openssl 版本

OpenSSL> version
OpenSSL 1.0.1g 7 Apr 2014

无法启动 httpd

C:\Users\Administrator>httpd -v
Server version: Apache/2.4.9 (Win64)
Apache Lounge VC11 Server built:   Mar 16 2014 12:42:59

C:\Users\Administrator>httpd -X
AH00526: Syntax error on line 73 of D:/wamp/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
SSLSessionCache: ‘shmcb‘ session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

C:\Users\Administrator>httpd -X
AH00526: Syntax error on line 103 of D:/wamp/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:
SSLCertificateFile: file ‘C:/Apache24/conf/server.crt‘ does not exist or is empty

Administrator@USER-20140115FZ /cygdrive/d
$ cd d:/wamp/bin/apache/apache2.4.9/bin/

Administrator@USER-20140115FZ /cygdrive/d/wamp/bin/apache/apache2.4.9/bin
$ ls
ab.exe              htdigest.exe       libeay32.dll    php5ts.dll
abs.exe             htpasswd.exe       libhttpd.dll    rotatelogs.exe
ApacheMonitor.exe   httpd.exe          libxml2.dll     ssleay32.dll
apr_dbd_odbc-1.dll  httxt2dbm.exe      logresolve.exe  wintty.exe
apr_ldap-1.dll      iconv              lua51.dll       zlib1.dll
dbmmanage.pl        libapr-1.dll       openssl.exe
htcacheclean.exe    libapriconv-1.dll  pcre.dll
htdbm.exe           libaprutil-1.dll   php.ini

Administrator@USER-20140115FZ /cygdrive/d/wamp/bin/apache/apache2.4.9/bin
$ pwd
/cygdrive/d/wamp/bin/apache/apache2.4.9/bin

生成服务器证书

D:\wamp\bin\apache\apache2.4.9\bin>openssl req -new -out server.csr -config ../conf/openssl.cnf
WARNING: can‘t open config file: C:\vc11_deps\repo\winlibs_openssl/install_x64/openssl.cnf
Loading ‘screen‘ into random state - done Generating a 1024 bit RSA private key.++++++....++++++
writing new private key to ‘privkey.pem‘
Enter PEM pass phrase:
7624:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:
869:You must type in 4 to 511 characters
7624:error:0906406D:PEM routines:PEM_def_callback:problems getting password:.\cr
ypto\pem\pem_lib.c:111:
7624:error:0907E06F:PEM routines:DO_PK8PKEY:read key:.\crypto\pem\pem_pk8.c:130:


D:\wamp\bin\apache\apache2.4.9\bin>openssl req -new -out server.csr -config ../conf/openssl.cnf
WARNING: can‘t open config file: C:\vc11_deps\repo\winlibs_openssl/install_x64/openssl.cnf
Loading ‘screen‘ into random state - done
Generating a 1024 bit RSA private key
...................++++++
......................................++++++
writing new private key to ‘privkey.pem‘
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GuangDong
Locality Name (eg, city) []:GuangZhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Localhost
Organizational Unit Name (eg, section) []:Baidu
Common Name (e.g. server FQDN or YOUR name) []:default7-csdn
Email Address []:default.fu@foxmail.com

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:Baidu-optional

D:\wamp\bin\apache\apache2.4.9\bin>

bin 目录下，成功生成 privkey.pem ，server.csr 2个文件。

生成私匙

D:\wamp\bin\apache\apache2.4.9\bin>openssl rsa -in privkey.pem -out server.key
WARNING: can‘t open config file: C:\vc11_deps\repo\winlibs_openssl/install_x64/openssl.cnf
Enter pass phrase for privkey.pem:
writing RSA key

D:\wamp\bin\apache\apache2.4.9\bin>

bin 目录成功生成 server.key。

创建证书 server.crt

D:\wamp\bin\apache\apache2.4.9\bin>openssl x509 -in server.csr -out server.crt -
req -signkey server.key -days 365
WARNING: can‘t open config file: C:\vc11_deps\repo\winlibs_openssl/install_x64/openssl.cnf
Loading ‘screen‘ into random state - done
Signature ok
subject=/C=CN/ST=GuangDong/L=GuangZhou/O=Localhost/OU=Baidu/CN=default7-csdn/emailAddress=default.fu@foxmail.com
Getting Private key

D:\wamp\bin\apache\apache2.4.9\bin>

撤销客户端证书

（欢迎交流 by default.fu@foxmail.com）

第三方ssl证书

godaddy ssl证书
dreamhost ssl证书