当前位置: 文江博客话题详情

如何安装:OpenSSL +瓦姆普

发布于 2025-01-06 14:08:24 字数 119 浏览 0 评论 0原文

这里有人有关于如何在我的本地开发计算机上获取 SSL 的清晰详细的步骤吗?我已在 c:\wamp 上安装了最新版本的 WAMP (2.2c)。我在网上找到的说明在大多数情况下似乎已经过时,并且缺乏正确完成工作所需的详细信息。

原文

Does anyone here have clear and detailed steps on how to get SSL on my local development machine? I've installed the latest version of WAMP (2.2c) on c:\wamp. The instructions I find on the net seem to be outdated in most cases and lacking the details I need to get things done right.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

森末i 2025-01-13 14:08:25

指南:WampServer 2.5 中的 Openssl

先决条件:通常不需要安装 openssl(它与 Wamp 捆绑在一起)。例如,Apache 2.4.9 包括 1.0.1g。

系统变量

  • 打开Windows系统面板(“WIN+Q”搜索:system)>高级系统设置>高级>环境变量
  • 在系统变量中添加一个名为 OPENSSL_CONF 的新条目,其值为 openssl.cnf 的路径(通常类似于 C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf)

openssl 文件夹结构

  • 在 C:\wamp\bin\apache\apache#.#.#\conf 中创建以下文件夹结构:

    <前>..
    演示CA
    |-----证书
    |-----crl
    |-----新证书
    |-----私人

配置 openssl.cnf

  • 我遵循 Neil C. Obremski 建议并清除了以下默认值:
    • countryName_default(原为“AU”)
    • stateOrProvinceName_default(原为“Some-State”)
    • 0.organizationName_default(原“Internet Widgits Pty Ltd”)
    • organizationalUnitName_default(已为空)

创建证书

  • < p>从命令行浏览到 C:\wamp\bin\apache\apache#.#.#\bin\ 并调用“openssl req -new -out cacert.csr -keyout cacert.pem”。如果出现提示,请输入密码,然后输入如下所示的 DN 信息。

    将“屏幕”加载到随机状态 - 完成
生成 1024 位 RSA 私钥
......................++++++
....++++++
将新私钥写入“cacert.pem”
输入 PEM 密码:my_secret_pass
验证 - 输入 PEM 密码:my_secret_pass
`-----
系统将要求您输入将要合并的信息
进入您的证书请求。
您要输入的是所谓的专有名称或 DN。
有很多字段,但您可以留空
对于某些字段会有默认值,
如果输入“.”,该字段将留空。
`-----
国家/地区名称(2 个字母代码)[]:
州或省名称(全名)[]:
地点名称(例如城市)[]:
组织名称(例如公司)[]:
组织单位名称(例如部门)[]:
通用名称(例如服务器 FQDN 或您的名称)[]:local
电子邮件地址[]:

请输入以下“额外”属性
与您的证书请求一起发送
【挑战密码】:
可选的公司名称[]:

C:\wamp\bin\apache\apache2.4.9\bin>

  • 现在在同一个控制台窗口中使用“openssl rsa -in cacert.pem -out cacert.key”,如果要求输入之前输入的密码。

    输入 cacert.pem 的密码:my_secret_pass
写入 RSA 密钥

  • 删除 C:\wamp\bin\apache\apache2.4.9\bin 中的“.rnd”文件

  • 仍然在同一个窗口中调用“openssl x509 -in cacert.csr -out cacert.cert -req -signkey cacert.key -days 365”。如果您遇到以下错误“无法写入‘随机状态’”。 这是一个已知错误!要解决此问题,请调用“set RANDFILE=.rnd”并重试上一个命令。

恭喜您现在是自签名证书的所有者!

