第一步：打开phphstudy--->其他选项菜单----->php扩展及设置----->php扩展-------->php-openssl打勾

第二步：打开PHP study的这个路径D:\phpStudy\Apache\conf\ssl，把你申请好的ssl证书放进去。注意：我这边环境apache的所以选择apache的证书

腾讯云ssl证书免费申请地址：https://cloud.tencent.com/product/ssl?fromSource=gwzcw.429897.429897.429897

阿里云ssl证书免费申请地址：https://www.aliyun.com/product/cas?spm=a2c4g.11174283.2.1.17266fd4UJN7i2

第三步：打开D:\phpStudy\Apache\conf\httpd.conf文件

#LoadModule ssl_module modules/mod_ssl.so （去掉前面的#号）
#Include conf/extra/httpd-ssl.conf 

加上    Include conf/extra/weixin-ssl.conf

代码如下图所示

1. # power by phpStudy 2014 www.phpStudy.net 官网下载最新版

2. #

3. # This is the main Apache HTTP server configuration file. It contains the

4. # configuration directives that give the server its instructions.

5. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.

6. # In particular, see

7. # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>

8. # for a discussion of each configuration directive.

9. #

10. # Do NOT simply read the instructions in here without understanding

11. # what they do. They're here only as hints or reminders. If you are unsure

12. # consult the online docs. You have been warned.

13. #

14. # Configuration and logfile names: If the filenames you specify for many

15. # of the server's control files begin with "/" (or "drive:/" for Win32), the

16. # server will use that explicit path. If the filenames do *not* begin

17. # with "/", the value of ServerRoot is prepended -- so "logs/access_log"

18. # with ServerRoot set to "/usr/local/apache2" will be interpreted by the

19. # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"

20. # will be interpreted as '/logs/access_log'.

21. #

22. # NOTE: Where filenames are specified, you must use forward slashes

23. # instead of backslashes (e.g., "c:/apache" instead of "c:\apache").

24. # If a drive letter is omitted, the drive on which httpd.exe is located

25. # will be used by default. It is recommended that you always supply

26. # an explicit drive letter in absolute paths to avoid confusion.

27.  

28. #

29. # ServerRoot: The top of the directory tree under which the server's

30. # configuration, error, and log files are kept.

31. #

32. # Do not add a slash at the end of the directory path. If you point

33. # ServerRoot at a non-local disk, be sure to specify a local disk on the

34. # Mutex directive, if file-based mutexes are used. If you wish to share the

35. # same ServerRoot for multiple httpd daemons, you will need to change at

36. # least PidFile.

37. #

38. ServerRoot "D:/phpStudy/Apache"

39.  

40. #

41. # Mutex: Allows you to set the mutex mechanism and mutex file directory

42. # for individual mutexes, or change the global defaults

43. #

44. # Uncomment and change the directory if mutexes are file-based and the default

45. # mutex file directory is not on a local disk or is not appropriate for some

46. # other reason.

47. #

48. # Mutex default:logs

49.  

50. #

51. # Listen: Allows you to bind Apache to specific IP addresses and/or

52. # ports, instead of the default. See also the <VirtualHost>

53. # directive.

54. #

55. # Change this to Listen on specific IP addresses as shown below to

56. # prevent Apache from glomming onto all bound IP addresses.

57. #

58. #Listen 12.34.56.78:80

59. Listen 9096

60.  

61. #

62. # Dynamic Shared Object (DSO) Support

63. #

64. # To be able to use the functionality of a module which was built as a DSO you

65. # have to place corresponding `LoadModule' lines at this location so the

66. # directives contained in it are actually available _before_ they are used.

67. # Statically compiled modules (those listed by `httpd -l') do not need

68. # to be loaded here.

