一 下載證書

我這里的下載流程只供參考,詳細(xì)的步驟可以去百度搜索。最終的目的是得到4個(gè)證書文件

1. 首先申請(qǐng)阿里云免費(fèi)的ssl認(rèn)證證書，認(rèn)證證書申請(qǐng)過程比較簡單。請(qǐng)自行百度。登陸阿里云之后，在安全（云盾）板塊下-CA證書服務(wù)

購買

2. 申請(qǐng)過程比較簡單，需要等待阿里云審核通過。通過之后會(huì)顯示證書。點(diǎn)擊“下載”（此教程主要是針對(duì)Apache）；

下載

3. 這里選取apache證書。下載的文件包里面有四個(gè)文件：

【123.key證書私鑰文件,123.pem,證書公鑰文件chain.pem,證書鏈文件 public.pem 】

二 配置phpStudy的Apache

1. 開啟apache的編譯ssl模塊，如圖打開phpstudy—其它選項(xiàng)設(shè)置—PHP擴(kuò)展及設(shè)置—php擴(kuò)展—php-openssl前面打勾

配置

2. 打開httpd.conf文件(C:\phpStudy\Apache\conf\httpd.conf根據(jù)這個(gè)規(guī)律去找你安裝的位置)
3. 更改httpd.conf的相應(yīng)文件

• 找到LoadModule ssl_module modules/mod_ssl.so （如果前面有#號(hào)把#號(hào)去調(diào)打開此擴(kuò)展）
• 找到Include conf/vhosts.conf（如果前面有#號(hào)把#號(hào)去了）
• 找到Include conf/extra/httpd-ssl.conf（如果前面有#號(hào)把#號(hào)去了，如果沒有此段文字，就搜索# Secure (SSL/TLS) connections，并在它的下一行寫上）

#Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

• 現(xiàn)在重啟Apache 肯定是紅燈，如果把Include conf/extra/httpd-ssl.conf前面加#注釋以后能正常啟動(dòng)說明引入文件成功

• 打開httpd-ssl.conf（C:\phpStudy\Apache\conf\extra根據(jù)這個(gè)規(guī)律去找你安裝的位置）

• 把下面<VirtualHost><VirtualHost>的內(nèi)容全部刪除

  <VirtualHost >
      。。。。。。
  </VirtualHost>    
  

  • 更改如下

    <VirtualHost *:443>
        SSLEngine on
        SSLProtocol TLSv1 TLSv1.1 TLSv1.2
        SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
        SSLCertificateFile "C:/phpStudy/Apache/cert/public.pem"
        SSLCertificateKeyFile  "C:/phpStudy/Apache/cert/11.key"
        SSLCertificateChainFile  "C:/phpStudy/Apache/cert/chain.pem"
        ServerName www.exam.com
        DocumentRoot "C:\phpStudy\WWW\exam"
    </VirtualHost>    
    

    • 以上參數(shù)說明

      SSLCipherSuite是阿里云提供的，下載證書的頁面有

      SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile文件是證書的絕對(duì)路徑

      ServerName 是你網(wǎng)站的域名這個(gè)域名必須是和購買證書的iP是對(duì)應(yīng)的映射關(guān)系

      DocumentRoot 是www. exam.com域名對(duì)應(yīng)的項(xiàng)目地址：單訪問ServerName時(shí)就打開WWW下的exam文件(我用的tp框架且把入口index.php放在了項(xiàng)目的根目錄下，及直接運(yùn)行exam/index.php文件了)

      • 再次重啟apache正常啟動(dòng) 如果還是紅燈肯定是哪里寫錯(cuò)了，一定保證httpd.cpmf的Include conf/extra/httpd-ssl.conf開啟

      http-ssl.conf源碼

      #
      # This is the Apache server configuration file providing SSL support.
      # It contains the configuration directives to instruct the server how to
      # serve pages over an https connection. For detailed information about these 
      # directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>
      # 
      # Do NOT simply read the instructions in here without understanding
      # what they do.  They're here only as hints or reminders.  If you are unsure
      # consult the online docs. You have been warned.  
      #
      
      #
      # Pseudo Random Number Generator (PRNG):
      # Configure one or more sources to seed the PRNG of the SSL library.
      # The seed data should be of good random quality.
      # WARNING! On some platforms /dev/random blocks if not enough entropy
      # is available. This means you then cannot use the /dev/random device
      # because it would lead to very long connection times (as long as
      # it requires to make more entropy available). But usually those
      # platforms additionally provide a /dev/urandom device which doesn't
      # block. So, if available, use this one instead. Read the mod_ssl User
      # Manual for more details.
      #
      #SSLRandomSeed startup file:/dev/random  512
      #SSLRandomSeed startup file:/dev/urandom 512
      #SSLRandomSeed connect file:/dev/random  512
      #SSLRandomSeed connect file:/dev/urandom 512
      
      #
      # When we also provide SSL we have to listen to the 
      # standard HTTP port (see above) and to the HTTPS port
      #
      # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
      #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
      #
      Listen 443
      
      ##
      ##  SSL Global Context
      ##
      ##  All SSL configuration in this context applies both to
      ##  the main server and all SSL-enabled virtual hosts.
      ##
      
      #   Pass Phrase Dialog:
      #   Configure the pass phrase gathering process.
      #   The filtering dialog program (`builtin' is a internal
      #   terminal dialog) has to provide the pass phrase on stdout.
      SSLPassPhraseDialog  builtin
      
      #   Inter-Process Session Cache:
      #   Configure the SSL Session Cache: First the mechanism 
      #   to use and second the expiring timeout (in seconds).
      #SSLSessionCache         "dbm:/Apache24/logs/ssl_scache"
      SSLSessionCache        "shmcb:/Apache24/logs/ssl_scache(512000)"
      SSLSessionCacheTimeout  300
      
      ##
      ## SSL Virtual Host Context
      ##
      
      <VirtualHost *:443>
          SSLEngine on
          SSLProtocol TLSv1 TLSv1.1 TLSv1.2
          SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
          SSLCertificateFile "C:/phpStudy/Apache/cert/public.pem"
          SSLCertificateKeyFile  "C:/phpStudy/Apache/cert/1.key"
          SSLCertificateChainFile  "C:/phpStudy/Apache/cert/chain.pem"
          ServerName www.exam.com
          DocumentRoot "C:\phpStudy\WWW\exam"
      </VirtualHost>        
      

      • 現(xiàn)在訪問域名并手動(dòng)加上htts如https://www.exam.com應(yīng)該能夠正常訪問

      三 自動(dòng)轉(zhuǎn)htpps

      在項(xiàng)目的根目錄下找到并打開.htaccess（C:\phpStudy\WWW\項(xiàng)目名稱.htaccess如果沒有自建）

      內(nèi)容如下隱藏了index.php和強(qiáng)行自動(dòng)跳轉(zhuǎn)https的配置

      <IfModule mod_rewrite.c>
      RewriteEngine on
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . index.php
      </IfModule>
      

?