XAMPP中跨LAN的本地主机自签名证书
我有ssl本地主机,并且可以在本地PC上正常工作,但ssl不能跨LAN工作。因为我使用的是自签名证书,所以我必须在将要打开站点的每台PC上安装证书,但是该证书只能在承载网站的PC上工作,而不能在LAN上的其他PC上工作。
因为我处于开发模式,所以我不想在线托管我的网站。
我的本地PC:
主机文件:
127.0.0.1 gofashion_chat.test
httpd-xampp.conf
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/gofashion"
ServerName gofashion_chat.test
ServerAlias *.gofashion_chat.test
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/gofashion"
ServerName gofashion_chat.test
ServerAlias *.gofashion_chat.test
SSLEngine on
SSLCertificateFile "C:/xampp/htdocs/gofashion/cert/gofashion_chat.test/server.crt"
SSLCertificateKeyFile "C:/xampp/htdocs/gofashion/cert/gofashion_chat.test/server.key"
</VirtualHost>
浏览器中的证书:
LAN上的PC:
主机文件:
192.168.10.7 gofashion_chat.test
LAN PC上的浏览器中的证书:
在两台PC上都安装了server.crt
如何解决LAN上的SSL问题?
编辑:
这是我用来生成证书的蝙蝠文件
@echo off
set /p domain="Enter Domain without TLD (E.g 'facebook', 'google'): "
set /p com_tld="Enter Domain TLD (E.g 'com', 'test'): "
SET HOSTNAME=%domain%
SET DOT=%com_tld%
SET COUNTRY=US
SET STATE=KS
SET CITY=Olathe
SET ORGANIZATION=IT
SET ORGANIZATION_UNIT=IT Department
SET FULL_DOMAIN=%HOSTNAME%.%DOT%
SET EMAIL=webmaster@%FULL_DOMAIN%
SET OPENSSL_CONF=C:\xampp\apache\conf\openssl.cnf
if not exist .\%HOSTNAME%.%DOT% mkdir .\%FULL_DOMAIN%
(
echo [req]
echo default_bits = 2048
echo prompt = no
echo default_md = sha256
echo req_extensions = v3_req
echo x509_extensions = x509_ext
echo distinguished_name = dn
echo:
echo [dn]
echo C = %COUNTRY%
echo ST = %STATE%
echo L = %CITY%
echo O = %ORGANIZATION%
echo OU = %ORGANIZATION_UNIT%
echo emailAddress = %EMAIL%
echo CN = %FULL_DOMAIN%
echo:
echo [v3_req]
echo subjectAltName = @alt_names
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid:always, issuer:always
echo basicConstraints = critical, CA:TRUE, pathlen:1
echo keyUsage = critical, cRLSign, digitalSignature, keyCertSign
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [x509_ext]
echo subjectAltName = @alt_names
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid:always, issuer:always
echo basicConstraints = critical, CA:TRUE, pathlen:1
echo keyUsage = critical, cRLSign, digitalSignature, keyCertSign
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [alt_names]
echo DNS.1 = *.%FULL_DOMAIN%
echo DNS.2 = %FULL_DOMAIN%
)>%FULL_DOMAIN%\%HOSTNAME%.cnf
C:\xampp\apache\bin\openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout %FULL_DOMAIN%\server.key -days 356 -out %FULL_DOMAIN%\server.crt -config %FULL_DOMAIN%\%HOSTNAME%.cnf
echo.
echo -----
echo The certificate was provided.
echo.
pause
这是我用来生成证书的另一个。
@echo off
set /p domain="Enter Domain without TLD (E.g 'facebook', 'google'): "
set /p com_tld="Enter Domain TLD (E.g 'com', 'test'): "
SET HOSTNAME=%domain%
SET DOT=%com_tld%
SET COUNTRY=US
SET STATE=KS
SET CITY=Olathe
SET ORGANIZATION=IT
SET ORGANIZATION_UNIT=IT Department
SET FULL_DOMAIN=%HOSTNAME%.%DOT%
SET EMAIL=webmaster@%FULL_DOMAIN%
SET OPENSSL_CONF=C:\xampp\apache\conf\openssl.cnf
if not exist .\%HOSTNAME%.%DOT% mkdir .\%FULL_DOMAIN%
(
echo [ req ]
echo default_bits = 2048
echo default_keyfile = server-key.pem
echo distinguished_name = subject
echo req_extensions = req_ext
echo x509_extensions = x509_ext
echo string_mask = utf8only
echo:
echo [ subject ]
echo countryName = Country Name ^(2 letter code^)
echo countryName_default = %COUNTRY%
echo stateOrProvinceName = State or Province Name ^(full name^)
echo stateOrProvinceName_default = %STATE%
echo localityName = Locality Name ^(eg, city^)
echo localityName_default = %CITY%
echo organizationName = Organization Name ^(eg, company^)
echo organizationName_default = %ORGANIZATION%
echo commonName = Common Name ^(e.g. server FQDN or YOUR name^)
echo commonName_default = %HOSTNAME%.%DOT%
echo emailAddress = Email Address
echo emailAddress_default = %EMAIL%
echo:
echo [ x509_ext ]
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid,issuer
echo basicConstraints = CA:FALSE
echo keyUsage = digitalSignature, keyEncipherment
echo subjectAltName = @alternate_names
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [ req_ext ]
echo subjectKeyIdentifier = hash
echo basicConstraints = CA:FALSE
echo keyUsage = digitalSignature, keyEncipherment
echo subjectAltName = @alternate_names
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [ alternate_names ]
echo:
echo DNS.1 = *.%HOSTNAME%.%DOT%
echo DNS.2 = %HOSTNAME%.%DOT%
)>%FULL_DOMAIN%\%HOSTNAME%.cnf
C:\xampp\apache\bin\openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout %FULL_DOMAIN%\server.key -days 356 -out %FULL_DOMAIN%\server.crt -config %FULL_DOMAIN%\%HOSTNAME%.cnf
echo.
