1 基础 (可选)
- 编辑APACHE_HOME/conf/httpd.conf中的以下directives和tags,
ServerRoot, ServerAdmin, ServerName, DocumentRoot,
<Directory %DocumentRoot%>, DirectoryIndex, ScriptAlias /cgi-bin/,
<Directory %cgi-bin%>
- 去掉以下语句的注释,
Include conf/extra/httpd-manual.conf
2 生成RSA密钥 (private key)
下面两个命令都可以生成密钥,
openssl genrsa -des3 -out server.key
openssl genrsa -out server.key
-des3选项可以加密生成的密钥, 但是Win32平台不支持加密密钥,启动Apache时会产生以下错误信息, "SSLPassPhraseDialog builtin is not supported on Win32"
3 生成自签署证书 (self-signed certificate)
在OpenSSL源码的"openssl\apps"目录可以找到openssl.cnf (OpenSSL配置文件).
openssl req -config openssl.cnf -new -x509 -key server.key -out
server.crt -days 365
4 编辑APACHE_HOME/conf/httpd.conf
去掉以下语句的注释,
Include conf/extra/httpd-ssl.conf
5 编辑 conf/extra/httpd-ssl.conf
- 把SSLMutex标签的值改为default
- 编辑以下directives(可选),
DocumentRoot, ServerName, ServerAdmin, ErrorLog, TransferLog,
SSLCertificateFile, SSLCertificateKeyFile