Apache 2.4 – Konfigurace HTTPS
1. Vytvořit adresář pro certifikáty
C:\Apache24>md cert
C:\Apache24>cd cert
2. Vytvořit konfigurační souboy:
C:\Apache24\cert\PosmuraCA.cnf
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = root_ca
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ root_ca ]
basicConstraints = critical, CA:true
C:\Apache24\cert\PosmuraLocalhost.ext
subjectAltName = @alt_names
extendedKeyUsage = serverAuth
[alt_names]
DNS.1 = localhost
DNS.2 = localhost.posmura.cz
3. Vytvořit soubory s certifikáty
C:\Apache24\cert>..\bin\openssl req -x509 -newkey rsa:2048 -out PosmuraCA.cer -outform PEM -keyout PosmuraCA.pvk -days 10000 -verbose -config PosmuraCA.cnf -nodes -sha256 -subj „/CN=Posmura CA“
Using configuration from PosmuraCA.cnf
Generating a RSA private key
…………………………+++++
…………………………………+++++
writing new private key to ‚PosmuraCA.pvk‘
—–
C:\Apache24\cert>
C:\Apache24\cert>..\bin\openssl req -newkey rsa:2048 -keyout PosmuraLocalhost.pvk -out PosmuraLocalhost.req -subj /CN=localhost -sha256 -nodes
Generating a RSA private key
…..+++++
..+++++
writing new private key to ‚PosmuraLocalhost.pvk‘
—–
C:\Apache24\cert>
C:\Apache24\cert>..\bin\openssl x509 -req -CA PosmuraCA.cer -CAkey PosmuraCA.pvk -in PosmuraLocalhost.req -out PosmuraLocalhost.cer -days 10000 -extfile PosmuraLocalhost.ext -sha256 -set_serial 0x1111
Signature ok
subject=CN = localhost
Getting CA Private Key
C:\Apache24\cert>
4. Výpis složky cert
C:\Apache24\cert>tree /f
Folder PATH listing
Volume serial number is 9A8E-589E
C:.
PosmuraCA.cer
PosmuraCA.cnf
PosmuraCA.pvk
PosmuraLocalhost.cer
PosmuraLocalhost.ext
PosmuraLocalhost.pvk
PosmuraLocalhost.req
No subfolders exist
5. Importovat certifikáty
- PosmuraCA.cer – vybrat úložiště pro důvěryhodné kořenové certifikační autority
- PosmuraLocalhost.cer – automaticky vybrat úložiště na základě typu certifikátu (ostatní uživatelé)
6. Konfigurace conf\httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/extra/httpd-ssl.conf
</IfModule>
7. Konfigurace conf\extra\httpd-ssl.conf
SSLSessionCache „shmcb:${SRVROOT}/logs/ssl_scache(512000)„
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
…
SSLCertificateFile „${SRVROOT}/cert/PosmuraLocalhost.cer“
SSLCertificateKeyFile „${SRVROOT}/cert/PosmuraLocalhost.pvk“
…
</VirtualHost>
8. Příklad konfigurace virtuálního serveru
### PROJEKT # HTTPS ########################################################
Listen 4431
<VirtualHost *:4431>
ServerName localhost:4431
ServerAdmin admin@projekt.neco
DocumentRoot „c:\App\Home\projekt“
<Directory „c:\App\Home\projekt“>
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile „${SRVROOT}/cert/PosmuraLocalhost.cer“
SSLCertificateKeyFile „${SRVROOT}/cert/PosmuraLocalhost.pvk“
<FilesMatch „\.(cgi|shtml|phtml|php)$“>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory „${SRVROOT}/cgi-bin“>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch „MSIE [2-5]“ nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
ErrorLog ${APACHE_LOG_DIR}/error-4431.log
CustomLog ${APACHE_LOG_DIR}/access-4431.log combined
</VirtualHost>
Viz: ssl – How do I allow HTTPS for Apache on localhost? – Stack Overflow