll come with, and are located in, the C:\wamp\bin\apache\apachex.y.z\bin folder This should be all you need to create your self signed certificate !!
openssl工具包。openssl。exe,ssleay32。dll和libeay32。dll自带,并位于C:\wamp\bin\apache\apachex.y。z\bin文件夹这应该是您创建您的自签名证书所需要的全部!!
HOWEVER: These did not work for me on any of the versions of Apache that I had installed. I always got this error message.
但是,对于我安装的任何版本的Apache,这些都不起作用。我总是得到这个错误信息。
Where the ordinal number changed depending on the apache version folder I was in.
根据我所在的apache版本文件夹,序号改变了。
If you get this error dont worry this is what you need to do.
如果你得到这个错误,不要担心这是你需要做的。
install the latest version of the OPENSSL TOOLKIT
安装OPENSSL工具箱的最新版本。
This can be obtained from here
这可以从这里得到。
NOTE: Dont use the V1.1 version yet, the PHP team have not yet compiled PHP with these new linkages, so stick to the V1.0.? versions until they do.
注意:不要使用V1.1版本,PHP团队还没有使用这些新的链接编译PHP,所以要坚持V1.0。版本,直到他们做。
Pick the Latest version of 'Win32 OpenSSLv xxx Light' or 'Win64 OpenSSLv xxx Light' to match your installed version of WAMPServer, as this is all you need.
选择最新版本的“Win32 OpenSSLv xxx Light”或“Win64 OpenSSLv xxx Light”来匹配您安装的WAMPServer版本,因为这是您所需要的。
This will download an .exe file which you can run to install this toolkit.
这将下载一个.exe文件,您可以运行它来安装这个工具箱。
It will ask the following question, I suggest you answer it like this so you dont end up installing something into C:\windows\system32. Afterall this is a toolkit and it changes reasonably often. Best to keep these things seperate and not make them system global.
它会问下面的问题,我建议你这样回答,这样你就不会把东西安装到C:\windows\system32中。毕竟这是一个工具箱,它经常发生变化。最好是让这些东西分开,而不是让它们成为全球的系统。
Once that is installed ( to whichever folder you specified in the install )you should be ready to start the process of generating keys and certificates!
一旦安装(到安装中指定的文件夹),您应该准备好启动生成密钥和证书的过程!
Generate keys and Certificates.
生成密钥和证书。
STEP 1: Generate an RSA Private Key
步骤1:生成一个RSA私钥。
First we need to create ourselves a certificate. The normal (paid for) process is to create your certificate and then pass it to a signing authority. This is why it costs money, as they have to do, due dilligence, to check that you are who you say you are and that site that you will use the certificate on is real and legitimate.
首先,我们需要创建一个证书。正常的(付费的)流程是创建您的证书并将其传递给签名权限。这就是为什么它要花钱,因为他们要做的是,要做的是,检查你是谁你说你是谁,你将使用证书的网站是真实的和合法的。
The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request) to be used for our Certificate. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
openssl工具包用于生成用于我们证书的RSA私钥和CSR(证书签名请求)。第一步是创建RSA私钥。这个密钥是一个1024位的RSA密钥,它使用三重des加密,并以PEM格式存储,以使其可读为ASCII文本。
Open up a Command window (Dos box) using [b]Run as Administrator[/b] Change Directory to where you installed the OpenSSL Toolkit above. In my case this is
打开一个命令窗口(Dos box),使用[b]作为管理员[/b]更改目录到您安装OpenSSL工具包的地方。在我的例子中。
CD c:\apps\OpenSSL-Win32\bin
Make a folder for the output to be put in ( to keep the bin folder tidy ) I used website
制作一个文件夹,让输出被放入(保持bin文件夹整洁)我使用了网站。
md website
Now enter this command:
现在输入这个命令:
openssl genrsa -out website\server.key 2048
This should have created a file in the website folder called server.key, without a pass phrase key, check it exists.
这应该在名为server的网站文件夹中创建了一个文件。关键字,没有密码匙,检查它是否存在。
Step 2: Generate a CSR (Certificate Signing Request)
步骤2:生成CSR(证书签名请求)
During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g. server FQDN or YOUR name) []:". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. So if the website to be protected will be https://www.wamphelpers.dev, then enter www.wampheplers.dev at this prompt. I used wamphelper.dev as my ServerName is ServerName wamphelpers.dev
在CSR的生成过程中,会提示您输入几条信息。这些是证书的X.509属性。其中一个提示将用于“通用名称(例如,服务器FQDN或您的名称)[]:”。重要的是,该字段必须填入由SSL保护的服务器的完全限定域名。因此,如果要保护的网站将是https://www.wamfish.dev,那么请在此提示下输入www.wampheplers.dev。我使用了wam. dev作为我的服务器名,它是ServerName wam. dev。
Do not enter anything to the question: A challenge password []:] Just press Enter. If you do enter a passphrase here when you come to start Apache with SSL configured Apache will not start and will give this error message :-
不要输入任何问题:一个挑战密码[]:]只要按回车。如果您在使用SSL配置的Apache启动Apache时确实输入了一个passphrase,那么将不会启动并将给出这个错误消息:-。
[error] Init: SSLPassPhraseDialog builtin is not supported on Win32
在Win32上不支持SSLPassPhraseDialog builtin。
Basically if you do enter a passphrase Apache is supposed to challenge you for that passphrase each time it starts. This is obviously not going to make your life any easier but primarily on windows it does not actually work and will cause Apache to crash when it attempts to ask for the passphrase, with the above error.
基本上,如果你输入了一个passphrase, Apache就会在每次启动时向你发出挑战。这显然不会让您的生活变得更容易,但主要是在windows上,它实际上并不起作用,并且会导致Apache在试图请求口令时崩溃,并使用上面的错误。
The command to generate the CSR is as follows:
生成CSR的命令如下:
openssl req -new -key website\server.key -out website\server.csr
Example question and answers:
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]: Hampshire
Locality Name (eg, city) []: Portsmouth
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Wamp Helpers Ltd
Organizational Unit Name (eg, section) []: Information Technology
Common Name (e.g. server FQDN or YOUR name) []: wamphelpers.dev
Email Address []: me@wamphelpers.dev
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ( leave blank just hit the enter key )
An optional company name []: ( leave blank just hit the enter key )
Step 3: Generating a Self-Signed Certificate
步骤3:生成自签名证书。
At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate.
