The premise is that you buy the certificate first, download it, and open the certificate compression package with 3 files in total
- Certificate file: with. crt as the suffix or file type.
- Certificate chain file: with. crt as the suffix or file type.
- key file: with. key as the suffix or file type.
Create a new cert directory in the Apache installation directory, and copy the extracted Apache certificate, certificate chain file and key file to the cert directory.
If you need to install multiple certificates, you need to create a corresponding number of cert directories in the Apache directory to store different certificates.
If manual creation of CSR file is selected when applying for certificate, copy the manually generated key file to cert directory and name it domain name.key.
In the Apache installation directory, open the Apache/conf/httpd.conf file, find the following parameters, and configure according to the notes below
#Loadmodule SSL ﹣ module modules / module ﹣ ssl.so ᦇ delete the comment symbol of configuration statement at the beginning of line ᦇ "load module ﹣ ssl.so to enable SSL service. Apache does not enable this module by default. If the configuration cannot be found, recompile the mod_ssl module. #Include conf/extra/httpd-ssl.conf ා delete the configuration statement comment symbol "ා" at the beginning of the line.
Save httpd.conf file and exit
Open the Apache/conf/extra/httpd-ssl.conf file and locate the following parameters. Follow the comments below to configure.
Absolute path is recommended for certificate path.
Depending on the operating system, the http-ssl.conf file may also be stored in the conf.d/ssl.conf directory.
<VirtualHost *:443> ServerName #Modify to the domain name www.YourDomainName1.com bound when applying for certificate. DocumentRoot "D:/phpStudy/WWW/yg" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 # Add SSL protocol support protocol and remove the insecure protocol. SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM # Modify the encryption suite. SSLHonorCipherOrder on SSLCertificateFile "D:/phpStudy/Apache/cert/2335105__yg1st.com_public.crt" # Replace domain name1'public.crt with your certificate file name. SSLCertificateKeyFile "D:/phpStudy/Apache/cert/2335105__yg1st.com.key" # Replace domain name1.key with the key file name of your certificate. SSLCertificateChainFile "D:/phpStudy/Apache/cert/2335105__yg1st.com_chain.crt" # take domain name1_chain.crt Replace with the key file name of your certificate; the beginning of the certificate chain if any#Character, please delete. </VirtualHost> #If the certificate contains more than one domain name, copy the above parameters and replace ServerName with the second domain name. <VirtualHost *:443> ServerName #Modify to the second domain name www.YourDomainName2.com bound when applying for certificate. DocumentRoot "D:/phpStudy/WWW/yg" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 # Add SSL protocol support protocol and remove the insecure protocol. SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM # Modify the encryption suite. SSLHonorCipherOrder on SSLCertificateFile "D:/phpStudy/Apache/cert/2335105__yg1st.com_public.crt" # Replace domain name2 with the second domain name you requested for the certificate. SSLCertificateKeyFile "D:/phpStudy/Apache/cert/2335105__yg1st.com.key" # Replace domain name2 with the second domain name you requested for the certificate. SSLCertificateChainFile "D:/phpStudy/Apache/cert/2335105__yg1st.com_chain.crt" # take domain name2 Replace with the second domain name when you apply for the certificate; the beginning of the certificate chain if any#Character, please delete. </VirtualHost>
After the modification, please note that there are some logs files in this file. The path must be modified correctly according to the actual path
For example, mine is:
ErrorLog "D:\phpStudy\Apache\logs\error.log" TransferLog "D:\phpStudy\Apache\logs\access.log"
Open cmd after modification
Enter the bin directory of your apache installation directory
Use: httpd -t
Test, if there is an error, modify it according to the prompt; if there is no error, restart apache
The website successfully installed the certificate, which can be opened with https
The result is that you can open it with https, but you can't open it at the beginning of http
You also need to set up a website that starts with http to jump to the beginning of https automatically
In the < Directory > tab of httpd.conf, type
RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R=301]
Of course, this is not exactly my case, because I have set other pseudo-static rules, so I made some adjustments
After the certificate is installed, I found a prompt in the top left corner of Google browser that clicking to open the website connection is not completely safe
The reason is that our page has some insecure http requests, such as static files such as pictures and js.
We just need to upgrade it to an https request.
Add:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
It means to automatically upgrade the insecure request of http to https
After adding, Google browser displays "link is safe"