本地apache配置https访问

[clms2]

1. httpd.conf: 打开mod_ssl.so、httpd-mpm.conf、httpd-ssl.conf、mod_socache_shmcb.so`的注释
2. httpd-ssl.conf: 打开SSLCertificateFile、SSLCertificateKeyFile、SSLCACertificateFile、SSLVerifyClient、SSLVerifyDepth
3. 生成证书：dos进入到apache的bin目录, a. set OPENSSL_CONF=../conf/openssl.cnf b. openssl genrsa -out server.key 2048 c. openssl req -new -key server.key -out server.csr -sha256 -config ../conf/openssl.cnf d. openssl genrsa -out client.key 2048 e. openssl req -new -key client.key -out client.csr -sha256 -config ../conf/openssl.cnf f. openssl req -new -x509 -keyout ca.key -out ca.crt -sha256 -config ../conf/openssl.cnf
4. bin目录新建demoCA文件夹,新建demoCA/newcerts、demoCA/index.txt、demoCA/serial并输入01保存
5. openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../conf/openssl.cnf
6. openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config ../conf/openssl.cnf
7. openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.pfx,找到ie浏览器的证书选项，导入该文件
8. openssl rsa -in server.key -out server.key,把该文件和server.crt复制到../conf目录
9. demoCA/index.txt.attr,修改unique_subject为no

报错

1. httpd: Could not reliably determine the server's fully qualified domain name: 修改httpd.conf,打开ServerName的注释，ServerName localhost:80

[clms2]

todo -sha256不会生成sha256证书