此时,您需要生成一个自签名证书,因为您要么不打算将证书由CA签名,要么您希望在CA签署证书时测试新的SSL实现。
PRE - WARNING This certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted. This is unavoidable as we are signing the certificate ourselves, but of course the web of trust does not know who we are. See example later in this document showing how to tell your browser that you actually trust this certificate
预警告此证书将在客户端浏览器中生成错误,从而导致签名证书颁发机构未知且不可信。这是不可避免的,因为我们自己签署了证书,但当然,信任的网络并不知道我们是谁。在本文档中稍后的示例中,将显示如何告诉您的浏览器您实际上信任此证书。
openssl x509 -req -days 365 -in website\server.csr -signkey website\server.key -out website\server.crt
Example output:
Loading 'screen' into random state - done
Signature ok
subject=/C=GB/ST=Hampshire/L=Portsmouth/O=WampHelpers Ltd/OU=Information Technology/CN=www.wamphelpers.dev/emailAddress=riggsfolly@wamphelpers.dev
Getting Private key
Step 4: Installing the Private Key and Certificate
步骤4:安装私钥和证书。
Create these 2 directories under the version of Apache you are using.
在您正在使用的Apache版本下创建这两个目录。
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
And copy the file we have just generated into them like so:
复制我们刚刚生成的文件如下:
copy website\server.crt c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
copy website\server.key c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
Step 5: Configure Apache to activate SSL
步骤5:配置Apache以激活SSL。
Edit httpd.conf, Check that this line is uncommented
编辑httpd。conf,检查这一行是否未被注释。
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Remove the comment '#' from this line also
从这一行删除注释'#'。
Include conf/extra/httpd-ssl.conf
Then move that line after this block .... like so
然后在这个block之后移动这条线像这样
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Step 6: Configure PHP to activate SSL
步骤6:配置PHP激活SSL。
Edit your php.ini ( use the wampmanager menus so you edit the correct one )
编辑php。ini(使用wampmanager菜单,以便编辑正确的菜单)
Remove the comment ';' from this line
从这一行删除注释。
extension=php_openssl.dll
Step 7: Configure your secure sites Virtual Host
步骤7:配置安全站点虚拟主机。
Yup for all you Virtual Host nay sayers, now you cannot avoid the process.
对你所有的虚拟主机的人来说,现在你不能回避这个过程。
Edit \wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf
编辑\ wamp \ bin \ apache \ apachex.y.z \ conf \额外\ httpd-ssl.conf
This file is released by Apache and contains some default file location. We can leave most of this file as it is, but we need to configure the virtual host in here to match our actual sites location and a few other things so:
该文件由Apache发布,包含一些默认的文件位置。我们可以保留这个文件的大部分,但是我们需要在这里配置虚拟主机来匹配我们的实际站点位置和其他一些东西:
find these lines
找到这些行
DocumentRoot "c:/Apache2/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error.log"
TransferLog "c:/Apache2/logs/access.log"
and change them to
和改变他们
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev:443
ErrorLog "c:/wamp/logs/ssl_error.log"
TransferLog "c:/wamp/logs/ssl_access.log"
Find
找到
SSLCertificateFile "c:/Apache2/conf/server.crt"
and change to
和改变
SSLCertificateFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.crt/server.crt"
Find
找到
SSLCertificateKeyFile "c:/Apache2/conf/server.key"
and change to
和改变
SSLCertificateKeyFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.key/server.key"
Find
找到
<Directory "c:/Apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
and change to
和改变
Apache 2.2 Syntax
Apache 2.2语法
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
Apache 2.4 Syntax
Apache 2.4语法
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
Find
找到
SSLSessionCache "shmcb:c:/Apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
and change it to
和改变它
SSLSessionCache "shmcb:c:/wamp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Find
找到
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
and change to
和改变
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Basically look through the conf file and any command that is not commented out, but has a reference to a file or folder should be changed to reference the WAMPServer folder structure and not 'C:/Apache2....'
基本上通过配置文件和任何命令不是注释掉了,但有一个引用一个文件或文件夹应该改为引用WAMPServer文件夹结构,而不是“C:/输入....”
Now make sure all these files we have changed are saved, and restart Apache using the wampmanager menus.
现在,请确保我们更改的所有文件都已保存,并使用wampmanager菜单重新启动Apache。
First test that the unprotected site is still working.
第一个测试,未受保护的站点仍在工作。
Then try using your new protected site by adding the 'https://' to the front of the domain name i.e. https://www.wamphelpers.dev without the single quotes of course.
然后,尝试使用新的受保护的站点,将“https://”添加到域名的前面,即https://www.wam. dev,当然没有单引号。
If Apache does not restart you have probably spelt something wrong. Test the configs like so :-
如果Apache不重启,您可能会拼写错误。像这样测试configs:-。
Open a command window
打开一个命令窗口
cd \wamp\bin\apache\apachex.y.z\bin
httpd -t
This will parse all the config files and should give you a file name and a line number where an error has been found.
这将解析所有的配置文件,并给您一个文件名和一个行号,其中发现了错误。
Fix it and try again.
修好它,再试一次。
First access to your site will generate a message page something like this. This is using FireFox, others will be slightly different, but the concept it the same.
第一次访问您的站点将生成一个类似这样的消息页面。这是使用FireFox,其他的将略有不同,但概念是一样的。
This is because your certificate is not signed by a trusted authority, DONT PANIC, this is supposed to happen.
这是因为您的证书不是由可信的权威签名的,不要惊慌,这是应该发生的。
Click on, 'I Understand the risk' and that will show you a button saying 'Add Exception' Press the Add Exception button, after checking that the certificates site details are in fact yours, and you will not see this message again unless you clear the exception list.
点击,“我了解风险”,这将显示一个按钮,显示“添加异常”按下Add Exception按钮,检查证书站点的详细信息实际上是您的,并且您将不会再次看到此消息,除非您清除了异常列表。
BIG NOTE As of Apache v2.2.12 and OpenSSL v0.9.8j it is now possible to secure more than one site per Apache instance. This tutorial does not cover that process. See here for more details:
Apache v2.2.12和OpenSSL v0.9.8j的大型注释现在可以在每个Apache实例中获得多个站点。本教程不涉及此过程。详情如下:
在这里
这里
这里
And like I said at the top, now you need to do some reseach on all the options available in the SSL config and make thing work as you want rather than using the default.
