XAMPP的vhost與SSL設定 重建憑證2048位元
解決
弱點掃瞄:
SSL Certificate Signed Using Weak Hashing Algorithm
編號: 35291
---------------------------------------------
停止Apache
copy c:\xampp\apache 並更名到 c:\apache24
先把 c:\xampp\apache\conf 建立 ssl 資料夾
把原 c:\xampp\apache\con\ssl.crt ssl.csr ssl.key資料夾內的檔案更名為*-old
---------------SSL設定禁用SHA1----------------------------
修正 c:\xampp\apache\conf\extra\httpd-ssl.conf
52 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!SHA1
53 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!SHA1
---------------重建憑證2048位元用key---------------------------
CMD 命令列視窗模式到 c:\xampp\apache\bin
檢查現有憑證是否 SHA1
.\openssl x509 -in C:\xampp\apache\conf\ssl.crt\server-old.crt -text -noout
重建憑證用的Key
.\openssl genrsa -out C:\xampp\apache\conf\ssl\server.key 2048
openssl req -new -key C:\xampp\apache\conf\ssl\server.key -out C:\xampp\apache\conf\ssl\server.csr
-----憑證內資料設定------------
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:taipei
Locality Name (eg, city) []:taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LongBow
Organizational Unit Name (eg, section) []:LonBow
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:slchang@bmeservice.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:bme8888
An optional company name []:Bmeservice
---------------重建憑證2048位元---------------------------
.\openssl x509 -req -days 365 -in C:\xampp\apache\conf\ssl\server.csr -signkey C:\xampp\apache\conf\ssl\server.key -out C:\xampp\apache\conf\ssl\server.crt
再把 c:\xampp\apache\conf\ssl的新建資料, 分別放入對應的資料夾
可以把c:\apache24 刪除
---------------更新到2.4.63---------------------------
把原 c:\xampp\apache\conf 資料copy 到原 c:\xampp\apache2463 (全部覆蓋)
把 apache 更名為apache2462
把 apache2463 更名為apache
啟動 Apache
更新到2.4.63 (因為server.csr已更新到2048)
沒有留言:
張貼留言