69. #

70. # Example:

71. # LoadModule foo_module modules/mod_foo.so

72. #

73. LoadModule access_compat_module modules/mod_access_compat.so

74. LoadModule actions_module modules/mod_actions.so

75. LoadModule alias_module modules/mod_alias.so

76. LoadModule allowmethods_module modules/mod_allowmethods.so

77. LoadModule asis_module modules/mod_asis.so

78. LoadModule auth_basic_module modules/mod_auth_basic.so

79. #LoadModule auth_digest_module modules/mod_auth_digest.so

80. #LoadModule authn_anon_module modules/mod_authn_anon.so

81. LoadModule authn_core_module modules/mod_authn_core.so

82. #LoadModule authn_dbd_module modules/mod_authn_dbd.so

83. #LoadModule authn_dbm_module modules/mod_authn_dbm.so

84. LoadModule authn_file_module modules/mod_authn_file.so

85. #LoadModule authn_socache_module modules/mod_authn_socache.so

86. #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

87. LoadModule authz_core_module modules/mod_authz_core.so

88. #LoadModule authz_dbd_module modules/mod_authz_dbd.so

89. #LoadModule authz_dbm_module modules/mod_authz_dbm.so

90. LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

91. LoadModule authz_host_module modules/mod_authz_host.so

92. #LoadModule authz_owner_module modules/mod_authz_owner.so

93. LoadModule authz_user_module modules/mod_authz_user.so

94. LoadModule autoindex_module modules/mod_autoindex.so

95. #LoadModule buffer_module modules/mod_buffer.so

96. #LoadModule cache_module modules/mod_cache.so

97. #LoadModule cache_disk_module modules/mod_cache_disk.so

98. #LoadModule cern_meta_module modules/mod_cern_meta.so

99. LoadModule cgi_module modules/mod_cgi.so

100. #LoadModule charset_lite_module modules/mod_charset_lite.so

101. #LoadModule data_module modules/mod_data.so

102. #LoadModule dav_module modules/mod_dav.so

103. #LoadModule dav_fs_module modules/mod_dav_fs.so

104. #LoadModule dav_lock_module modules/mod_dav_lock.so

105. #LoadModule dbd_module modules/mod_dbd.so

106. #LoadModule deflate_module modules/mod_deflate.so

107. LoadModule dir_module modules/mod_dir.so

108. #LoadModule dumpio_module modules/mod_dumpio.so

109. LoadModule env_module modules/mod_env.so

110. #LoadModule expires_module modules/mod_expires.so

111. #LoadModule ext_filter_module modules/mod_ext_filter.so

112. #LoadModule file_cache_module modules/mod_file_cache.so

113. #LoadModule filter_module modules/mod_filter.so

114. #LoadModule headers_module modules/mod_headers.so

115. #LoadModule heartbeat_module modules/mod_heartbeat.so

116. #LoadModule heartmonitor_module modules/mod_heartmonitor.so

117. #LoadModule ident_module modules/mod_ident.so

118. #LoadModule imagemap_module modules/mod_imagemap.so

119. LoadModule include_module modules/mod_include.so

120. #LoadModule info_module modules/mod_info.so

121. LoadModule isapi_module modules/mod_isapi.so

122. #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so

123. #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

124. #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so

125. #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so

126. #LoadModule ldap_module modules/mod_ldap.so

127. #LoadModule logio_module modules/mod_logio.so

128. LoadModule log_config_module modules/mod_log_config.so

129. #LoadModule log_debug_module modules/mod_log_debug.so

130. #LoadModule log_forensic_module modules/mod_log_forensic.so

131. #LoadModule lua_module modules/mod_lua.so

132. LoadModule mime_module modules/mod_mime.so

133. #LoadModule mime_magic_module modules/mod_mime_magic.so

134. LoadModule negotiation_module modules/mod_negotiation.so

135. #LoadModule proxy_module modules/mod_proxy.so

136. #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

137. #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

138. #LoadModule proxy_connect_module modules/mod_proxy_connect.so

139. #LoadModule proxy_express_module modules/mod_proxy_express.so

140. #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

