SSL
SSL certificate establishes an SSL secure channel between the client browser and the Web server (Secure socket layer (SSL) security protocol is designed and developed by Netscape Communication Company. This security protocol is mainly used to provide user and server Authentication; encrypting and hiding the transmitted data; ensuring that the data is not changed during transmission, that is, data integrity, has now become a global standard in this field. Since SSL technology has been established in all major browsers and WEB server program, therefore, you only need to install the server certificate to activate this function). That is, it can activate the SSL protocol, realize encrypted transmission of data information between the client and the server, and prevent the leakage of data information. This ensures the security of information transmitted by both parties, and the user can verify whether the website he is visiting is authentic and reliable through the server certificate.
Secure Sockets Layer (SSL) technology protects your website security by encrypting information and providing authentication. An SSL certificate includes a public key and a private key. The public key is used to encrypt information, and the private key is used to decrypt the encrypted information. When a browser points to a secure domain, SSL syncs the server and client and creates an encryption method and a unique session key. They can initiate a secure session that guarantees the privacy and integrity of messages.
First of all, you must have a master certificate, and then use the master certificate to issue the server certificate and client certificate. The server certificate and client certificate are in a horizontal relationship. The certificate used by SSL can be generated by yourself or through a commercial CA (such as Verisign or Thawte) signed certificate. Issues with issuing certificates: If you are using a commercial certificate, please check the instructions of the relevant seller for the specific signing method; if it is a certificate issued by a close friend, you can use the CA.sh script tool that comes with openssl. If a certificate is not issued for a separate client, the client certificate does not need to be generated. The client and server use the same certificate.
Configuration process
Step 1: Install apache to support SSL, and install php
1. Install apache with SSL module, apache_2.2.8-win32-x86-openssl-0.9.8g
2. Configuration apache to support SSL:
1) Open the apache configuration file conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.conf
Remove the #
2) Pay attention to modifying the two fields in the httpd-ssl.conf file:
SSLCertificateFile "C:/Apache2.2/conf/server.crt" SSLCertificateKeyFile "C:/Apache2.2/conf/server.key"
3 .Install php, integrate apache and php (omitted)
Step 2: Generate certificate and private key files for the website server
1. Generate the server’s private key
Enter the command line:
D:\local\apache2\bin\openssl genrsa -out server.key 1024
Generate a in the current directory server.key generates a signing application
2. Generates a signing application
D:\local\apache2\bin>openssl req -new –out server.csr -key server.key -config ..\conf\openssl.cnf
At this time, the signing file server.csr is generated.
An error may be reported: Unable to locate the ordinal number xxx in the dynamic link library libeay32.dll. Solution: Copy the libeay32.dll file in the bin directory of apache to c:windowssystem32.
Step 3: Sign the certificate for the website server through the CA
1. Generate the CA private key
D:\local\apache2\bin\openssl genrsa -out ca.key 1024
Add the ca.key file
2. Use the CA’s private key to generate the CA’s self-signed certificate
D:\local\apache2\bin\openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ..\conf\openssl.cnf
Required at this time Enter some information. Note that Common Name is the server domain name. If it is on this machine, it is the local IP.
3.CA signs the certificate for the website server
D:\local\apache2\bin\openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf
But an error will be reported at this time, so demoCA is created in the current directory, and the following files are created in it, index.txt, serial:serial content is 01, others are empty, and the folder newcert .Execute it again to generate the server.crt file
Step 4: Copy server.crt, server.key to the conf folder of apache, restart apache
Step 5: Configure windows
Open C: WINDOWSsystem32driversetc etc file:
Modify to:
127.0.0.1 localhost 127.0.0.1 www.icultivator.com
Step 6:
Create the site under apache. Visit
https://www.icultivator.com