STEP BY STEP tutorial

一步一步的教程

Copied from the link:

复制自链接：

Enabling SSL on WAMP

在 WAMP 上启用 SSL

This step by step guide explains how you can enble SSL on WAMP.

本分步指南解释了如何在 WAMP 上启用 SSL。

1. Download WampServer 2.0 from hereand install it to the default location (c:\wamp).

2. Now, we need to have a private/public key pair as well as a CA to sign our public key.

1. 从此处下载 WampServer 2.0并将其安装到默认位置 (c:\wamp)。

2. 现在，我们需要一个私钥/公钥对以及一个 CA 来签署我们的公钥。

First, lets see how we can create a private/public key pair.

首先，让我们看看如何创建私钥/公钥对。

keytool -genkey -alias rpcert -keyalg RSA -keysize 1024 -dname "CN=identity-rp,L=SL,S=WS,C=LK" -keypass wso2key -keystore rpkeystore.jks -storepass wso2key

This will create a keystore [rpkeystore.jks] with public/private key pair.

这将创建一个带有公钥/私钥对的密钥库 [rpkeystore.jks]。

My previous postexplains how you can export your private key from the keystore. Just follow the steps given there and you'll end up with a file server.key, which is your private key.

我之前的帖子解释了如何从密钥库中导出您的私钥。只需按照那里给出的步骤操作，您就会得到一个文件 server.key，它是您的私钥。

Now, we need to sign our public certificate with a CA.

现在，我们需要使用 CA 签署我们的公共证书。

This - requires us to create a sample CA and following explains how to do that.

这 - 需要我们创建一个示例 CA，下面解释了如何做到这一点。

Here we use OpenSSL to build the required CA infrastructure. For Windows you can download Win32 OpenSSL v0.9.8g from here.

这里我们使用 OpenSSL 来构建所需的 CA 基础设施。对于 Windows，您可以从这里下载 Win32 OpenSSL v0.9.8g 。

Once installed make sure you add C:\OpenSSL\bin [i.e [INSTALLED_LOCATION]\bin]to the PATH env variable.

安装后，请确保添加C:\OpenSSL\bin [i.e [INSTALLED_LOCATION]\bin]到 PATH 环境变量。

openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.crt

The above will creare a public/private key pair for our sample CA.

以上将为我们的示例 CA 创建一个公钥/私钥对。

Now, we need to create a certificate signing request to our server.

现在，我们需要向我们的服务器创建一个证书签名请求。

Go to the folder where you created the keystore [rpkeystore.jks] and issue the following command.

转到您创建密钥库 [rpkeystore.jks] 的文件夹并发出以下命令。

keytool -certreq -v -alias rpcert -file csr.pem -keypass wso2key -storepass wso2key -keystore rpkeystore.jks 

Now copy the csr.pem to the folder where you generated keys for the CA and issue the following command from there.

现在将 csr.pem 复制到您为 CA 生成密钥的文件夹，并从那里发出以下命令。

openssl x509 -req -days 365 -in csr.pem -CA cacert.crt -CAkey cakey.pem -CAcreateserial -out server.crt

By now we have all the requiured files.

到目前为止，我们已经拥有了所有必需的文件。

cacert.crt --> CA public certificate server.crt --> Server public certificate signed by the CA server.key --> Server private key.

cacert.crt --> CA 公证书 server.crt --> CA server.key 签名的服务器公证书 --> 服务器私钥。

Copy all the above three files to c:\wamp\bin\apache\apache2.2.8\confassuming you installed WAMP to the default location.

c:\wamp\bin\apache\apache2.2.8\conf假设您将 WAMP 安装到默认位置，请复制以上三个文件。

Also edit c:\WINDOWS\system32\drivers\etc\hosts file and add the following entry.

同时编辑 c:\WINDOWS\system32\drivers\etc\hosts 文件并添加以下条目。

127.0.0.1 identity-rp

If you could recall, when we creating the public certificate for our server, we created it for identity-rp.

如果您还记得，当我们为我们的服务器创建公共证书时，我们为 identity-rp 创建了它。

1. Edit httpd.conf [C:\wamp\bin\apache\apache2.2.8\conf]

1. 编辑 httpd.conf [C:\wamp\bin\apache\apache2.2.8\conf]

Uncomment the following two lines.

取消注释以下两行。

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Find Listen 80 and change it to Listen 12081 - that is our server is running on port number 12081.

找到 Listen 80 并将其更改为 Listen 12081 - 即我们的服务器在端口号 12081 上运行。

Find ServerName and set it to ServerName identity-rp:12081.

找到 ServerName 并将其设置为 ServerName identity-rp:12081。

1. Edit httpd-ssl.conf [C:\wamp\bin\apache\apache2.2.8\conf\extra]

   Set Listen identity-rp:12444 - we are listening to port 12444 for secure communication.

   Set

   Set DocumentRoot "C:/wamp/www/"

   Set ServerName identity-rp:12444

1. 编辑 httpd-ssl.conf [C:\wamp\bin\apache\apache2.2.8\conf\extra]

   设置 Listen identity-rp:12444 - 我们正在侦听端口 12444 以进行安全通信。

   放

   设置 DocumentRoot "C:/wamp/www/"

   设置 ServerName 身份-rp:12444

For the entire file find "C:/Program Files/Apache Software Foundation/Apache2.2" and replace with "C:/wamp/bin/apache/apache2.2.8".