正如我在上面所说的,现在您需要对SSL配置中所有可用的选项进行一些研究,并让它按照您的意愿工作,而不是使用缺省值。
#2
5
It is necessary activate the module LoadModule socache_shmcb_module modules/mod_socache_shmcb.so in the file httpd.conf in wampserver 2.5. If not apache throws the next message:
需要激活模块LoadModule socache_shmcb_module模块/mod_socache_shmcb。在文件httpd中。conf wampserver 2.5。如果不是apache,则抛出下一个消息:
AH00526: Syntax error on line 75 of C:/wamp/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf: SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
AH00526: C的第75行语法错误:/wamp/bin/apache/apache2.4.9/conf/额外/httpd-ssl。conf: SSLSessionCache:“shmcb”会话缓存不受支持(已知名称:)。也许您需要加载适当的socache模块(mod_socache_shmcb?)
#3
2
@RiggsFolly: some small errors/typos/additions in your tutorial. Below is used in combination with WAMPServer 2.5 64bits (Apache 2.4.9 and PHP 5.5.12) on Windows 7 SP1 64bits:
@ riggs蠢事:在你的教程中有一些小小的错误/错误/补充。以下是与WAMPServer 2.5 64位(Apache 2.4.9和PHP 5.5.12)在Windows 7 SP1 64位上的组合:
-httpd-vhosts.conf is located in extra/httpd-vhosts.conf
-httpd-vhosts。conf位于额外的/httpd-vhosts.conf中。
-when you try to edit your hosts file be sure to disable any virusscanner. Some of them block access to hosts file.
-当你试图编辑你的主机文件时,一定要禁用任何病毒扫描器。它们中的一些可以阻止对主机文件的访问。
-be sure to open your texteditor as administrator when editing your hosts file or else you get an error trying to save.
-在编辑主机文件时,一定要以管理员身份打开您的texteditor,否则就会出现试图保存的错误。
-don't forget to remove # at the beginning of the host line if any
如果有的话,不要忘记在host行开头删除#。
-if you use WAMPServer 64bit be sure to download the 64bit version of OpenSSL
-如果你使用WAMPServer 64位,一定要下载64bit版本的OpenSSL。
-the step openssl genrsa -out website\server.key 2048 creates a server.key file and not a privkey.pem!
- step openssl genrsa out网站\服务器。密钥2048创建一个服务器。关键文件而不是私钥。pem!
-file \wamp\bin\apache\apachex.y.z\conf\httpd-ssl.conf is located at \wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf (maybe this depends on the WAMPServer version)
- file \ wamp \ bin \ apache \ apachex.y.z \ conf \ httpd-ssl。conf位于\wamp\bin\apache\apachex.y.z\conf\额外\httpd-ssl。conf(可能这取决于WAMPServer版本)
-I had to use different ports for http (80->8080) and https(443->444) as these ports where used by I think Skype. When you use different ports be sure to use these everywhere you see 80 or 443 in this tutorial
我必须使用不同的端口来使用http(80->8080)和https(443->444),因为我认为这些端口是Skype使用的。当您使用不同的端口时,请确保在本教程中看到的是80或443。
-I also had to enable socache_shmcb_module. The "httpd -t" also mentioned this.
-我还必须启用socache_shmcb_module。“httpd -t”也提到了这一点。
#4
1
@RiggsFolly: Self-signed certificate with key could be easily generated for example here... http://www.selfsignedcertificate.com/, so I could start the tutorial from step 4 (I also had standard :80 virtual server running).
@ riggs蠢事:可以很容易地生成带有密钥的自签名证书。com/,所以我可以从第4步开始教程(我也有标准的:80个虚拟服务器运行)。
Anyways some mentioned things were already enabled in default WAMP installation (I guess it changes from version to version), but the rest helped me a lot. And actually one thing was missing... I also had to uncomment the following line in "httpd.conf"
不管怎么说,在默认的WAMP安装中已经启用了一些东西(我想它从版本到版本都有变化),但是其他的都帮了我很大的忙。我还必须在“httpd.conf”中取消注释。
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#5
1
If you have the error :
如果你有错误:
Cannot load modules/mod_ssl.so into server: The operating system cannot run %1
不能对mod_ssl进行加载模块/。所以进入服务器:操作系统不能运行%1。
Then you have to :
然后你必须:
- Install Win32 OpenSSL here http://slproweb.com/products/Win32OpenSSL.html
- 在这里安装Win32OpenSSL http://slproweb.com/products/Win32OpenSSL.html。
- Copy / paste libeay32.dll, ssleay32.dll into your wamp php bin folder (C:\wamp64\bin\php\php5.6.19)
- 复制/粘贴libeay32。dll,ssleay32。dll到您的wamp php bin文件夹(C:\wamp64\bin\php\php5.6.19)
- Restart apache
- 重新启动apache
Note: Tested on Wamp server 3
注意:在Wamp服务器3上测试。
#6
1
If you have the error something like this:
如果你有这样的错误:
Cannot load modules/mod_ssl.so into server: The specified module could not be found.
-
You may want to try to searching libeay32.dll in your wamp folder, you probably find it in {wamp folder}/bin/php/php{version 7}/
你可能想试着搜索libeay32。在您的wamp文件夹中,您可能会在{wamp文件夹}/bin/php/php{version 7}/中找到它。
-
Copy libeay32.dll and ssleay32.dll and paste them into {wamp folder}/bin/apache/apache{version 2.x}/bin/ AND {wamp folder}/bin/php/php{verion 5.x}. MAKE SURE you backup anything you are placing.
libeay32副本。dll和ssleay32。将它们粘贴到{wamp文件夹}/bin/apache/apache /apache{版本2中。x}/bin/和{wamp文件夹}/bin/php/php{verion 5.x}。确保备份了你所放置的任何东西。
-
run httpd -t and test the syntax
运行httpd -t并测试语法。
NOTE: I believe it is due to the mistake in apache openssl part for wamp 3.0.6. Fortunately in php7 folder those dlls are compatible for the apache and php5.
注意:我认为这是由于wamp 3.0.6的apache openssl部分的错误。幸运的是,在php7文件夹中,这些dll与apache和php5兼容。
#7
0
Before all:
之前:
1).Shutdown WAMP and proceed to C:\wamp\scripts\config.inc.php move from array libeay32.dll,ssleay32.dll, lines 133,139
1).关闭WAMP,继续进行C:\ WAMP \scripts\config.inc。php从数组libeay32.dll中移动,ssleay32。dll,第133139行
2).Install OpenSSL from official site,pay attention on version of the your OS x64 or not.
