Step 1.
Create a Certificate Authority, CA.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Now we have a certificate authority certificate to sign the certificate for the server.
Step 2.
Generate a key for the server.
openssl genrsa -des3 -out server.key 4096
Generate a certificate signing request
openssl req -new -key server.key -out server.csr
Optional step : remove the passphrase from the key
Rename server.key to server.key.bac.
openssl rsa -in server.key.bac -out server.key
Step3.
Sign the generated key with certificate authority
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Now we have the necessary keys and certificates to configure Apache2.2 server to enable https
Step4.
copy the generated keys, certificates to a directory named keys under the conf directory.
Uncomment ssl module and ssl configuration file in httpd.conf.
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Step 5.
configure https in httpd-ssl.conf file located in conf/extra directory. Use the default settings and specify the following Files to match your local settings.
SLCertificateFile "F:/Apache2.2/conf/keys/server.crt"
SSLCertificateKeyFile "F:/Apache2.2/conf/keys/server.key"
SSLCACertificateFile "F:/Apache2.2/conf/keys/ca.crt"
#SSLVerifyClient require
SSLVerifyDepth 1
SSLVerifyClient and SSLVerifyDepth options would only be required, if you want the client to authenticate to the server using a certificate and a passphrase.
Now you have successfully configured https for your server.
When connecting to the server, you can obtain the servers certificate by using openssl.
openssl s_client –connect localhost:443 > scert.pem
Now open the scert.pem and remove the unnecessary. Only the content within the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- needed for the certificate. You certificate would look like
-----BEGIN CERTIFICATE-----
-----END CRETIFICATE-----
Step 6.
Now we can connect to a service deployed in Apache server using https and consume it.
$client = new WSClient(array(“to”=>”https://localhost/webservices/service1.php”,
“CACert”=>”cert.pem”));
$response = $client->request($input);
Much more detailed discussion on implementing https alone with Axis2/C is available here.
No comments:
Post a Comment