我已经根据此 站点

  • cacert.pem,cacert.key in C:\wamp\bin\apache\apache#.#.#\conf\demoCA\private
  • cacert.cert, cacert.csr 在 C:\wamp\bin\apache\apache#.#.#\conf\demoCA\certs

在 httpd.conf 中启用 SLL(搜索“#Ininclude conf/extra/httpd-ssl.conf”)+更改 httpd-ssl.conf 中的以下条目:

SSLSessionCache        "shmcb:C:/wamp/logs/ssl_scache(512000)"
DocumentRoot "C:/wamp/www"
#ErrorLog
#TransferLog
SSLCertificateFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/certs/cacert.cert"
SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/private/cacert.key"
CustomLog "C:/wamp/logs/ssl_request.log" \

现在通过调用 httpd 来测试您的 Apache 安装-t。
如果您收到以下错误“SSLSessionCache:不支持'shmcb'会话缓存(已知名称:)。也许您需要加载适当的socache模块(mod_socache_shmcb?)。”在 httpd.conf 中启用以下条目“LoadModule socache_shmcb_modulemodules/mod_socache_shmcb.so”

Wamp 现在配置了 https 支持:-)

我还使用 httpd.conf 中的以下配置启用了“LoadModule status_modulemodules/mod_status.so”:

<IfModule status_module>

ExtendedStatus On
<Location /server-status>
    SetHandler server-status
</Location>

</IfModule>

您现在可以在此处检查服务器状态

https://localhost/server-status/

Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12 Server在本地主机端口 443

注释

  • 我在尝试让它在我的机器上工作时做了这个教程(这是我第一次尝试在 windows/wamp 上使用 OpenSSL)。
  • 本指南不适用于生产系统!
  • 您可能需要根据您的 openssl.cnf 更改一些内容,例如名称。
  • 我的目的不是制作最好的教程,而是简单地记下使 SSL 在 WAMP 中工作所需的所有更改。
  • 确保为您的 x509 证书设置正确的天数
  • 我终于知道为什么 NSA 可以通过如此复杂的过程轻松侵入服务器了 :D
  • 由于 Wamp 将 apache 与 OpenSSL 捆绑在一起,因此单独安装它可能会更好?

Guide: Openssl in WampServer 2.5

Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance.

System-Variable:

  • Open the Windows System panel ("WIN+Q" Search: system) > Advanced System Settings > Advanced > Environment variables
  • Add a new entry in system variables with name OPENSSL_CONF and its value being the path to openssl.cnf (usually somethings like C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf)

openssl folder structure:

  • In C:\wamp\bin\apache\apache#.#.#\conf create the following folder structure:

    ..
demoCA
|-----certs
|-----crl
|-----newcerts
|-----private

Configuring openssl.cnf:

  • I've followed Neil C. Obremski advice and cleared the following defaults:
    • countryName_default (was "AU")
    • stateOrProvinceName_default (was "Some-State")
    • 0.organizationName_default (was "Internet Widgits Pty Ltd")
    • organizationalUnitName_default (was already empty)

Creating the certificate:

  • From command line browse to C:\wamp\bin\apache\apache#.#.#\bin\ and call "openssl req -new -out cacert.csr -keyout cacert.pem". If prompted enter a password and after that the DN informations like below.

    Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.......................++++++
....++++++
writing new private key to 'cacert.pem'
Enter PEM pass phrase: my_secret_pass
Verifying - Enter PEM pass phrase: my_secret_pass
`-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
`-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:local
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

C:\wamp\bin\apache\apache2.4.9\bin>

  • In the same console window now use "openssl rsa -in cacert.pem -out cacert.key" and if asked enter the password previously entered.

    Enter pass phrase for cacert.pem: my_secret_pass
writing RSA key

  • Remove the ".rnd" file in C:\wamp\bin\apache\apache2.4.9\bin

  • Still in the same window call "openssl x509 -in cacert.csr -out cacert.cert -req -signkey cacert.key -days 365". If you experience the following error "unable to write 'random state'". This is a known bug! To workaround this call "set RANDFILE=.rnd" and retry the previous command.

Congrats you are now the owner of a self signed certificate!