2).从官方网站上安装OpenSSL,注意你的OS x64版本。
Command prompt:
命令提示符:
3).cd C:\wamp\bin\apache\apache2.4.23\bin
3)cd C:\ wamp \ bin \ apache \ apache2.4.23 \ bin
4). openssl req -new > localhost.csr
4). openssl req -新> localhost.csr。
5). openssl rsa -in privkey.pem -out localhost.key
5). openssl rsa -私钥。pem治疗localhost.key
6). openssl x509 -in localhost.csr -out localhost.crt -req -signkey localhost.key -days 365 -sha256 -extfile v3.ext
6). openssl x509—在本地主机。csr治疗localhost。crt点播-signkey localhost。键-日365 -sha256 -extfile v3.ext。
Update: from Chrome 58 we will need to provide Subject Alternative Name. This name we can obtain from extension file v3.ext:
更新:从Chrome 58开始,我们需要提供主题替换名称。我们可以从扩展文件v3.ext中获得这个名称:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = 127.0.0.1
DNS.2 = localhost
Very important in Common Name to insert 'localhost'
在通用名称中插入“localhost”非常重要
7).Grab localhost.key and localhost.crt and put them to C:\wamp\bin\apache\apache2.4.23\conf\key (sure,before create appropriate directory)
7).Grab localhost。键和localhost。crt并将它们放到C:\wamp\bin\apache\apache2.4.23\conf\key(当然,在创建适当的目录之前)
Configuration:
配置:
8).enable in C:\wamp\bin\apache\apache2.4.23\bin\php.ini and
8).enable在C:\ wamp \ bin \ apache \ apache2.4.23 \ bin \ php。ini和
C:\wamp\bin\php\php5.6.25\php.ini extension=php_openssl.dll
C:\ wamp \ bin \ php \ php5.6.25 \ php。ini扩展= php_openssl.dll
9).proceed to C:\wamp\bin\apache\apache2.4.23\conf\httpd.conf and uncomment:
9).proceed到C:\ wamp \ bin \ apache \ apache2.4.23 \ conf \ httpd。配置和取消:
LoadModule ssl_module modules/mod_ssl.so,
/ mod_ssl.so LoadModule ssl_module模块,
Include conf/extra/httpd-ssl.conf,
包括额外conf / / httpd-ssl.conf,
Include conf/extra/httpd-vhosts.conf,
包括额外conf / / httpd-vhosts.conf,
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
10). proceed to C:\wamp\bin\apache\apache2.4.23\conf\extra\httpd-ssl.conf
10)。继续C:\ wamp \ bin \ apache \ apache2.4.23 \ conf \额外\ httpd-ssl.conf
and make changes :
和修改:
SSLSessionCache "shmcb:c:/wamp/bin/apache/apache2.4.23/logs/ssl_scache(512000)" ,
SSLSessionCache“shmcb:c:/里面/ bin / apache / apache2.4.23 /日志/ ssl_scache(512000)“,
SSLSessionCacheTimeout 300,
SSLSessionCacheTimeout 300,
VirtualHost _default_:443,
虚拟主机_default_:443,
DocumentRoot "c:/wamp/www/",
DocumentRoot“c:/里面/ www /”,
ServerName localhost:443,
ServerName localhost:443,
ErrorLog "c:/wamp/bin/apache/apache2.4.23/logs/ssl_error.log"
, (create file if not exists)
,(如果不存在,创建文件)
TransferLog "c:/wamp/bin/apache/apache2.4.23/logs/access.log",
TransferLog“c:/里面/ bin / apache / apache2.4.23 /日志/ access.log”,
SSLCertificateFile "c:/wamp/bin/apache/apache2.4.23/conf/key/localhost.crt",
SSLCertificateFile“c:/里面/ bin / apache / apache2.4.23 / conf /键/ localhost.crt”,
SSLCertificateKeyFile "c:/wamp/bin/apache/apache2.4.23/conf/key/localhost.key",
SSLCertificateKeyFile“c:/里面/ bin / apache / apache2.4.23 / conf /键/ localhost.key”,
<Directory "c:/wamp/www/">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
,
,
CustomLog "c:/wamp/bin/apache/apache2.4.23/logs/ssl_request.log"
Certificate handling:
证书处理:
11).press Win+R and insert 'certmgr.msc',import servercert.crt into 'Trusted Root Certificated Authorities'
11)。按Win+R和插入“certmgr”。msc”,导入servercert。crt进入“受信任的根认证权威机构”
12). Check your server in command prompt 'httpd -t' should be 'Syntax OK'
12)。在命令提示中检查你的服务器“httpd -t”应该是“语法OK”
13). Launch Wamp and proceed to link https://localhost
13)。启动Wamp并继续链接https://localhost。
I am hope this will help
我希望这能有所帮助。
Note: please read this article about Mozilla behavior :
注意:请阅读这篇关于Mozilla行为的文章:
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
#1
64
How to Configure WAMPServer to use HTTPS SSL
如何配置WAMPServer来使用HTTPS SSL ?
*This is not a trivial process. This tutorial will, hopefully, get SSL working for you. However getting it configured correctly once it is working is TOTALLY DOWN TO YOU.
这不是一个简单的过程。本教程将希望让SSL为您工作。但是,一旦它正确地配置了,就完全取决于你了。
Additional reading for all who travel this road
为所有旅行这条路的人额外阅读。
Ok,
好吧,
I have based this tutorial on the creation of a site called www.wamphelpers.dev So whereever you see that name change it to the site name you are trying to secure.
我在本教程的基础上创建了一个名为www.wambeacpers.dev的网站,您可以在这里看到这个名称将它更改为您想要保护的站点名称。
I started by creating a unsecured site, in \wamp\www\wamphelpers
我开始创建一个不安全的网站,在\wamp\ wamphelpers。
added a Virtual Host for that site, in \wamp\bin\apache\apache{version}\conf\extra\httpd-vhosts.conf
为该站点添加了一个虚拟主机,在\wamp\bin\apache\apache{version}\conf\extra\httpd-vhosts.conf中。
<VirtualHost *:80>
DocumentRoot "c:/wamp/www"
ServerName localhost
ServerAlias localhost
<Directory "c:/wamp/www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev
ServerAlias www.wamphelpers.dev
<Directory "c:/wamp/www/wamphelpers">
AllowOverride All
Require local
</Directory>
</VirtualHost>
Added its domainname to the C:\windows\system32\drivers\etc\hosts
将它的域名添加到C:\windows\system32\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
Some virus checkers block access to the HOSTS file so you may need to disable your virus checker, or configure it not to block the hosts file temporarily.
