Apache 2.4 – Konfigurace HTTPS

1. Vytvořit adresář pro certifikáty

C:\Apache24>md cert
C:\Apache24>cd cert

2. Vytvořit konfigurační souboy:

C:\Apache24\cert\PosmuraCA.cnf

[ req ]
distinguished_name = req_distinguished_name
x509_extensions = root_ca

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64

[ root_ca ]
basicConstraints = critical, CA:true

C:\Apache24\cert\PosmuraLocalhost.ext

subjectAltName = @alt_names
extendedKeyUsage = serverAuth

[alt_names]
DNS.1 = localhost
DNS.2 = localhost.posmura.cz

3. Vytvořit soubory s certifikáty

C:\Apache24\cert>..\bin\openssl req -x509 -newkey rsa:2048 -out PosmuraCA.cer -outform PEM -keyout PosmuraCA.pvk -days 10000 -verbose -config PosmuraCA.cnf -nodes -sha256 -subj „/CN=Posmura CA“
Using configuration from PosmuraCA.cnf
Generating a RSA private key
…………………………+++++
…………………………………+++++
writing new private key to ‚PosmuraCA.pvk‘
—–

C:\Apache24\cert>

C:\Apache24\cert>..\bin\openssl req -newkey rsa:2048 -keyout PosmuraLocalhost.pvk -out PosmuraLocalhost.req -subj /CN=localhost -sha256 -nodes
Generating a RSA private key
…..+++++
..+++++
writing new private key to ‚PosmuraLocalhost.pvk‘
—–

C:\Apache24\cert>

C:\Apache24\cert>..\bin\openssl x509 -req -CA PosmuraCA.cer -CAkey PosmuraCA.pvk -in PosmuraLocalhost.req -out PosmuraLocalhost.cer -days 10000 -extfile PosmuraLocalhost.ext -sha256 -set_serial 0x1111
Signature ok
subject=CN = localhost
Getting CA Private Key

C:\Apache24\cert>

4. Výpis složky cert

C:\Apache24\cert>tree /f
Folder PATH listing
Volume serial number is 9A8E-589E
C:.
    PosmuraCA.cer
    PosmuraCA.cnf
    PosmuraCA.pvk
    PosmuraLocalhost.cer
    PosmuraLocalhost.ext
    PosmuraLocalhost.pvk
    PosmuraLocalhost.req

No subfolders exist

5. Importovat certifikáty

• PosmuraCA.cer – vybrat úložiště pro důvěryhodné kořenové certifikační autority
• PosmuraLocalhost.cer – automaticky vybrat úložiště na základě typu certifikátu (ostatní uživatelé)

6. Konfigurace conf\httpd.conf

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
<IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    Include conf/extra/httpd-ssl.conf
</IfModule>

7. Konfigurace conf\extra\httpd-ssl.conf

SSLSessionCache „shmcb:${SRVROOT}/logs/ssl_scache(512000)„
SSLSessionCacheTimeout 300

<VirtualHost _default_:443>
…
SSLCertificateFile „${SRVROOT}/cert/PosmuraLocalhost.cer“
SSLCertificateKeyFile „${SRVROOT}/cert/PosmuraLocalhost.pvk“
…
</VirtualHost>

8. Příklad konfigurace virtuálního serveru

### PROJEKT # HTTPS ########################################################
Listen 4431
<VirtualHost *:4431>
   ServerName localhost:4431
   ServerAdmin admin@projekt.neco
   DocumentRoot „c:\App\Home\projekt“
   <Directory „c:\App\Home\projekt“>
     DirectoryIndex index.php
     AllowOverride All
     Require all granted
   </Directory>
   SSLEngine on
   SSLCertificateFile „${SRVROOT}/cert/PosmuraLocalhost.cer“
   SSLCertificateKeyFile „${SRVROOT}/cert/PosmuraLocalhost.pvk“
   <FilesMatch „\.(cgi|shtml|phtml|php)$“>
     SSLOptions +StdEnvVars
   </FilesMatch>
   <Directory „${SRVROOT}/cgi-bin“>
     SSLOptions +StdEnvVars
   </Directory>
   BrowserMatch „MSIE [2-5]“ nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
   ErrorLog ${APACHE_LOG_DIR}/error-4431.log
   CustomLog ${APACHE_LOG_DIR}/access-4431.log combined
</VirtualHost>

Viz: ssl – How do I allow HTTPS for Apache on localhost? – Stack Overflow