在 wamp 服务器中安装 SSL:httpd-ssl.conf 中的错误 [英] Installation SSL in wamp server: Error in httpd-ssl.conf
问题描述
我正在尝试在本地主机上设置 ssl 我遵循了
注意:不要使用V1.1版本,PHP团队还没有用这些新链接编译PHP,所以坚持使用V1.0.?版本,直到他们做.
选择最新版本的Win32 OpenSSLv xxx Light"或Win64 OpenSSLv xxx Light"以匹配您安装的 WAMPServer 版本,因为这就是您所需要的.
这将下载一个 .exe 文件,您可以运行该文件来安装此工具包.
它会问以下问题,我建议你这样回答,这样你就不会在 C:\windows\system32 中安装一些东西.毕竟这是一个工具包,它经常发生合理的变化.最好将这些东西分开,不要让它们成为系统全局的.
安装后(安装到您在安装中指定的任何文件夹),您应该准备开始生成密钥和证书的过程!
<小时>生成密钥和证书.
步骤 1:生成 RSA 私钥
首先我们需要为自己创建一个证书.正常(付费)过程是创建您的证书,然后将其传递给签名机构.这就是为什么他们必须花费金钱进行尽职调查,以检查您是否是您所说的人,以及您将在其上使用证书的网站是否真实合法.
openssl 工具包用于生成要用于我们的证书的 RSA 私钥和 CSR(证书签名请求).第一步是创建您的 RSA 私钥.此密钥是一个 1024 位 RSA 密钥,使用 Triple-DES 加密并以 PEM 格式存储,以便可以作为 ASCII 文本读取.
使用[b]以管理员身份运行[/b]打开一个命令窗口(Dos框)将目录更改为上面安装 OpenSSL Toolkit 的位置.就我而言,这是
CD c:\apps\OpenSSL-Win32\bin为要放入的输出创建一个文件夹(以保持 bin 文件夹整洁)我使用的网站
md 网站现在输入这个命令:
openssl genrsa -out website\server.key 2048这应该在网站文件夹中创建了一个名为 server.key 的文件,没有密码短语密钥,检查它是否存在.
第 2 步:生成 CSR(证书签名请求)
在生成 CSR 的过程中,系统会提示您输入几条信息.这些是证书的 X.509 属性.提示之一是通用名称(例如服务器 FQDN 或您的名称)[]:".请务必在此字段中填写要受 SSL 保护的服务器的完全限定域名.因此,如果要保护的网站是 https://www.wamphelpers.dev,则在此提示下输入 www.wampheplers.dev.我使用 wamphelper.dev 作为我的 ServerName 是 ServerName wamphelpers.dev
不要在问题中输入任何内容:挑战密码 []:] 只需按 Enter.如果您在配置 SSL 的情况下启动 Apache 时在此处输入密码,则 Apache 将无法启动,并会显示此错误消息:-
[错误] 初始化:Win32 不支持内置 SSLPassPhraseDialog
基本上,如果您确实输入了密码,Apache 应该会在每次启动时向您询问该密码.这显然不会让你的生活变得更轻松,但主要是在 Windows 上它实际上不起作用并且会导致 Apache 在尝试请求密码时崩溃,并出现上述错误.
生成CSR的命令如下:
openssl req -new -key website\server.key -out website\server.csr示例问题和答案:国家名称(2 个字母代码)[AU]:GB州或省名称(全名)[Some-State]:汉普郡地区名称(例如,城市)[]:朴茨茅斯组织名称(例如,公司)[Internet Widgits Pty Ltd]:Wamp Helpers Ltd组织单位名称(例如,部分)[]:信息技术通用名称(例如服务器 FQDN 或您的姓名)[]:wamphelpers.dev电子邮件地址 []: me@wamphelpers.dev请输入以下额外"属性与您的证书请求一起发送挑战密码 []: (留空只需按回车键)一个可选的公司名称 []:(留空只需按回车键)第 3 步:生成自签名证书
此时您将需要生成自签名证书,因为你要么不打算让 CA 签署你的证书,要么你想测试在 CA 签署您的证书时您的新 SSL 实施.
预先警告此证书将在客户端浏览器中生成错误,大意是签名证书颁发机构未知且不受信任.这是不可避免的,因为我们自己签署证书,但信任网络当然不知道我们是谁.请参阅本文档后面的示例,该示例展示了如何告诉您的浏览器您确实信任此证书
openssl x509 -req -days 365 -in website\server.csr -signkey website\server.key -out website\server.crt示例输出:将屏幕"加载到随机状态 - 完成签名好subject=/C=GB/ST=Hampshire/L=Portsmouth/O=WampHelpers Ltd/OU=Information Technology/CN=www.wamphelpers.dev/emailAddress=riggsfolly@wamphelpers.dev获取私钥第 4 步:安装私钥和证书
在您使用的 Apache 版本下创建这 2 个目录.