一些病毒检查程序阻塞对主机文件的访问,因此您可能需要禁用病毒检查器,或者配置它来临时阻止主机文件。
127.0.0.1 wamphelpers.dev www.wamphelpers.dev
::1 wamphelpers.dev www.wamphelpers.dev
Now restart the dnscache as follows from a command windows launched using 'Run as Administrator'
现在重新启动使用“Run as Administrator”启动的命令窗口中的dnscache
net stop dnscache
net start dnscache
Then created a simple script in \wamp\www\wamphelpers\index.php
然后,创建了一个简单的脚本,在\wamp\ wamphelpers\index.php。
<?php
echo 'Hello, this is the WAMPHELPERS.DEV site homepage';
?>
Now to activate the new Virtual Hosts you have defined, edit \wamp\bin\apache\apache{version}\conf\httpd.conf and find this line
现在,要激活您已经定义的新的虚拟主机,编辑\wamp\bin\apache\ conf\httpd。找到这条线。
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
and remove the # comment character like so
并删除这样的#注释字符。
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Save the file.
保存文件。
Now restart Apache and make sure that your simple unsecured Virtually Hosted site is working before continuing.
现在重新启动Apache,并确保在继续之前,您的简单无担保虚拟主机站点正在工作。
The openssl toolkit. The openssl.exe, ssleay32.dll and libeay32.dll come with, and are located in, the C:\wamp\bin\apache\apachex.y.z\bin folder This should be all you need to create your self signed certificate !!
openssl工具包。openssl。exe,ssleay32。dll和libeay32。dll自带,并位于C:\wamp\bin\apache\apachex.y。z\bin文件夹这应该是您创建您的自签名证书所需要的全部!!
HOWEVER: These did not work for me on any of the versions of Apache that I had installed. I always got this error message.
但是,对于我安装的任何版本的Apache,这些都不起作用。我总是得到这个错误信息。
Where the ordinal number changed depending on the apache version folder I was in.
根据我所在的apache版本文件夹,序号改变了。
If you get this error dont worry this is what you need to do.
如果你得到这个错误,不要担心这是你需要做的。
install the latest version of the OPENSSL TOOLKIT
安装OPENSSL工具箱的最新版本。
This can be obtained from here
这可以从这里得到。
NOTE: Dont use the V1.1 version yet, the PHP team have not yet compiled PHP with these new linkages, so stick to the V1.0.? versions until they do.
注意:不要使用V1.1版本,PHP团队还没有使用这些新的链接编译PHP,所以要坚持V1.0。版本,直到他们做。
Pick the Latest version of 'Win32 OpenSSLv xxx Light' or 'Win64 OpenSSLv xxx Light' to match your installed version of WAMPServer, as this is all you need.
选择最新版本的“Win32 OpenSSLv xxx Light”或“Win64 OpenSSLv xxx Light”来匹配您安装的WAMPServer版本,因为这是您所需要的。
This will download an .exe file which you can run to install this toolkit.
这将下载一个.exe文件,您可以运行它来安装这个工具箱。
It will ask the following question, I suggest you answer it like this so you dont end up installing something into C:\windows\system32. Afterall this is a toolkit and it changes reasonably often. Best to keep these things seperate and not make them system global.
它会问下面的问题,我建议你这样回答,这样你就不会把东西安装到C:\windows\system32中。毕竟这是一个工具箱,它经常发生变化。最好是让这些东西分开,而不是让它们成为全球的系统。
Once that is installed ( to whichever folder you specified in the install )you should be ready to start the process of generating keys and certificates!
一旦安装(到安装中指定的文件夹),您应该准备好启动生成密钥和证书的过程!
Generate keys and Certificates.
生成密钥和证书。
STEP 1: Generate an RSA Private Key
步骤1:生成一个RSA私钥。
First we need to create ourselves a certificate. The normal (paid for) process is to create your certificate and then pass it to a signing authority. This is why it costs money, as they have to do, due dilligence, to check that you are who you say you are and that site that you will use the certificate on is real and legitimate.
首先,我们需要创建一个证书。正常的(付费的)流程是创建您的证书并将其传递给签名权限。这就是为什么它要花钱,因为他们要做的是,要做的是,检查你是谁你说你是谁,你将使用证书的网站是真实的和合法的。
The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request) to be used for our Certificate. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
openssl工具包用于生成用于我们证书的RSA私钥和CSR(证书签名请求)。第一步是创建RSA私钥。这个密钥是一个1024位的RSA密钥,它使用三重des加密,并以PEM格式存储,以使其可读为ASCII文本。
Open up a Command window (Dos box) using [b]Run as Administrator[/b] Change Directory to where you installed the OpenSSL Toolkit above. In my case this is
打开一个命令窗口(Dos box),使用[b]作为管理员[/b]更改目录到您安装OpenSSL工具包的地方。在我的例子中。
CD c:\apps\OpenSSL-Win32\bin
Make a folder for the output to be put in ( to keep the bin folder tidy ) I used website
制作一个文件夹,让输出被放入(保持bin文件夹整洁)我使用了网站。
md website
Now enter this command:
现在输入这个命令:
openssl genrsa -out website\server.key 2048
This should have created a file in the website folder called server.key, without a pass phrase key, check it exists.
这应该在名为server的网站文件夹中创建了一个文件。关键字,没有密码匙,检查它是否存在。
Step 2: Generate a CSR (Certificate Signing Request)
步骤2:生成CSR(证书签名请求)
During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g. server FQDN or YOUR name) []:". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. So if the website to be protected will be https://www.wamphelpers.dev, then enter www.wampheplers.dev at this prompt. I used wamphelper.dev as my ServerName is ServerName wamphelpers.dev
在CSR的生成过程中,会提示您输入几条信息。这些是证书的X.509属性。其中一个提示将用于“通用名称(例如,服务器FQDN或您的名称)[]:”。重要的是,该字段必须填入由SSL保护的服务器的完全限定域名。因此,如果要保护的网站将是https://www.wamfish.dev,那么请在此提示下输入www.wampheplers.dev。我使用了wam. dev作为我的服务器名,它是ServerName wam. dev。
Do not enter anything to the question: A challenge password []:] Just press Enter. If you do enter a passphrase here when you come to start Apache with SSL configured Apache will not start and will give this error message :-
不要输入任何问题:一个挑战密码[]:]只要按回车。如果您在使用SSL配置的Apache启动Apache时确实输入了一个passphrase,那么将不会启动并将给出这个错误消息:-。
[error] Init: SSLPassPhraseDialog builtin is not supported on Win32
在Win32上不支持SSLPassPhraseDialog builtin。
Basically if you do enter a passphrase Apache is supposed to challenge you for that passphrase each time it starts. This is obviously not going to make your life any easier but primarily on windows it does not actually work and will cause Apache to crash when it attempts to ask for the passphrase, with the above error.