对于整个文件，找到“C:/Program Files/Apache Software Foundation/Apache2.2”并替换为“C:/wamp/bin/apache/apache2.2.8”。

Find SSLCertificateFile and set SSLCertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/server.crt"

找到 SSLCertificateFile 并设置 SSLCertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/server.crt"

Find SSLCertificateKeyFile and set SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.2.8/conf/server.key"

找到 SSLCertificateKeyFile 并设置 SSLCertificateKeyFile "C:/wamp/bin/apache/apache2.2.8/conf/server.key"

Find SSLCACertificateFile and set SSLCACertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt"

找到 SSLCACertificateFile 并设置 SSLCACertificateFile "C:/wamp/bin/apache/apache2.2.8/conf/cacert.crt"

1. Edit php.ini (C:\wamp\bin\apache\apache2.2.8\bin)

1. 编辑 php.ini (C:\wamp\bin\apache\apache2.2.8\bin)

Uncomment the line extension=php_openssl.dll

取消注释该行 extension=php_openssl.dll

1. Now we are done - do a syntax check and start the apache server.

   :> cd C:\wamp\bin\apache\apache2.2.8\bin :> httpd -t :> httpd --start

2. Type https://identity-rp:12444on your browser - you'll see a certificate error at the brower - to avoid it install CA certificate in your browser.

1. 现在我们完成了 - 进行语法检查并启动 apache 服务器。

   :> cd C:\wamp\bin\apache\apache2.2.8\bin :> httpd -t :> httpd --start

2. 键入https://identity-rp:12444您的浏览器-你会在布劳尔看到证书错误-避免它安装CA证书在浏览器中。

The easy way for local host SSL / HTTPS communication (NOTE: THIS IS UNSAFE FOR EVERYTHING EXCEPT LOCAL HOST ON TRUSTED NETWORK):

本地主机 SSL / HTTPS 通信的简单方法（注意：这对除受信任网络上的本地主机外的一切都是不安全的）：

Go save the following as c:/wamp/bin/php/php5.5.12/cacert.pemor another path of your choosing (you'll need to remember the path for the next bit)

将以下内容另存为c:/wamp/bin/php/php5.5.12/cacert.pem或您选择的其他路径（您需要记住下一位的路径）

-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIJAMoCZ6uI7u4zMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xOTA4MTIxMzM4MTBaFw0yOTA4MDkxMzM4
MTBaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK3y7R7lAlBHhoPLx2zvfv/mjSy1clk0HAaSgGDSpl6R
Qs5WrIesS3hkfEoRrWkZOx2/B6bqPbrSsoGRwFrG5Qd5P5OXGZTS51xy9z/9raa7
sDH++z7UF6MvF0oATjGOjpIEtmMZMd+oePGghGrilNxE7sJBd8Y5tyMyhf2azk2B
euRJoerhOot8QRkSYqqsUcfOp7K18LGmPKPUkc6guJsv/86GfXZrkQIudlkyvDsk
sIXIj5wvJbZIDizF4NytyuGgIJxTlRmtAgwmcq8UXdnHBZjNyvCZ7ADO+LlvEvRn
fSuDWYKs5MCcgUZkBUB2f3Quc6pCGULuK2nr+VPY0asCAwEAAaNQME4wHQYDVR0O
BBYEFBTtO54yB99DIK0n2GBVJzKvLkY8MB8GA1UdIwQYMBaAFBTtO54yB99DIK0n
2GBVJzKvLkY8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKr+ZBse
u+df6AG7qCm5NqmvxDVNloqLLIv8mQpUZrIuoWcpmFdXGcMKkpQD7B+mqxVaIfii
JGuc+tuYCcc5n4M2SBawVsLeYK4y79QU+SHYdb2z5Fk105/T/p6SV6aK4lqxvnPL
OQaOO+WHS3alITPk3tDRHJ68iR6KndXecl0hPTe7Y7e74/f94DCAeVK/QyKwkbOS
3pdA0f+AlGiTRaNjc3PFJRgNeUsvwGt0aP+MgimFSLyLpyZiXbux7OCOpKnjeWtO
B3i3in9rnNg2ArpFKQ30bojddEN87bVORJmqgX92oEpS02e1/f72w538oD+F84Uc
lKxvjPlcgIuU+sY=
-----END CERTIFICATE-----

In php.ini* un-comment and change:

在php.ini* 中取消注释并更改：

curl.cainfo = "c:/wamp/bin/php/php5.5.12/cacert.pem" 

• You can find where your php.inifile is on your machine by running php --iniin your CLI or creating a phpinfo file and loading it in browser
• I placed my cacert.pem in the same directory as php.ini for ease.
• curl.cainfo =should be set to wherever you saved your own cacert.pem

• 您可以php.ini通过php --ini在 CLI 中运行或创建一个 phpinfo 文件并将其加载到浏览器中来找到您的文件在您机器上的位置
• 为了方便起见，我将 cacert.pem 放在与 php.ini 相同的目录中。
• curl.cainfo =应该设置为您保存自己的 cacert.pem 的任何位置

Simple solution:

简单的解决方案：

The tutorials before 2018 are old and huge... However, todays, you just need simple things:

2018年之前的教程又老又大……不过，今天，你只需要简单的东西：

• Loading 2 Apache modules.
• Generating certificate
• Adding certificate in Virtual-Hosts file.

• 加载 2 个 Apache 模块。
• 生成证书
• 在虚拟主机文件中添加证书。

(You may find this articlequite helpful).

（您可能会发现这篇文章很有帮助）。