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.keymd c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt然后将我们刚刚生成的文件复制到其中,如下所示:
copy website\server.crt c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt复制网站\server.key c:\wamp\bin\apache\apachex.y.z\conf\ssl.key步骤 5:配置 Apache 以激活 SSL
编辑httpd.conf,检查这一行是否没有注释
LoadModule authn_socache_module modules/mod_authn_socache.soLoadModule ssl_module modules/mod_ssl.soLoadModule socache_shmcb_module modules/mod_socache_shmcb.so也从这一行中删除注释#"
包含conf/extra/httpd-ssl.conf然后在这个块之后移动那条线......就像这样
SSLRandomSeed 启动内置SSLRandomSeed 连接内置</IfModule># 安全 (SSL/TLS) 连接包括 conf/extra/httpd-ssl.conf 第 6 步:配置 PHP 以激活 SSL
编辑您的 php.ini(使用 wampmanager 菜单,以便您编辑正确的菜单)
删除注释';'从这一行
extension=php_openssl.dll第 7 步:配置您的安全站点虚拟主机
是的,对于所有不喜欢虚拟主机的人来说,现在您无法避免这个过程.
编辑\wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf
该文件由 Apache 发布并包含一些默认文件位置.我们可以保留此文件的大部分内容,但我们需要在此处配置虚拟主机以匹配我们的实际站点位置和其他一些内容:
找到这些行
DocumentRoot "c:/Apache2/htdocs"服务器名称 www.example.com:443服务器管理员 admin@example.comErrorLog "c:/Apache2/logs/error.log"TransferLog "c:/Apache2/logs/access.log"并将它们更改为
DocumentRoot "c:/wamp/www/wamphelpers"服务器名称 wamphelpers.dev:443ErrorLog "c:/wamp/logs/ssl_error.log"TransferLog "c:/wamp/logs/ssl_access.log"查找
SSLCertificateFile "c:/Apache2/conf/server.crt"并更改为
SSLCertificateFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.crt/server.crt"查找
SSLCertificateKeyFile "c:/Apache2/conf/server.key"并更改为
SSLCertificateKeyFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.key/server.key"查找
<目录c:/Apache2/cgi-bin">SSLOptions +StdEnvVars</目录>并更改为
Apache 2.2 语法
<目录c:/wamp/www/wamphelpers">SSLOptions +StdEnvVars选项索引 FollowSymLinks MultiViews允许覆盖所有订单拒绝,允许拒绝所有人允许来自 127.0.0.1 本地主机 ::1</目录>Apache 2.4 语法
<目录c:/wamp/www/wamphelpers">SSLOptions +StdEnvVars选项索引 FollowSymLinks MultiViews允许覆盖所有需要本地</目录>查找
SSLSessionCache "shmcb:c:/Apache2/logs/ssl_scache(512000)"SSLSessionCacheTimeout 300并将其更改为
SSLSessionCache "shmcb:c:/wamp/logs/ssl_scache(512000)"SSLSessionCacheTimeout 300查找
CustomLog "c:/Apache24/logs/ssl_request.log" \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"并更改为
CustomLog "c:/wamp/logs/ssl_request.log" \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"基本上查看conf文件和任何没有注释掉但有文件或文件夹引用的命令应该更改为引用 WAMPServer 文件夹结构,而不是C:/Apache2 ...."
现在确保我们更改的所有这些文件都已保存,并使用 wampmanager 菜单重新启动 Apache.
首先测试未受保护的站点是否仍在工作.
然后通过在域名前面添加https://"来尝试使用新的受保护站点即 https://www.wamphelpers.dev 当然没有单引号.
如果 Apache 没有重新启动,您可能拼写错误.像这样测试配置:-
打开命令窗口
cd \wamp\bin\apache\apachex.y.z\binhttpd -t这将解析所有的配置文件,并为您提供文件名和发现错误的行号.
修复它并重试.
首次访问您的网站将生成一个类似这样的消息页面.这是使用FireFox,其他的会略有不同,但概念是一样的.
这是因为您的证书不是由受信任的机构签署的,DONT PANIC,这是应该发生的.
点击我了解风险",然后会显示一个按钮,上面写着添加例外"在检查证书站点详细信息实际上是您的后,按添加例外"按钮,除非您清除例外列表,否则您将不会再次看到此消息.
重要提示从 Apache v2.2.12 和 OpenSSL v0.9.8j 开始,现在可以为每个 Apache 实例保护多个站点.本教程不涉及该过程.请参阅此处了解更多详情:
就像我在顶部所说的那样,现在您需要对 SSL 配置中的所有可用选项进行一些研究,并使事情按您的意愿工作,而不是使用默认设置.