echo -----
echo The certificate was provided.
echo.
pause
2 个答案:
答案 0 :(得分:0)
您的屏幕截图显示,出于此目的,允许使用使用的证书
- 所有发行政策
- 所有应用政策
但是您要使用它作为Web服务器证书,因此该证书具有以下目的:
- 确保远程计算机的身份
我认为在您的计算机上它可以正常工作,因为Web浏览器识别出服务器正在本地网络接口上运行-因此它不是“远程计算机”,因此可以在证书中不允许此目的的情况下运行。
答案 1 :(得分:0)
这可能已经晚了,但是值得一试^ _ ^
代替使用gofashion_chat.test指定本地主机,只需使用computername.domain。这样可以节省您编辑要访问网站的每台计算机的主机的时间。
在apache中创建一个文件夹。文件夹名称:crt
创建一个名称为cert-template.conf的文件,并将其保存在crt文件夹中。下面是cert-template.conf的命令。
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = TE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = TEST
localityName = Locality Name (eg, city)
localityName_default = TEST
organizationName = Organization Name (eg, company)
organizationName_default = TEST
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = computername.domain
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = computername.domain
还创建此文件:make-cert.bat并将其保存在crt文件夹中。下面是make-cert.bat的命令。
@echo off
set /p domain="Domain Name: "
set OPENSSL_CONF=../conf/openssl.cnf
REM
REM Read the "cert-template.conf" file and replace all {{DOMAIN}} placeholders by the entered domain.
REM Write the result into a new file called "cert.conf".
REM
REM @see https://stackoverflow.com/questions/5273937/how-to-replace-substrings-in-windows-batch-file#20227248
REM
setlocal enabledelayedexpansion
set INTEXTFILE=cert-template.conf
set OUTTEXTFILE=cert.conf
set SEARCHTEXT={{DOMAIN}}
set REPLACETEXT=%domain%
if exist %OUTTEXTFILE% del /F %OUTTEXTFILE%
for /f "tokens=1,* delims=¶" %%A in ( '"findstr /n ^^ %INTEXTFILE%"') do (
SET string=%%A
for /f "delims=: tokens=1,*" %%a in ("!string!") do set "string=%%b"
if "!string!" == "" (
echo.>>%OUTTEXTFILE%
) else (
SET modified=!string:%SEARCHTEXT%=%REPLACETEXT%!
echo !modified! >> %OUTTEXTFILE%
)
)
REM
REM Create the target directory.
REM
if not exist .\%domain% mkdir .\%domain%
REM
REM Create the certificate and key files.
REM
..\bin\openssl req -config %OUTTEXTFILE% -new -sha256 -newkey rsa:2048 -nodes -keyout %domain%\server.key -x509 -days 365 -out %domain%\server.crt
REM
REM Delete the written file "cert.conf" as this file would only be used to create the certificate.
REM
if exist %OUTTEXTFILE% del /F %OUTTEXTFILE%
echo.
echo -----
echo The certificate was provided.
echo.
pause
运行make-cert.bat,将显示命令提示符,并要求您提供域名。您的域名是您的computername.domain。此后,您需要回答一些问题,最重要的问题是通用名称。通用名称= Computername.domain。
安装位于crt / computername.domain / server.crt的创建的证书。安装证书>本地计算机>将所有证书放在以下存储中>浏览>受信任的根证书颁发机构>下一步>完成。
将此脚本插入httpd-xampp.conf的底部
<VirtualHost computername.domain:8080>
DocumentRoot "C:/xampp/htdocs"
</VirtualHost>
<VirtualHost computername.domain:4433>
DocumentRoot "C:/xampp/htdocs"
SSLEngine on
SSLCertificateFile "crt/computername.domain/server.crt"
SSLCertificateKeyFile "crt/computername.domain/server.key"
</VirtualHost>
重新启动XAMPP并尝试使用https://computername.domain:4433访问您的本地主机。
仅此而已。我希望您能完成所有步骤。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?