141. #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so

142. #LoadModule proxy_html_module modules/mod_proxy_html.so

143. #LoadModule proxy_http_module modules/mod_proxy_http.so

144. #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so

145. #LoadModule ratelimit_module modules/mod_ratelimit.so

146. #LoadModule reflector_module modules/mod_reflector.so

147. #LoadModule remoteip_module modules/mod_remoteip.so

148. #LoadModule request_module modules/mod_request.so

149. #LoadModule reqtimeout_module modules/mod_reqtimeout.so

150. LoadModule rewrite_module modules/mod_rewrite.so

151. #LoadModule sed_module modules/mod_sed.so

152. #LoadModule session_module modules/mod_session.so

153. #LoadModule session_cookie_module modules/mod_session_cookie.so

154. #LoadModule session_crypto_module modules/mod_session_crypto.so

155. #LoadModule session_dbd_module modules/mod_session_dbd.so

156. LoadModule setenvif_module modules/mod_setenvif.so

157. #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so

158. #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

159. #LoadModule socache_dbm_module modules/mod_socache_dbm.so

160. #LoadModule socache_memcache_module modules/mod_socache_memcache.so

161. LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

162. #LoadModule speling_module modules/mod_speling.so

163. LoadModule ssl_module modules/mod_ssl.so

164. #LoadModule fcgid_module modules/mod_fcgid.so

165. #LoadModule status_module modules/mod_status.so

166. #LoadModule substitute_module modules/mod_substitute.so

167. #LoadModule unique_id_module modules/mod_unique_id.so

168. #LoadModule userdir_module modules/mod_userdir.so

169. #LoadModule usertrack_module modules/mod_usertrack.so

170. #LoadModule version_module modules/mod_version.so

171. #LoadModule vhost_alias_module modules/mod_vhost_alias.so

172. #LoadModule watchdog_module modules/mod_watchdog.so

173. #LoadModule xml2enc_module modules/mod_xml2enc.so

174.  
175.  

176. <IfModule unixd_module>

177. #

178. # If you wish httpd to run as a different user or group, you must run

179. # httpd as root initially and it will switch.

180. #

181. # User/Group: The name (or #number) of the user/group to run httpd as.

182. # It is usually good practice to create a dedicated user and group for

183. # running httpd, as with most system services.

184. #

185. User daemon

186. Group daemon

187.  

188. </IfModule>

189.  

190. # 'Main' server configuration

191. #

192. # The directives in this section set up the values used by the 'main'

193. # server, which responds to any requests that aren't handled by a

194. # <VirtualHost> definition. These values also provide defaults for

195. # any <VirtualHost> containers you may define later in the file.

196. #

197. # All of these directives may appear inside <VirtualHost> containers,

198. # in which case these default settings will be overridden for the

199. # virtual host being defined.

200. #

201.  

202. #

203. # ServerAdmin: Your address, where problems with the server should be

204. # e-mailed. This address appears on some server-generated pages, such

205. # as error documents. e.g. admin@your-domain.com

206. #

207. ServerAdmin admin@phpStudy.net

208.  

209. #

210. # ServerName gives the name and port that the server uses to identify itself.

211. # This can often be determined automatically, but we recommend you specify

212. # it explicitly to prevent problems during startup.

213. #

214. # If your host doesn't have a registered DNS name, enter its IP address here.

215. #

216. ServerName localhost

217.  

218. #

219. # Deny access to the entirety of your server's filesystem. You must

220. # explicitly permit access to web content directories in other

221. # <Directory> blocks below.

222. #

223. DocumentRoot "D:/www"

224. <Directory />

225. Options +Indexes +FollowSymLinks +ExecCGI

226. AllowOverride All

227. Order allow,deny

228. Allow from all

229. Require all granted

230. </Directory>

231.  