I am trying to set ssl on local host i have follwed the http://madurad.wordpress.com/2014/04/25/redirect-http-to-https-with-wamp-server/ and many others but unable to get success. i stuck in the syntax of httpd-ssl.conf. my apache server get down when i set the
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
SSLOptions +StdEnvVars
</Directory>
i have tried many others like
<Directory "c:/wamp/www/">
SSLOptions +StdEnvVars
</Directory>
what is issue not able to get....
How to Configure WAMPServer to use HTTPS SSL
This is not a trivial process. This tutorial will, hopefully, get SSL working for you. However getting it configured correctly once it is working is TOTALLY DOWN TO YOU.
Additional reading for all who travel this road
Ok,
I have based this tutorial on the creation of a site called www.wamphelpers.dev So whereever you see that name change it to the site name you are trying to secure.
I started by creating a unsecured site, in \wamp\www\wamphelpers
added a Virtual Host for that site, in \wamp\bin\apache\apache{version}\conf\extra\httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "c:/wamp/www"
ServerName localhost
ServerAlias localhost
<Directory "c:/wamp/www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev
ServerAlias www.wamphelpers.dev
<Directory "c:/wamp/www/wamphelpers">
AllowOverride All
Require local
</Directory>
</VirtualHost>
Added its domainname to the C:\windows\system32\drivers\etc\hosts
Some virus checkers block access to the HOSTS file so you may need to disable your virus checker, or configure it not to block the hosts file temporarily.
127.0.0.1 wamphelpers.dev www.wamphelpers.dev
::1 wamphelpers.dev www.wamphelpers.dev
Now restart the dnscache as follows from a command windows launched using 'Run as Administrator'
net stop dnscache
net start dnscache
Then created a simple script in \wamp\www\wamphelpers\index.php
<?php
echo 'Hello, this is the WAMPHELPERS.DEV site homepage';
?>
Now to activate the new Virtual Hosts you have defined, edit \wamp\bin\apache\apache{version}\conf\httpd.conf and find this line
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
and remove the # comment character like so
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Save the file.
Now restart Apache and make sure that your simple unsecured Virtually Hosted site is working before continuing.
The openssl toolkit. The openssl.exe, ssleay32.dll and libeay32.dll come with, and are located in, the C:\wamp\bin\apache\apachex.y.z\bin folder This should be all you need to create your self signed certificate !!
HOWEVER: These did not work for me on any of the versions of Apache that I had installed. I always got this error message.
Where the ordinal number changed depending on the apache version folder I was in.
If you get this error dont worry this is what you need to do.
install the latest version of the OPENSSL TOOLKIT
This can be obtained from here
NOTE: Dont use the V1.1 version yet, the PHP team have not yet compiled PHP with these new linkages, so stick to the V1.0.? versions until they do.
Pick the Latest version of 'Win32 OpenSSLv xxx Light' or 'Win64 OpenSSLv xxx Light' to match your installed version of WAMPServer, as this is all you need.
This will download an .exe file which you can run to install this toolkit.
It will ask the following question, I suggest you answer it like this so you dont end up installing something into C:\windows\system32. Afterall this is a toolkit and it changes reasonably often. Best to keep these things seperate and not make them system global.
Once that is installed ( to whichever folder you specified in the install )you should be ready to start the process of generating keys and certificates!
Generate keys and Certificates.
STEP 1: Generate an RSA Private Key
First we need to create ourselves a certificate. The normal (paid for) process is to create your certificate and then pass it to a signing authority. This is why it costs money, as they have to do, due dilligence, to check that you are who you say you are and that site that you will use the certificate on is real and legitimate.
The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request) to be used for our Certificate. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
Open up a Command window (Dos box) using [b]Run as Administrator[/b] Change Directory to where you installed the OpenSSL Toolkit above. In my case this is
CD c:\apps\OpenSSL-Win32\bin
Make a folder for the output to be put in ( to keep the bin folder tidy ) I used website
md website
Now enter this command:
openssl genrsa -out website\server.key 2048
This should have created a file in the website folder called server.key, without a pass phrase key, check it exists.
Step 2: Generate a CSR (Certificate Signing Request)
During the generation of the CSR, you will be prompted for several pieces of information.
These are the X.509 attributes of the certificate.
One of the prompts will be for "Common Name (e.g. server FQDN or YOUR name) []:".
It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL.
So if the website to be protected will be https://www.wamphelpers.dev, then enter www.wampheplers.dev at this prompt. I used wamphelper.dev as my ServerName is ServerName wamphelpers.dev
Do not enter anything to the question: A challenge password []:] Just press Enter. If you do enter a passphrase here when you come to start Apache with SSL configured Apache will not start and will give this error message :-
[error] Init: SSLPassPhraseDialog builtin is not supported on Win32
Basically if you do enter a passphrase Apache is supposed to challenge you for that passphrase each time it starts. This is obviously not going to make your life any easier but primarily on windows it does not actually work and will cause Apache to crash when it attempts to ask for the passphrase, with the above error.
