问题
Does anyone here have clear and detailed steps on how to get SSL on my local development machine? I've installed the latest version of WAMP (2.2c) on c:\wamp. The instructions I find on the net seem to be outdated in most cases and lacking the details I need to get things done right.
回答1:
Guide: Openssl in WampServer 2.5
Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance.
System-Variable:
- Open the Windows System panel ("WIN+Q" Search: system) > Advanced System Settings > Advanced > Environment variables
- Add a new entry in system variables with name OPENSSL_CONF and its value being the path to openssl.cnf (usually somethings like C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf)
openssl folder structure:
In C:\wamp\bin\apache\apache#.#.#\conf create the following folder structure:
.. demoCA |-----certs |-----crl |-----newcerts |-----private
Configuring openssl.cnf:
- I've followed Neil C. Obremski advice and cleared the following defaults:
- countryName_default (was "AU")
- stateOrProvinceName_default (was "Some-State")
- 0.organizationName_default (was "Internet Widgits Pty Ltd")
- organizationalUnitName_default (was already empty)
Creating the certificate:
From command line browse to C:\wamp\bin\apache\apache#.#.#\bin\ and call "openssl req -new -out cacert.csr -keyout cacert.pem". If prompted enter a password and after that the DN informations like below.
Loading 'screen' into random state - done Generating a 1024 bit RSA private key .......................++++++ ....++++++ writing new private key to 'cacert.pem' Enter PEM pass phrase: my_secret_pass Verifying - Enter PEM pass phrase: my_secret_pass `----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. `----- Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: C:\wamp\bin\apache\apache2.4.9\bin>
In the same console window now use "openssl rsa -in cacert.pem -out cacert.key" and if asked enter the password previously entered.
Enter pass phrase for cacert.pem: my_secret_pass writing RSA key
Remove the ".rnd" file in C:\wamp\bin\apache\apache2.4.9\bin
- Still in the same window call "openssl x509 -in cacert.csr -out cacert.cert -req -signkey cacert.key -days 365". If you experience the following error "unable to write 'random state'". This is a known bug! To workaround this call "set RANDFILE=.rnd" and retry the previous command.
Congrats you are now the owner of a self signed certificate!
I've placed the built files (they are currently in bin folder) according this Site:
- cacert.pem, cacert.key in C:\wamp\bin\apache\apache#.#.#\conf\demoCA\private
- cacert.cert, cacert.csr in C:\wamp\bin\apache\apache#.#.#\conf\demoCA\certs
In httpd.conf enable SLL (search for "#Include conf/extra/httpd-ssl.conf") + alter the following entries in httpd-ssl.conf:
SSLSessionCache "shmcb:C:/wamp/logs/ssl_scache(512000)"
DocumentRoot "C:/wamp/www"
#ErrorLog
#TransferLog
SSLCertificateFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/certs/cacert.cert"
SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.4.9/conf/demoCA/private/cacert.key"
CustomLog "C:/wamp/logs/ssl_request.log" \
Now test your Apache installation by calling httpd -t. If you get the following error "SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)." enable the following entry "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" in httpd.conf
Wamp is now configured with https support :-)
I've also enabled "LoadModule status_module modules/mod_status.so" using the following configuration in httpd.conf:
<IfModule status_module>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
</Location>
</IfModule>
You can check now your server status here
https://localhost/server-status/
Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12 Server at localhost Port 443
Notes:
- I've made this tute while trying to get it working on my machine (this was my first attempt in using OpenSSL on windows/wamp).
- This guide is not meant for production systems!
- You might have to change a few things like names depending on your openssl.cnf
- My intention was not to make the best tutorial around but instead to simply note all required changes to get SSL working in WAMP.
- Make sure to set the right -days amount for your x509 certificate
- I finally know why NSA can easily break into servers with such a complex process :D
- Since Wamp bundles apache together with OpenSSL it might be better to separately install it??
回答2:
I have WAMP 2.2E installed.
I ran into the same problem, and after about an hour of searching the internet and trying all sorts of things, I stumbled into discovering that openssl can be enabled by:
- Clicking on the WAMP icon in the system tray,
- Hovering on "PHP",
- Then "PHP extensions",
- Then looking very carefully for "php_openssl" in the long list of extensions.
回答3:
After following the excellent instructions from KAGRAN22, I ran into 2 errors:
AH00526: Syntax error on line 48 of C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
That error is resolved by uncommenting this line
LoadModule ssl_module modules/mod_ssl.so
in httpd.conf.
Next I got this:
AH00526: Syntax error on line 74 of C:/wamp64/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
Which is resolved by uncommenting this line
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
in httpd.conf.
It should all work after that.
回答4:
Facts: It is not possible to configure SSL on WampServer Version 2.4 at least not in reasonable amount of time. Normal person shouldn't be interested in dealing with this, because this is not practical nor normal way to do things. SSL on Wamp is basicaly SM machine so if you have some masochistic needs please proceed with this.
来源:https://stackoverflow.com/questions/9320529/how-to-install-openssl-wamp