如何安装:OpenSSL + WAMP [英] How to install: OpenSSL + WAMP
问题描述
这里有人在如何在本地开发计算机上获取SSL的过程上有明确而详细的步骤吗?我已经在c:\ wamp上安装了最新版本的WAMP(2.2c).我在网上找到的说明在大多数情况下似乎已经过时,并且缺少我需要做的正确的细节.
Does anyone here have clear and detailed steps on how to get SSL on my local development machine? I've installed the latest version of WAMP (2.2c) on c:\wamp. The instructions I find on the net seem to be outdated in most cases and lacking the details I need to get things done right.
推荐答案
指南:WampServer 2.5中的Openssl
先决条件:通常不需要安装openssl(它与Wamp捆绑在一起).例如,Apache 2.4.9包括1.0.1g.
Guide: Openssl in WampServer 2.5
Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance.
系统变量:
- 打开Windows系统面板("WIN + Q"搜索:系统)>高级系统设置">高级">环境变量"
- 在名为OPENSSL_CONF的系统变量中添加一个新条目,其值是openssl.cnf的路径(通常是C:\ wamp \ bin \ apache \ apache2.4.9 \ conf \ openssl.cnf之类的内容)
openssl文件夹结构:
-
在C:\ wamp \ bin \ apache \ apache#.#.#\ conf中创建以下文件夹结构:
In C:\wamp\bin\apache\apache#.#.#\conf create the following folder structure:
..
demoCA
|-----certs
|-----crl
|-----newcerts
|-----private
配置openssl.cnf :
- 我已遵循 Neil C. Obremski 的建议,并清除了以下内容默认值:
- countryName_default(原为"AU")
- stateOrProvinceName_default(以前是某些州")
- 0.organizationName_default(以前是"Internet Widgits Pty Ltd")
- organizationalUnitName_default(已经为空)
- I've followed Neil C. Obremski advice and cleared the following defaults:
- countryName_default (was "AU")
- stateOrProvinceName_default (was "Some-State")
- 0.organizationName_default (was "Internet Widgits Pty Ltd")
- organizationalUnitName_default (was already empty)
创建证书:
-
从命令行浏览到C:\ wamp \ bin \ apache \ apache#.#.#\ bin \并调用"openssl req -new -out cacert.csr -keyout cacert.pem".如果出现提示,请输入密码,然后输入DN信息,如下所示.
From command line browse to C:\wamp\bin\apache\apache#.#.#\bin\ and call "openssl req -new -out cacert.csr -keyout cacert.pem". If prompted enter a password and after that the DN informations like below.
Loading 'screen' into random state - done Generating a 1024 bit RSA private key .......................++++++ ....++++++ writing new private key to 'cacert.pem' Enter PEM pass phrase: my_secret_pass Verifying - Enter PEM pass phrase: my_secret_pass `----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. `----- Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: C:\wamp\bin\apache\apache2.4.9\bin>
-
现在在同一控制台窗口中使用"openssl rsa -in cacert.pem -out cacert.key",如果要求输入先前输入的密码.
In the same console window now use "openssl rsa -in cacert.pem -out cacert.key" and if asked enter the password previously entered.
Enter pass phrase for cacert.pem: my_secret_pass writing RSA key
-
删除C:\ wamp \ bin \ apache \ apache2.4.9 \ bin中的".rnd"文件
Remove the ".rnd" file in C:\wamp\bin\apache\apache2.4.9\bin
恭喜您现在是自签名证书的所有者!
Congrats you are now the owner of a self signed certificate!
在httpd.conf中启用SLL(搜索"#Include conf/extra/httpd-ssl.conf"),并更改httpd-ssl.conf中的以下条目:
In httpd.conf enable SLL (search for "#Include conf/extra/httpd-ssl.conf") + alter the following entries in httpd-ssl.conf:
SSLSessionCache "shmcb:C:/wamp/logs/ssl_scache(512000)" DocumentRoot "C:/wamp/www" #ErrorLog #TransferLog SSLCertificateFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/certs/cacert.cert" SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/private/cacert.key" CustomLog "C:/wamp/logs/ssl_request.log" \
现在通过调用httpd -t测试您的Apache安装. 如果出现以下错误"SSLSessionCache:不支持'shmcb'会话缓存(已知名称:).也许您需要加载适当的socache模块(mod_socache_shmcb?)..在httpd.conf中启用以下条目"LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"
Now test your Apache installation by calling httpd -t. If you get the following error "SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)." enable the following entry "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" in httpd.conf
现在为Wamp配置了https支持:-)
Wamp is now configured with https support :-)
我还使用httpd.conf中的以下配置启用了"LoadModule status_module modules/mod_status.so":
I've also enabled "LoadModule status_module modules/mod_status.so" using the following configuration in httpd.conf:
<IfModule status_module> ExtendedStatus On <Location /server-status> SetHandler server-status </Location> </IfModule>
您现在可以在此处查看服务器状态
You can check now your server status here
https://localhost/server-status/
Apache/2.4.9(Win64)OpenSSL/1.0.1g PHP/5.5.12服务器位于本地主机端口443
Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12 Server at localhost Port 443
注释:
- 在尝试使它在我的计算机上工作时,我做了这个改动(这是我第一次尝试在Windows/wamp上使用OpenSSL).
- 本指南不适用于生产系统!
- 根据您的openssl.cnf,您可能不得不更改一些名称等内容
- 我的意图不是围绕最佳教程,而是简单地记录所有必需的更改以使SSL在WAMP中正常工作.
- 确保为您的x509证书设置正确的天数
- 我终于知道为什么NSA可以通过如此复杂的过程轻松进入服务器:D
- 由于Wamp将Apache和OpenSSL捆绑在一起,所以最好单独安装它??
这篇关于如何安装:OpenSSL + WAMP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!