The command to generate the CSR is as follows:
openssl req -new -key website\server.key -out website\server.csr
Example question and answers:
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]: Hampshire
Locality Name (eg, city) []: Portsmouth
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Wamp Helpers Ltd
Organizational Unit Name (eg, section) []: Information Technology
Common Name (e.g. server FQDN or YOUR name) []: wamphelpers.dev
Email Address []: me@wamphelpers.dev
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ( leave blank just hit the enter key )
An optional company name []: ( leave blank just hit the enter key )
Step 3: Generating a Self-Signed Certificate
At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate.
PRE - WARNING This certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted. This is unavoidable as we are signing the certificate ourselves, but of course the web of trust does not know who we are. See example later in this document showing how to tell your browser that you actually trust this certificate
openssl x509 -req -days 365 -in website\server.csr -signkey website\server.key -out website\server.crt
Example output:
Loading 'screen' into random state - done
Signature ok
subject=/C=GB/ST=Hampshire/L=Portsmouth/O=WampHelpers Ltd/OU=Information Technology/CN=www.wamphelpers.dev/emailAddress=riggsfolly@wamphelpers.dev
Getting Private key
Step 4: Installing the Private Key and Certificate
Create these 2 directories under the version of Apache you are using.
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
And copy the file we have just generated into them like so:
copy website\server.crt c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
copy website\server.key c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
Step 5: Configure Apache to activate SSL
Edit httpd.conf, Check that this line is uncommented
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Remove the comment '#' from this line also
Include conf/extra/httpd-ssl.conf
Then move that line after this block .... like so
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Step 6: Configure PHP to activate SSL
Edit your php.ini ( use the wampmanager menus so you edit the correct one )
Remove the comment ';' from this line
extension=php_openssl.dll
Step 7: Configure your secure sites Virtual Host
Yup for all you Virtual Host nay sayers, now you cannot avoid the process.
Edit \wamp\bin\apache\apachex.y.z\conf\extra\httpd-ssl.conf
This file is released by Apache and contains some default file location. We can leave most of this file as it is, but we need to configure the virtual host in here to match our actual sites location and a few other things so:
find these lines
DocumentRoot "c:/Apache2/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error.log"
TransferLog "c:/Apache2/logs/access.log"
and change them to
DocumentRoot "c:/wamp/www/wamphelpers"
ServerName wamphelpers.dev:443
ErrorLog "c:/wamp/logs/ssl_error.log"
TransferLog "c:/wamp/logs/ssl_access.log"
Find
SSLCertificateFile "c:/Apache2/conf/server.crt"
and change to
SSLCertificateFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.crt/server.crt"
Find
SSLCertificateKeyFile "c:/Apache2/conf/server.key"
and change to
SSLCertificateKeyFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.key/server.key"
Find
<Directory "c:/Apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
and change to
Apache 2.2 Syntax
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
Apache 2.4 Syntax
<Directory "c:/wamp/www/wamphelpers">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
Find
SSLSessionCache "shmcb:c:/Apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
and change it to
SSLSessionCache "shmcb:c:/wamp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Find
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
and change to
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Basically look through the conf file and any command that is not commented out, but has a reference to a file or folder should be changed to reference the WAMPServer folder structure and not 'C:/Apache2....'
Now make sure all these files we have changed are saved, and restart Apache using the wampmanager menus.
First test that the unprotected site is still working.
Then try using your new protected site by adding the 'https://' to the front of the domain name
i.e. https://www.wamphelpers.dev without the single quotes of course.
If Apache does not restart you have probably spelt something wrong. Test the configs like so :-
Open a command window
cd \wamp\bin\apache\apachex.y.z\bin
httpd -t
This will parse all the config files and should give you a file name and a line number where an error has been found.
Fix it and try again.
First access to your site will generate a message page something like this. This is using FireFox, others will be slightly different, but the concept it the same.
This is because your certificate is not signed by a trusted authority, DONT PANIC, this is supposed to happen.
Click on, 'I Understand the risk' and that will show you a button saying 'Add Exception' Press the Add Exception button, after checking that the certificates site details are in fact yours, and you will not see this message again unless you clear the exception list.
BIG NOTE As of Apache v2.2.12 and OpenSSL v0.9.8j it is now possible to secure more than one site per Apache instance. This tutorial does not cover that process. See here for more details:
And like I said at the top, now you need to do some reseach on all the options available in the SSL config and make thing work as you want rather than using the default.
这篇关于在 wamp 服务器中安装 SSL:httpd-ssl.conf 中的错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
