如何安装:OpenSSL + WAMP [英] How to install: OpenSSL + WAMP

问题描述

这里有人在如何在本地开发计算机上获取SSL的过程上有明确而详细的步骤吗?我已经在c:\ wamp上安装了最新版本的WAMP(2.2c).我在网上找到的说明在大多数情况下似乎已经过时，并且缺少我需要做的正确的细节.

Does anyone here have clear and detailed steps on how to get SSL on my local development machine? I've installed the latest version of WAMP (2.2c) on c:\wamp. The instructions I find on the net seem to be outdated in most cases and lacking the details I need to get things done right.

推荐答案

指南:WampServer 2.5中的Openssl

先决条件:通常不需要安装openssl(它与Wamp捆绑在一起).例如，Apache 2.4.9包括1.0.1g.

Guide: Openssl in WampServer 2.5

Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance.

系统变量:

• 打开Windows系统面板("WIN + Q"搜索:系统)>高级系统设置">高级">环境变量"
• 在名为OPENSSL_CONF的系统变量中添加一个新条目，其值是openssl.cnf的路径(通常是C:\ wamp \ bin \ apache \ apache2.4.9 \ conf \ openssl.cnf之类的内容)

openssl文件夹结构:

• 在C:\ wamp \ bin \ apache \ apache#.#.#\ conf中创建以下文件夹结构:

• In C:\wamp\bin\apache\apache#.#.#\conf create the following folder structure:

..
demoCA
|-----certs
|-----crl
|-----newcerts
|-----private

配置openssl.cnf :

• 我已遵循 Neil C. Obremski 的建议，并清除了以下内容默认值:
  • countryName_default(原为"AU")
  • stateOrProvinceName_default(以前是某些州")
  • 0.organizationName_default(以前是"Internet Widgits Pty Ltd")
  • organizationalUnitName_default(已经为空)
  • I've followed Neil C. Obremski advice and cleared the following defaults:
    • countryName_default (was "AU")
    • stateOrProvinceName_default (was "Some-State")
    • 0.organizationName_default (was "Internet Widgits Pty Ltd")
    • organizationalUnitName_default (was already empty)

    创建证书:

    • 从命令行浏览到C:\ wamp \ bin \ apache \ apache#.#.#\ bin \并调用"openssl req -new -out cacert.csr -keyout cacert.pem".如果出现提示，请输入密码，然后输入DN信息，如下所示.

    • From command line browse to C:\wamp\bin\apache\apache#.#.#\bin\ and call "openssl req -new -out cacert.csr -keyout cacert.pem". If prompted enter a password and after that the DN informations like below.

    
    Loading 'screen' into random state - done
    Generating a 1024 bit RSA private key
    .......................++++++
    ....++++++
    writing new private key to 'cacert.pem'
    Enter PEM pass phrase: my_secret_pass
    Verifying - Enter PEM pass phrase: my_secret_pass
    `-----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    `-----
    Country Name (2 letter code) []:
    State or Province Name (full name) []:
    Locality Name (eg, city) []:
    Organization Name (eg, company) []:
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:local
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    
    C:\wamp\bin\apache\apache2.4.9\bin>
    

  • 现在在同一控制台窗口中使用"openssl rsa -in cacert.pem -out cacert.key"，如果要求输入先前输入的密码.

  • In the same console window now use "openssl rsa -in cacert.pem -out cacert.key" and if asked enter the password previously entered.

    
    Enter pass phrase for cacert.pem: my_secret_pass
    writing RSA key
    

  • 删除C:\ wamp \ bin \ apache \ apache2.4.9 \ bin中的".rnd"文件

  • Remove the ".rnd" file in C:\wamp\bin\apache\apache2.4.9\bin

    恭喜您现在是自签名证书的所有者！

    Congrats you are now the owner of a self signed certificate!

    我已根据此

  • cacert.pem，C:\ wamp \ bin \ apache \ apache#中的cacert.key.#.#\ conf \ demoCA \ private
  • cacert.cert，C:\ wamp \ bin \ apache \ apache#.#.#\ conf \ demoCA \ certs中的cacert.csr

  在httpd.conf中启用SLL(搜索"#Include conf/extra/httpd-ssl.conf")，并更改httpd-ssl.conf中的以下条目:

  In httpd.conf enable SLL (search for "#Include conf/extra/httpd-ssl.conf") + alter the following entries in httpd-ssl.conf:

  SSLSessionCache        "shmcb:C:/wamp/logs/ssl_scache(512000)"
  DocumentRoot "C:/wamp/www"
  #ErrorLog
  #TransferLog
  SSLCertificateFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/certs/cacert.cert"
  SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/private/cacert.key"
  CustomLog "C:/wamp/logs/ssl_request.log" \
  

  现在通过调用httpd -t测试您的Apache安装. 如果出现以下错误"SSLSessionCache:不支持'shmcb'会话缓存(已知名称:).也许您需要加载适当的socache模块(mod_socache_shmcb?)..在httpd.conf中启用以下条目"LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"

  Now test your Apache installation by calling httpd -t. If you get the following error "SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)." enable the following entry "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" in httpd.conf

  现在为Wamp配置了https支持:-)

  Wamp is now configured with https support :-)

  我还使用httpd.conf中的以下配置启用了"LoadModule status_module modules/mod_status.so":

  I've also enabled "LoadModule status_module modules/mod_status.so" using the following configuration in httpd.conf:

  <IfModule status_module>
  
  ExtendedStatus On
  <Location /server-status>
      SetHandler server-status
  </Location>
  
  </IfModule>
  

  您现在可以在此处查看服务器状态

  You can check now your server status here

  https://localhost/server-status/
  

  Apache/2.4.9(Win64)OpenSSL/1.0.1g PHP/5.5.12服务器位于本地主机端口443

  Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12 Server at localhost Port 443

  注释:

  • 在尝试使它在我的计算机上工作时，我做了这个改动(这是我第一次尝试在Windows/wamp上使用OpenSSL).
  • 本指南不适用于生产系统！
  • 根据您的openssl.cnf，您可能不得不更改一些名称等内容
  • 我的意图不是围绕最佳教程，而是简单地记录所有必需的更改以使SSL在WAMP中正常工作.
  • 确保为您的x509证书设置正确的天数
  • 我终于知道为什么NSA可以通过如此复杂的过程轻松进入服务器:D
  • 由于Wamp将Apache和OpenSSL捆绑在一起，所以最好单独安装它??

  这篇关于如何安装:OpenSSL + WAMP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！