Openssl Certificate (apatche2.4 in windows)

mohammed_max · March 13, 2018, 9:27am

Hi…
how to creating ssl certificate to openssl in apatche2.4 to windows
can I help me pleas

stevenzhu · March 13, 2018, 12:24pm

Hi

Please follow this line for instructions.

schoen · March 13, 2018, 4:46pm

You might also want to look at the list of Windows clients in

I think win-acme is now the most used.

mohammed_max · March 14, 2018, 7:11am

Thanks… but I want to know how to set up the certificate safely OPENSSL because I started to create it and something went wrong
can you help me
…
These commands are used
1-openssl req -config openssl.cnf -new -out htv.csr -keyout htv.pem
2-openssl rsa -in htv.pem -out htv.key
3-openssl x509 -in htv.csr -out htv.crt -req -signkey htv.key -days 3650
…
open to config file and change the port (443)

del # to line 184 (Load Module ssl-module)
and # to line 171 (LoadModule rewrite_module)
AND # TO line 191 (LoadModule vhost_alias_module)
and insert vhosts :
<VirtualHost *:443>
DocumentRoot "C:/Apache24/htdocs/localhost/mysite.com"
ServerName localhost
Redirect / https://localhost/mysite.com/
ServerAlias localhost/mysite.com
SSLEngine on
SSLCertificateFile "C:/Apache24/conf/htv.crt"
SSLCertificateKeyFile "C:/Apache24/conf/htv.key"
SSLCertificateChainFile “C:/Apache24/conf/htv.crt”

insert this Redirect in line 356:

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{lopcalhost/mysite.com}:443%{REQUEST_URI}

open httpd-vhosts file and change the port 443 line 15 and

copy and change to port 80 to 443
change the setting in vhost 80 and 443
<VirtualHost *:443>

mysite is local and my server is Apache

** this is task in my university **

mohammed_max · March 14, 2018, 12:35pm

THIS IS ERROR
localhost uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is not valid for the name localhost.

Error code: SEC_ERROR_UNKNOWN_ISSUER

https://localhost/mysite.com/
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
Certificate chain:

stevenzhu · March 14, 2018, 12:59pm

Hi,

Do you mean want to create a self-signed ssl (not trusted by public CA) for your local website?

If so, you can follow this link (as that’s what i used for ssl self-sign):
https://jamielinux.com/docs/openssl-certificate-authority/

However, if you are trying to obtain a trusted ssl for localhost, it’s not possible since ssl can only be issued under trusted public domains (no localhost, xxx.local etc)

Thank you

mohammed_max · March 14, 2018, 1:05pm

Thank you @stevenzhu
and You have all the appreciation

system · April 13, 2018, 1:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.