基本上,如果你输入了一个passphrase, Apache就会在每次启动时向你发出挑战。这显然不会让您的生活变得更容易,但主要是在windows上,它实际上并不起作用,并且会导致Apache在试图请求口令时崩溃,并使用上面的错误。
The command to generate the CSR is as follows:
生成CSR的命令如下:
openssl req -new -key website\server.key -out website\server.csr
Example question and answers:
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]: Hampshire
Locality Name (eg, city) []: Portsmouth
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Wamp Helpers Ltd
Organizational Unit Name (eg, section) []: Information Technology
Common Name (e.g. server FQDN or YOUR name) []: wamphelpers.dev
Email Address []: me@wamphelpers.dev
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ( leave blank just hit the enter key )
An optional company name []: ( leave blank just hit the enter key )
Step 3: Generating a Self-Signed Certificate
步骤3:生成自签名证书。
At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate.
此时,您需要生成一个自签名证书,因为您要么不打算将证书由CA签名,要么您希望在CA签署证书时测试新的SSL实现。
PRE - WARNING This certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted. This is unavoidable as we are signing the certificate ourselves, but of course the web of trust does not know who we are. See example later in this document showing how to tell your browser that you actually trust this certificate
预警告此证书将在客户端浏览器中生成错误,从而导致签名证书颁发机构未知且不可信。这是不可避免的,因为我们自己签署了证书,但当然,信任的网络并不知道我们是谁。在本文档中稍后的示例中,将显示如何告诉您的浏览器您实际上信任此证书。
openssl x509 -req -days 365 -in website\server.csr -signkey website\server.key -out website\server.crt
Example output:
Loading 'screen' into random state - done
Signature ok
subject=/C=GB/ST=Hampshire/L=Portsmouth/O=WampHelpers Ltd/OU=Information Technology/CN=www.wamphelpers.dev/emailAddress=riggsfolly@wamphelpers.dev
Getting Private key
Step 4: Installing the Private Key and Certificate
步骤4:安装私钥和证书。
Create these 2 directories under the version of Apache you are using.
在您正在使用的Apache版本下创建这两个目录。
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
And copy the file we have just generated into them like so:
复制我们刚刚生成的文件如下:
copy website\server.crt c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
copy website\server.key c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
Step 5: Configure Apache to activate SSL
步骤5:配置Apache以激活SSL。
Edit httpd.conf, Check that this line is uncommented
编辑httpd。conf,检查这一行是否未被注释。
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Remove the comment '#' from this line also
从这一行删除注释'#'。
Include conf/extra/httpd-ssl.conf
Then move that line after this block .... like so
然后在这个block之后移动这条线像这样
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Step 6: Configure PHP to activate SSL
步骤6:配置PHP激活SSL。
Edit your php.ini ( use the wampmanager menus so you edit the correct one )
编辑php。ini(使用wampmanager菜单,以便编辑正确的菜单)
Remove the comment ';' from this line
从这一行删除注释。
extension=php_openssl.dll
Step 7: Configure your secure sites Virtual Host
步骤7:配置安全站点虚拟主机。
Yup for all you Virtual Host nay sayers, now you cannot avoid the process.
对你所有的虚拟主机的人来说,现在你不能回避这个过程。
Edit \wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf
编辑\ wamp \ bin \ apache \ apachex.y.z \ conf \额外\ httpd-ssl.conf
This file is released by Apache and contains some default file location. We can leave most of this file as it is, but we need to configure the virtual host in here to match our actual sites location and a few other things so:
该文件由Apache发布,包含一些默认的文件位置。我们可以保留这个文件的大部分,但是我们需要在这里配置虚拟主机来匹配我们的实际站点位置和其他一些东西:
find these lines
找到这些行
DocumentRoot "c:/Apache2/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error.log"
TransferLog "c:/Apache2/logs/access.log"
and change them to
和改变他们
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev:443
ErrorLog "c:/wamp/logs/ssl_error.log"
TransferLog "c:/wamp/logs/ssl_access.log"
Find
找到
SSLCertificateFile "c:/Apache2/conf/server.crt"
and change to
和改变
SSLCertificateFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.crt/server.crt"
Find
找到
SSLCertificateKeyFile "c:/Apache2/conf/server.key"
and change to
和改变
SSLCertificateKeyFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.key/server.key"
Find
找到
<Directory "c:/Apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
and change to
和改变
Apache 2.2 Syntax
Apache 2.2语法
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
Apache 2.4 Syntax
Apache 2.4语法
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
Find
找到
SSLSessionCache "shmcb:c:/Apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
and change it to
和改变它
SSLSessionCache "shmcb:c:/wamp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Find
找到
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
and change to
和改变
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Basically look through the conf file and any command that is not commented out, but has a reference to a file or folder should be changed to reference the WAMPServer folder structure and not 'C:/Apache2....'
基本上通过配置文件和任何命令不是注释掉了,但有一个引用一个文件或文件夹应该改为引用WAMPServer文件夹结构,而不是“C:/输入....”
Now make sure all these files we have changed are saved, and restart Apache using the wampmanager menus.
现在,请确保我们更改的所有文件都已保存,并使用wampmanager菜单重新启动Apache。
First test that the unprotected site is still working.
第一个测试,未受保护的站点仍在工作。
Then try using your new protected site by adding the 'https://' to the front of the domain name i.e. https://www.wamphelpers.dev without the single quotes of course.
然后,尝试使用新的受保护的站点,将“https://”添加到域名的前面,即https://www.wam. dev,当然没有单引号。
If Apache does not restart you have probably spelt something wrong. Test the configs like so :-
如果Apache不重启,您可能会拼写错误。像这样测试configs:-。
Open a command window
打开一个命令窗口
cd \wamp\bin\apache\apachex.y.z\bin
httpd -t
This will parse all the config files and should give you a file name and a line number where an error has been found.
