在Apache上設定安裝SSL憑證(XAMPP)

之前曾經分享在Windows IIS上安裝SSL憑證,這次來分享在Apache上設定安裝SSL憑證。
要安裝SSL憑證,首先先要找SSL驗證機構來購買憑證(若您想用免費的Letsencrypt可參考這篇)

在Apache上設定安裝SSL憑證(XAMPP)

我是找COMOD,申請時會需要你提供主機的CSR code (Apache+modssl)

回到網站主機,我的主機是用Xampp Windows,到\xampp\apache\bin下,執行這三行指令

set OPENSSL_CONF=YourDrive:\xampp\apache\conf\openssl.cnf

set RANDFILE=C:\Temp\.rnd

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
......+++
.....+++
writing new private key to 'myserver.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taipei
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hahasmile
Organizational Unit Name (eg, section) []:blog
Common Name (e.g. server FQDN or YOUR name) []:blog.hahasmile.com
Email Address []:dorigo.tw@yahoo.com.tw

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xxxxxxxxxxxxxxx
An optional company name []:hahasmile

之後到\xampp\apache\bin下,找到server.csr,用記事本開啟它

複製內容貼到申請SSL的頁面

在Apache上設定安裝SSL憑證(XAMPP)

為了驗證域名是否為你所有,要選擇一個信箱寄送驗證碼

在Apache上設定安裝SSL憑證(XAMPP)

將信件中的驗證碼輸入後送出!驗證成功!

在Apache上設定安裝SSL憑證(XAMPP)

之後會收到一封信 Your PositiveSSL Certificate for blog.hahasmile.com

信件中有兩個檔案

  • ssl_xxx.crt
  • ssl_xxx.ca-bundle

將兩個檔案複製到\xampp\apache\conf\ssl.crt

並將先前產生的myserver.key複製到\xampp\apache\conf\ssl.key

 

編輯httpd-ssl.conf,開啟443port

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443

編輯httpd.conf,加入網站

NameVirtualHost *:443

<VirtualHost *:443>
ServerName xxx.yourname.com
DocumentRoot "E:/xampp/htdocs/web/xxx"
SSLEngine on
SSLCertificateFile "E:/xampp/apache/conf/ssl.crt/ssl_xxx.crt"
SSLCertificateKeyFile "E:/xampp/apache/conf/ssl.key/myserver.key"
SSLCertificateChainFile "E:/xampp/apache/conf/ssl.crt/ssl_xxx.ca-bundle"
</VirtualHost>

主機記得也要開啟443port對外開放

重新啟動Apache,連上網站,成功設定SSL!出現綠色鎖頭!

在Apache上設定安裝SSL憑證(XAMPP)

設定htaccess檔,讓http自動轉址到https

可參考我先前寫的這篇文章

 

參考資料:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1/19/csr-generation-using-openssl-apache-wmod_ssl-nginx-os-x
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/37/certificate-installation-apache--mod_ssl

分享...在Apache上設定安裝SSL憑證(XAMPP)0在Apache上設定安裝SSL憑證(XAMPP)0
0 回復

發表評論

想要留言嗎?
歡迎歡迎!

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *