apache - 本地 WAMP 服务器不接受自签名 SSL 证书
问题描述
这是错误:
AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/wamp/bin/apache/apache2.4.33/conf/key/certificate.crt)
AH02564: Failed to configure encrypted (?) private key localhost:443:0, check C:/wamp/bin/apache/apache2.4.33/conf/key/certificate.crt
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSA)
SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
这是我所做的:
创建密钥(不带密码)和证书并将它们放在 Apache conf 文件夹中的一个名为key
openssl req -config config.conf -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout private.key -days 365 -out certificate.crt
config.conf 的内容:
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = GB
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = GB
localityName = Locality Name (eg, city)
localityName_default = Cardiff
organizationName = Organization Name (eg, company)
organizationName_default = Company
# Use a friendly name here because its presented to the user. The server's DNS
# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
# by both IETF and CA/Browser Forums. If you place a DNS name here, then you
# must include the DNS name in the SAN too (otherwise, Chrome and others that
# strictly follow the CA/Browser Baseline Requirements will fail).
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company
emailAddress = Email Address
emailAddress_default = test@example.com
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
# You only need digitalSignature below. *If* you don't allow
# RSA Key transport (i.e., you use ephemeral cipher suites), then
# omit keyEncipherment because that's key transport.
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
# RFC 5280, Section 4.2.1.12 makes EKU optional
# CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
# In either case, you probably only need serverAuth.
# extendedKeyUsage = serverAuth, clientAuth
# Section req_ext is used when generating a certificate signing request. I.e., openssl req ...
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
# RFC 5280, Section 4.2.1.12 makes EKU optional
# CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
# In either case, you probably only need serverAuth.
# extendedKeyUsage = serverAuth, clientAuth
[ alternate_names ]
DNS.1 = site.local
DNS.2 = www.site.local
DNS.3 = admin.site.local
# Add these if you need them. But usually you don't want them or
# need them in production. You may need them for development.
DNS.4 = localhost
DNS.5 = localhost.localdomain
DNS.6 = 127.0.0.1
# IPv6 localhost
DNS.7 = ::1
通过取消注释这些行来激活 Apache SSLhttpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
httpd-ssl.conf
通过在里面配置这些条目来设置 SSL<VirtualHost _default_:443>
DocumentRoot "${INSTALL_DIR}/www"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "${APACHE_DIR}/logs/error.log"
TransferLog "${APACHE_DIR}/logs/access.log"
SSLCertificateFile "${APACHE_DIR}/conf/key/certificate.crt"
SSLCertificateFile "${APACHE_DIR}/conf/key/private.key"
并注释掉这一行
SSLPassPhraseDialog builtin
以下是我用来尝试排序的参考资料,
- https://articlebin.michaelmilette.com/how-to-add-ssl-https-to-wampserver/
- 如何使用 openssl 创建自签名证书?
- https://support.quovadisglobal.com/kb/a90/i-get-error-message-error-init-sslpassphrasedialog-builtin-is-not-supported-on-win32.aspx
我准备放弃所以我希望有人有一些想法。
解决方案
推荐阅读
- ios - Can we use VoIP push for normal push notification?
- pyhf - Nuisance parameters which are related between channels
- reactjs - React.createRef() does not work - Function components cannot be given refs
- python - New to Python. Question about running programs
- elasticsearch - 通过电子邮件查询时,Elasticsearch 查询不返回结果
- jenkins - 我如何告诉詹金斯不要在失败时停止,或者在退出状态上设置条件?
- php - Codeigniter : 类似于使用空帖子数据的查询
- ruby - 如何修复 Ruby 中的 NoMethodError?
- azure - 通过 S2S 连接连接到 Azure 时,本地 VM 是否可以使用 Azure DNS?
- javascript - Not defined error when attempting to dynamically load scripts with React.js