这将解析所有的配置文件,并给您一个文件名和一个行号,其中发现了错误。
Fix it and try again.
修好它,再试一次。
First access to your site will generate a message page something like this. This is using FireFox, others will be slightly different, but the concept it the same.
第一次访问您的站点将生成一个类似这样的消息页面。这是使用FireFox,其他的将略有不同,但概念是一样的。
This is because your certificate is not signed by a trusted authority, DONT PANIC, this is supposed to happen.
这是因为您的证书不是由可信的权威签名的,不要惊慌,这是应该发生的。
Click on, 'I Understand the risk' and that will show you a button saying 'Add Exception' Press the Add Exception button, after checking that the certificates site details are in fact yours, and you will not see this message again unless you clear the exception list.
点击,“我了解风险”,这将显示一个按钮,显示“添加异常”按下Add Exception按钮,检查证书站点的详细信息实际上是您的,并且您将不会再次看到此消息,除非您清除了异常列表。
BIG NOTE As of Apache v2.2.12 and OpenSSL v0.9.8j it is now possible to secure more than one site per Apache instance. This tutorial does not cover that process. See here for more details:
Apache v2.2.12和OpenSSL v0.9.8j的大型注释现在可以在每个Apache实例中获得多个站点。本教程不涉及此过程。详情如下:
在这里
这里
这里
And like I said at the top, now you need to do some reseach on all the options available in the SSL config and make thing work as you want rather than using the default.
正如我在上面所说的,现在您需要对SSL配置中所有可用的选项进行一些研究,并让它按照您的意愿工作,而不是使用缺省值。
#2
5
It is necessary activate the module LoadModule socache_shmcb_module modules/mod_socache_shmcb.so in the file httpd.conf in wampserver 2.5. If not apache throws the next message:
需要激活模块LoadModule socache_shmcb_module模块/mod_socache_shmcb。在文件httpd中。conf wampserver 2.5。如果不是apache,则抛出下一个消息:
AH00526: Syntax error on line 75 of C:/wamp/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf: SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
AH00526: C的第75行语法错误:/wamp/bin/apache/apache2.4.9/conf/额外/httpd-ssl。conf: SSLSessionCache:“shmcb”会话缓存不受支持(已知名称:)。也许您需要加载适当的socache模块(mod_socache_shmcb?)
#3
2
@RiggsFolly: some small errors/typos/additions in your tutorial. Below is used in combination with WAMPServer 2.5 64bits (Apache 2.4.9 and PHP 5.5.12) on Windows 7 SP1 64bits:
@ riggs蠢事:在你的教程中有一些小小的错误/错误/补充。以下是与WAMPServer 2.5 64位(Apache 2.4.9和PHP 5.5.12)在Windows 7 SP1 64位上的组合:
-httpd-vhosts.conf is located in extra/httpd-vhosts.conf
-httpd-vhosts。conf位于额外的/httpd-vhosts.conf中。
-when you try to edit your hosts file be sure to disable any virusscanner. Some of them block access to hosts file.
-当你试图编辑你的主机文件时,一定要禁用任何病毒扫描器。它们中的一些可以阻止对主机文件的访问。
-be sure to open your texteditor as administrator when editing your hosts file or else you get an error trying to save.
-在编辑主机文件时,一定要以管理员身份打开您的texteditor,否则就会出现试图保存的错误。
-don't forget to remove # at the beginning of the host line if any
如果有的话,不要忘记在host行开头删除#。
-if you use WAMPServer 64bit be sure to download the 64bit version of OpenSSL
-如果你使用WAMPServer 64位,一定要下载64bit版本的OpenSSL。
-the step openssl genrsa -out website\server.key 2048 creates a server.key file and not a privkey.pem!
- step openssl genrsa out网站\服务器。密钥2048创建一个服务器。关键文件而不是私钥。pem!
-file \wamp\bin\apache\apachex.y.z\conf\httpd-ssl.conf is located at \wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf (maybe this depends on the WAMPServer version)
- file \ wamp \ bin \ apache \ apachex.y.z \ conf \ httpd-ssl。conf位于\wamp\bin\apache\apachex.y.z\conf\额外\httpd-ssl。conf(可能这取决于WAMPServer版本)
-I had to use different ports for http (80->8080) and https(443->444) as these ports where used by I think Skype. When you use different ports be sure to use these everywhere you see 80 or 443 in this tutorial
我必须使用不同的端口来使用http(80->8080)和https(443->444),因为我认为这些端口是Skype使用的。当您使用不同的端口时,请确保在本教程中看到的是80或443。
-I also had to enable socache_shmcb_module. The "httpd -t" also mentioned this.
-我还必须启用socache_shmcb_module。“httpd -t”也提到了这一点。
#4
1
@RiggsFolly: Self-signed certificate with key could be easily generated for example here... http://www.selfsignedcertificate.com/, so I could start the tutorial from step 4 (I also had standard :80 virtual server running).
@ riggs蠢事:可以很容易地生成带有密钥的自签名证书。com/,所以我可以从第4步开始教程(我也有标准的:80个虚拟服务器运行)。
Anyways some mentioned things were already enabled in default WAMP installation (I guess it changes from version to version), but the rest helped me a lot. And actually one thing was missing... I also had to uncomment the following line in "httpd.conf"
不管怎么说,在默认的WAMP安装中已经启用了一些东西(我想它从版本到版本都有变化),但是其他的都帮了我很大的忙。我还必须在“httpd.conf”中取消注释。
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#5
1
If you have the error :
如果你有错误:
Cannot load modules/mod_ssl.so into server: The operating system cannot run %1
不能对mod_ssl进行加载模块/。所以进入服务器:操作系统不能运行%1。
Then you have to :
然后你必须:
- Install Win32 OpenSSL here http://slproweb.com/products/Win32OpenSSL.html
- 在这里安装Win32OpenSSL http://slproweb.com/products/Win32OpenSSL.html。
- Copy / paste libeay32.dll, ssleay32.dll into your wamp php bin folder (C:\wamp64\bin\php\php5.6.19)
- 复制/粘贴libeay32。dll,ssleay32。dll到您的wamp php bin文件夹(C:\wamp64\bin\php\php5.6.19)
- Restart apache
- 重新启动apache
Note: Tested on Wamp server 3
注意:在Wamp服务器3上测试。
#6
1
If you have the error something like this:
如果你有这样的错误:
Cannot load modules/mod_ssl.so into server: The specified module could not be found.
