wamp下开启https双向验证
来源:互联网 发布:淘宝app里面是h5吗 编辑:程序博客网 时间:2024/05/21 21:37
wamp下开启https双向验证
一. 开启apache的https访问
D:\wamp\bin\apache\apache2.4.9\conf\httpd.conf文件中
Include conf/extra/httpd-ssl.conf
LoadModule ssl_module modules/mod_ssl.so
httpd.conf文件中Include conf/extra/httpd-ssl.conf
在httpd-ssl.conf里配置:
<VirtualHost *:443> ... SSLEngine on SSLCertificateFile "${SRVROOT}/conf/ssl/server-cert.pem" #SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server-key.pem" # Uncomment the following directive when using client certificate authentication SSLCACertificateFile "${SRVROOT}/conf/ssl/ca-cert.pem" #ie客户端未提示选择证书 #SSLCARevocationFile "${SRVROOT}/conf/ssl/ca.crt" #ie客户端提示选择证书 #此块内容可以在客户端获取自己的信息 SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StdEnvVars ...</VirtualHost>
二:生成CA证书
目前不使用第三方权威机构的CA来认证,自己充当CA的角色。
1. 创建私钥 :
openssl genrsa -out D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem 1024
2.创建证书请求 :
openssl req -new -out D:/wamp/Apache24/conf/demoCA/ca/ca-req.csr -key D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem(如果出现:unable to load config info from /user/local/ssl/openssl.cnf加上命令参数为:openssl req -config openssl.cnf -new -out D:/wamp/Apache24/conf/demoCA/ca/ca-req.csr -key D:/wamp/Apache24/conf/demoCA/ca/ca-key.pemopenssl.cnf 为全路径,如果openssl.cnf与opensll.exe同目录下,则可写为:-config openssl.cnf )openssl req -config openssl.cnf -new -out D:/wamp/Apache24/conf/demoCA/ca/ca-req.csr -key D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem)----------Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:tbOrganizational Unit Name (eg, section) []:tbCommon Name (eg, YOUR name) []:caEmail Address []:ca@ca.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
3.自签署证书 :
openssl x509 -req -in D:/wamp/Apache24/conf/demoCA/ca/ca-req.csr -out D:/wamp/Apache24/conf/demoCA/ca/ca-cert.pem -signkey D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem -days 3650
4.将证书导出成浏览器支持的.p12格式 :
openssl pkcs12 -export -clcerts -in D:/wamp/Apache24/conf/demoCA/ca/ca-cert.pem -inkey D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem -out D:/wamp/Apache24/conf/demoCA/ca/ca.p12
密码:123456
5.复制ca-cert.pem 到 conf/ssl/ca-cert.pem
///备注
subject=/C=cn/ST=bj/L=bj/O=tb/OU=tb/CN=ca/emailAddress=ca@ca.com
三.生成server证书
1.创建私钥 :
openssl genrsa -out D:/wamp/Apache24/conf/demoCA/server/server-key.pem 1024
2.创建证书请求 :
openssl req -new -out D:/wamp/Apache24/conf/demoCA/server/server-req.csr -key D:/wamp/Apache24/conf/demoCA/server/server-key.pem-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:tbOrganizational Unit Name (eg, section) []:tbCommon Name (eg, YOUR name) []:localhost #此处一定要写服务器所在ipEmail Address []:server@server.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
3.自签署证书 :
openssl x509 -req -in D:/wamp/Apache24/conf/demoCA/server/server-req.csr -out D:/wamp/Apache24/conf/demoCA/server/server-cert.pem -signkey D:/wamp/Apache24/conf/demoCA/server/server-key.pem -CA D:/wamp/Apache24/conf/demoCA/ca/ca-cert.pem -CAkey D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式 :
openssl pkcs12 -export -clcerts -in D:/wamp/Apache24/conf/demoCA/server/server-cert.pem -inkey D:/wamp/Apache24/conf/demoCA/server/server-key.pem -out D:/wamp/Apache24/conf/demoCA/server/server.p12
密码:123456
5.复制server-cert.pem 到 conf/ssl/server-cert.pem;复制server-key.pem 到 conf/ssl/server-key.pem。
///备注
subject=/C=cn/ST=bj/L=bj/O=tb/OU=tb/CN=localhost/emailAddress=server@server.com
四.生成client证书(每个客户端需要制作不同的客户端证书,使用同一个CA来制作客户端证书)
1.创建私钥 :
openssl genrsa -out D:/wamp/Apache24/conf/demoCA/client/client-key.pem 1024
2.创建证书请求 :
openssl req -new -out D:/wamp/Apache24/conf/demoCA/client/client-req.csr -key D:/wamp/Apache24/conf/demoCA/client/client-key.pem-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:bjLocality Name (eg, city) []:bjOrganization Name (eg, company) [Internet Widgits Pty Ltd]:tbOrganizational Unit Name (eg, section) []:tbCommon Name (eg, YOUR name) []:dong(填写为客户端机器IP)Email Address []:dong@dong.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
3.自签署证书 :
openssl x509 -req -in D:/wamp/Apache24/conf/demoCA/client/client-req.csr -out D:/wamp/Apache24/conf/demoCA/client/client-cert.pem -signkey D:/wamp/Apache24/conf/demoCA/client/client-key.pem -CA D:/wamp/Apache24/conf/demoCA/ca/ca-cert.pem -CAkey D:/wamp/Apache24/conf/demoCA/ca/ca-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式 :
openssl pkcs12 -export -clcerts -in D:/wamp/Apache24/conf/demoCA/client/client-cert.pem -inkey D:/wamp/Apache24/conf/demoCA/client/client-key.pem -out D:/wamp/Apache24/conf/demoCA/client/client.p12
密码:123456
五、客户端导入将ca12,client12证书
IE中(打开IE->;Internet选项->内容->证书)
ca12导入至受信任的根证书颁发机构,client12导入至个人
Firefox中(工具-选项-高级-加密-查看证书-您的证书)
将ca12和client12均导入这里
浏览器敲入url测试(https://localhost/index.php),会弹出证书选择,验证通过后会打印出SSL_CLIENT_VERIFY等ssl信息。
- wamp下开启https双向验证
- HttpsUrlConnection https双向验证
- Wamp apache 配置 Https 双向 认证 全过程
- Apache 开启Https双向认证
- android 开启Https双向认证
- tomcat下配置https (超文本传输协议)-单向/双向验证
- wamp下配置https协议
- Android HTTPS SSL双向验证
- Android HTTPS SSL双向验证
- Android HTTPS SSL双向验证
- https实现双向验证请求
- nginx下开启https
- win7_x64环境下 wamp 开启不了curl
- windows7X64环境下wamp开启PHP_Curl组件
- windows7X64环境下wamp开启PHP_Curl组件
- windows7X64环境下wamp开启PHP_Curl组件
- 在wamp下使用netbeans开启Xdbug
- Node.Js TLS(SSL) HTTPS双向验证
- 用pandas按列合并两个文件
- mysql(三):mysql查询语句 和 多表关联查询 以及 子查询
- 数据分析
- 7.0权限处理
- 记录PHP编码规范
- wamp下开启https双向验证
- Mac OS 使用笔记
- git
- Revit调用winform
- string的正则表达式
- flask1
- mysql innodb 行锁解锁后出现1213 死表现象 Deadlock found when
- guava库
- solr入门