Apache做双向认证
2015-07-21 10:50
621 查看
一、放开/Apache/conf/htppd.conf中
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf 前面的注释
二、修改\Apache2.2\conf\extra下的httpd-ssl.conf
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile "C:/cert/server.crt"
#SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-dsa.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile "C:/cert/server.key"
#SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-dsa.key"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
SSLCertificateChainFile "C:/cert/ca.crt"
#SSLCertificateChainFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-ca.crt"
其中
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
SSLVerifyClient require
#SSLVerifyDepth 10
取消注释表示双向认证
配置客户端认证证书
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
SSLCACertificatePath "C:/cert"
SSLCACertificateFile "C:/cert/yanzheng.crt"
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf 前面的注释
二、修改\Apache2.2\conf\extra下的httpd-ssl.conf
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile "C:/cert/server.crt"
#SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-dsa.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile "C:/cert/server.key"
#SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-dsa.key"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
SSLCertificateChainFile "C:/cert/ca.crt"
#SSLCertificateChainFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server-ca.crt"
其中
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
SSLVerifyClient require
#SSLVerifyDepth 10
取消注释表示双向认证
配置客户端认证证书
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
SSLCACertificatePath "C:/cert"
SSLCACertificateFile "C:/cert/yanzheng.crt"
相关文章推荐
- Apache Cordova
- Visual Studio 2015 和 Apache Cordova
- 在 Apache error_log 中看到多个信息,提示 RSA server certificate CommonName (CN) 与服务器名不匹配(转)
- Apache Cordova介绍
- Apache 配置
- 我的Apache安全加固
- linux下apache绑定多个域名
- Commons DbUtils
- Apache BeanUtils 拷贝属性的实现
- Ubuntu 搭建LAMP开发环境
- 【linux】ubuntu14.04安装apache-maven-3.3.3
- Apache Shiro 使用手册(五)Shiro 配置说明
- Apache Shiro 使用手册(四)Realm 实现
- Apache Shiro 使用手册(三)Shiro 授权
- Apache Shiro 使用手册(二)Shiro 认证
- Apache Shiro 使用手册(一)Shiro架构介绍
- org.apache.catalina.core.StandardContext startInternal SEVERE: Error listenerStart
- apache启动时80端口占用的解决方法
- Apache 安装过程中 Cannot use an external APR with the bundled APR-util 错误
- Linux下源码包安装Apache+Mysql+Php