-
You may want to try to searching libeay32.dll in your wamp folder, you probably find it in {wamp folder}/bin/php/php{version 7}/
你可能想试着搜索libeay32。在您的wamp文件夹中,您可能会在{wamp文件夹}/bin/php/php{version 7}/中找到它。
-
Copy libeay32.dll and ssleay32.dll and paste them into {wamp folder}/bin/apache/apache{version 2.x}/bin/ AND {wamp folder}/bin/php/php{verion 5.x}. MAKE SURE you backup anything you are placing.
libeay32副本。dll和ssleay32。将它们粘贴到{wamp文件夹}/bin/apache/apache /apache{版本2中。x}/bin/和{wamp文件夹}/bin/php/php{verion 5.x}。确保备份了你所放置的任何东西。
-
run httpd -t and test the syntax
运行httpd -t并测试语法。
NOTE: I believe it is due to the mistake in apache openssl part for wamp 3.0.6. Fortunately in php7 folder those dlls are compatible for the apache and php5.
注意:我认为这是由于wamp 3.0.6的apache openssl部分的错误。幸运的是,在php7文件夹中,这些dll与apache和php5兼容。
#7
0
Before all:
之前:
1).Shutdown WAMP and proceed to C:\wamp\scripts\config.inc.php move from array libeay32.dll,ssleay32.dll, lines 133,139
1).关闭WAMP,继续进行C:\ WAMP \scripts\config.inc。php从数组libeay32.dll中移动,ssleay32。dll,第133139行
2).Install OpenSSL from official site,pay attention on version of the your OS x64 or not.
2).从官方网站上安装OpenSSL,注意你的OS x64版本。
Command prompt:
命令提示符:
3).cd C:\wamp\bin\apache\apache2.4.23\bin
3)cd C:\ wamp \ bin \ apache \ apache2.4.23 \ bin
4). openssl req -new > localhost.csr
4). openssl req -新> localhost.csr。
5). openssl rsa -in privkey.pem -out localhost.key
5). openssl rsa -私钥。pem治疗localhost.key
6). openssl x509 -in localhost.csr -out localhost.crt -req -signkey localhost.key -days 365 -sha256 -extfile v3.ext
6). openssl x509—在本地主机。csr治疗localhost。crt点播-signkey localhost。键-日365 -sha256 -extfile v3.ext。
Update: from Chrome 58 we will need to provide Subject Alternative Name. This name we can obtain from extension file v3.ext:
更新:从Chrome 58开始,我们需要提供主题替换名称。我们可以从扩展文件v3.ext中获得这个名称:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = 127.0.0.1
DNS.2 = localhost
Very important in Common Name to insert 'localhost'
在通用名称中插入“localhost”非常重要
7).Grab localhost.key and localhost.crt and put them to C:\wamp\bin\apache\apache2.4.23\conf\key (sure,before create appropriate directory)
7).Grab localhost。键和localhost。crt并将它们放到C:\wamp\bin\apache\apache2.4.23\conf\key(当然,在创建适当的目录之前)
Configuration:
配置:
8).enable in C:\wamp\bin\apache\apache2.4.23\bin\php.ini and
8).enable在C:\ wamp \ bin \ apache \ apache2.4.23 \ bin \ php。ini和
C:\wamp\bin\php\php5.6.25\php.ini extension=php_openssl.dll
C:\ wamp \ bin \ php \ php5.6.25 \ php。ini扩展= php_openssl.dll
9).proceed to C:\wamp\bin\apache\apache2.4.23\conf\httpd.conf and uncomment:
9).proceed到C:\ wamp \ bin \ apache \ apache2.4.23 \ conf \ httpd。配置和取消:
LoadModule ssl_module modules/mod_ssl.so,
/ mod_ssl.so LoadModule ssl_module模块,
Include conf/extra/httpd-ssl.conf,
包括额外conf / / httpd-ssl.conf,
Include conf/extra/httpd-vhosts.conf,
包括额外conf / / httpd-vhosts.conf,
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
10). proceed to C:\wamp\bin\apache\apache2.4.23\conf\extra\httpd-ssl.conf
10)。继续C:\ wamp \ bin \ apache \ apache2.4.23 \ conf \额外\ httpd-ssl.conf
and make changes :
和修改:
SSLSessionCache "shmcb:c:/wamp/bin/apache/apache2.4.23/logs/ssl_scache(512000)" ,
SSLSessionCache“shmcb:c:/里面/ bin / apache / apache2.4.23 /日志/ ssl_scache(512000)“,
SSLSessionCacheTimeout 300,
SSLSessionCacheTimeout 300,
VirtualHost _default_:443,
虚拟主机_default_:443,
DocumentRoot "c:/wamp/www/",
DocumentRoot“c:/里面/ www /”,
ServerName localhost:443,
ServerName localhost:443,
ErrorLog "c:/wamp/bin/apache/apache2.4.23/logs/ssl_error.log"
, (create file if not exists)
,(如果不存在,创建文件)
TransferLog "c:/wamp/bin/apache/apache2.4.23/logs/access.log",
TransferLog“c:/里面/ bin / apache / apache2.4.23 /日志/ access.log”,
SSLCertificateFile "c:/wamp/bin/apache/apache2.4.23/conf/key/localhost.crt",
SSLCertificateFile“c:/里面/ bin / apache / apache2.4.23 / conf /键/ localhost.crt”,
SSLCertificateKeyFile "c:/wamp/bin/apache/apache2.4.23/conf/key/localhost.key",
SSLCertificateKeyFile“c:/里面/ bin / apache / apache2.4.23 / conf /键/ localhost.key”,
<Directory "c:/wamp/www/">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
,
,
CustomLog "c:/wamp/bin/apache/apache2.4.23/logs/ssl_request.log"
Certificate handling:
证书处理:
11).press Win+R and insert 'certmgr.msc',import servercert.crt into 'Trusted Root Certificated Authorities'
11)。按Win+R和插入“certmgr”。msc”,导入servercert。crt进入“受信任的根认证权威机构”
12). Check your server in command prompt 'httpd -t' should be 'Syntax OK'
12)。在命令提示中检查你的服务器“httpd -t”应该是“语法OK”
13). Launch Wamp and proceed to link https://localhost
13)。启动Wamp并继续链接https://localhost。
I am hope this will help
我希望这能有所帮助。
Note: please read this article about Mozilla behavior :
注意:请阅读这篇关于Mozilla行为的文章:
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/