I've placed the built files (they are currently in bin folder) according this Site:

  • cacert.pem, cacert.key in C:\wamp\bin\apache\apache#.#.#\conf\demoCA\private
  • cacert.cert, cacert.csr in C:\wamp\bin\apache\apache#.#.#\conf\demoCA\certs

In httpd.conf enable SLL (search for "#Include conf/extra/httpd-ssl.conf") + alter the following entries in httpd-ssl.conf:

SSLSessionCache        "shmcb:C:/wamp/logs/ssl_scache(512000)"
DocumentRoot "C:/wamp/www"
#ErrorLog
#TransferLog
SSLCertificateFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/certs/cacert.cert"
SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/private/cacert.key"
CustomLog "C:/wamp/logs/ssl_request.log" \

Now test your Apache installation by calling httpd -t.
If you get the following error "SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)." enable the following entry "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" in httpd.conf

Wamp is now configured with https support :-)

I've also enabled "LoadModule status_module modules/mod_status.so" using the following configuration in httpd.conf:

<IfModule status_module>

ExtendedStatus On
<Location /server-status>
    SetHandler server-status
</Location>

</IfModule>

You can check now your server status here

https://localhost/server-status/

Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12 Server at localhost Port 443

Notes:

  • I've made this tute while trying to get it working on my machine (this was my first attempt in using OpenSSL on windows/wamp).
  • This guide is not meant for production systems!
  • You might have to change a few things like names depending on your openssl.cnf
  • My intention was not to make the best tutorial around but instead to simply note all required changes to get SSL working in WAMP.
  • Make sure to set the right -days amount for your x509 certificate
  • I finally know why NSA can easily break into servers with such a complex process :D
  • Since Wamp bundles apache together with OpenSSL it might be better to separately install it??
回复 原文
抽个烟儿 2025-01-13 14:08:25

我安装了 WAMP 2.2E。

我遇到了同样的问题,经过大约一个小时的互联网搜索并尝试了各种方法后,我偶然发现可以通过以下方式启用 openssl

  • 单击 WAMP 图标< /strong> 在系统托盘中,
  • 将鼠标悬停在"PHP"上,
  • 然后"PHP扩展"
  • 然后仔细查找"php_openssl"长长的名单扩展。

I have WAMP 2.2E installed.

I ran into the same problem, and after about an hour of searching the internet and trying all sorts of things, I stumbled into discovering that openssl can be enabled by:

  • Clicking on the WAMP icon in the system tray,
  • Hovering on "PHP",
  • Then "PHP extensions",
  • Then looking very carefully for "php_openssl" in the long list of extensions.
回复 原文
网名女生简单气质 2025-01-13 14:08:25

在遵循 KAGRAN22 的出色说明之后,我遇到了 2 个错误:

AH00526: Syntax error on line 48 of     C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

取消注释此行可以解决该错误

LoadModule ssl_module modules/mod_ssl.so

通过在 httpd.conf 中 。

接下来我得到了这个:

AH00526: Syntax error on line 74 of C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

这是通过在 httpd.conf 中取消注释这一行来解决的

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

之后一切都应该有效。

After following the excellent instructions from KAGRAN22, I ran into 2 errors:

AH00526: Syntax error on line 48 of     C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

That error is resolved by uncommenting this line

LoadModule ssl_module modules/mod_ssl.so

in httpd.conf.

Next I got this:

AH00526: Syntax error on line 74 of C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

Which is resolved by uncommenting this line

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

in httpd.conf.

It should all work after that.

回复 原文
往昔成烟 2025-01-13 14:08:25

事实:
不可能在 WampServer 版本 2.4 上配置 SSL,至少在合理的时间内是不可能的。
正常人不应该对处理这个感兴趣,因为这既不实际也不正常的做事方式。
Wamp 上的 SSL 基本上是 SM 机器,因此如果您有一些受虐需求,请继续执行此操作。

Facts:
It is not possible to configure SSL on WampServer Version 2.4 at least not in reasonable amount of time.
Normal person shouldn't be interested in dealing with this, because this is not practical nor normal way to do things.
SSL on Wamp is basicaly SM machine so if you have some masochistic needs please proceed with this.

回复 原文
~没有更多了~

关于作者

那请放手

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

微信用户

文章 0 评论 0

小情绪

文章 0 评论 0

追我者格杀勿论

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

笨死的猪

文章 0 评论 0

彭明超

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文