232. #

233. # Note that from this point forward you must specifically allow

234. # particular features to be enabled - so if something's not working as

235. # you might expect, make sure that you have specifically enabled it

236. # below.

237. #

238.  

239. #

240. # DocumentRoot: The directory out of which you will serve your

241. # documents. By default, all requests are taken from this directory, but

242. # symbolic links and aliases may be used to point to other locations.

243. #

244.  
245.  

246. #

247. # DirectoryIndex: sets the file that Apache will serve if a directory

248. # is requested.

249. #

250. <IfModule dir_module>

251. DirectoryIndex index.html index.php index.htm

252. </IfModule>

253.  

254. #

255. # The following lines prevent .htaccess and .htpasswd files from being

256. # viewed by Web clients.

257. #

258. <Files ".ht*">

259. Require all denied

260. </Files>

261.  

262. #

263. # ErrorLog: The location of the error log file.

264. # If you do not specify an ErrorLog directive within a <VirtualHost>

265. # container, error messages relating to that virtual host will be

266. # logged here. If you *do* define an error logfile for a <VirtualHost>

267. # container, that host's errors will be logged there and not here.

268. #

269. #ErrorLog "logs/error.log"

270. #ErrorLog "|bin/rotatelogs.exe -l logs/error-%Y-%m-%d.log 2M"

271.  

272. #

273. # LogLevel: Control the number of messages logged to the error_log.

274. # Possible values include: debug, info, notice, warn, error, crit,

275. # alert, emerg.

276. #

277. LogLevel error

278.  

279. <IfModule log_config_module>

280. #

281. # The following directives define some format nicknames for use with

282. # a CustomLog directive (see below).

283. #

284. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

285. LogFormat "%h %l %u %t \"%r\" %>s %b" common

286.  

287. <IfModule logio_module>

288. # You need to enable mod_logio.c to use %I and %O

289. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

290. </IfModule>

291.  

292. #

293. # The location and format of the access logfile (Common Logfile Format).

294. # If you do not define any access logfiles within a <VirtualHost>

295. # container, they will be logged here. Contrariwise, if you *do*

296. # define per-<VirtualHost> access logfiles, transactions will be

297. # logged therein and *not* in this file.

298. #

299. ##CustomLog "logs/access.log" common

300.  

301. #

302. # If you prefer a logfile with access, agent, and referer information

303. # (Combined Logfile Format) you can use the following directive.

304. #

305. #CustomLog "logs/access.log" combined

306. </IfModule>

307.  

308. <IfModule alias_module>

309. #

310. # Redirect: Allows you to tell clients about documents that used to

311. # exist in your server's namespace, but do not anymore. The client

312. # will make a new request for the document at its new location.

313. # Example:

314. # Redirect permanent /foo http://www.example.com/bar

315.  

316. #

317. # Alias: Maps web paths into filesystem paths and is used to

318. # access content that does not live under the DocumentRoot.

319. # Example:

320. # Alias /webpath /full/filesystem/path

321. #

322. # If you include a trailing / on /webpath then the server will

323. # require it to be present in the URL. You will also likely

324. # need to provide a <Directory> section to allow access to

325. # the filesystem path.

326.  

327. #

328. # ScriptAlias: This controls which directories contain server scripts.

329. # ScriptAliases are essentially the same as Aliases, except that

330. # documents in the target directory are treated as applications and

331. # run by the server when requested rather than as documents sent to the

332. # client. The same rules about trailing "/" apply to ScriptAlias

333. # directives as to Alias.

334. #

335. #ScriptAlias /cgi-bin/ "D:/phpStudy/Apache/cgi-bin/"

336.  

337. </IfModule>

338.  

339. <IfModule cgid_module>

340. #

341. # ScriptSock: On threaded servers, designate the path to the UNIX

342. # socket used to communicate with the CGI daemon of mod_cgid.

343. #

344. #Scriptsock cgisock

345. </IfModule>

346.  

347. #

348. # "c:/Apache4/cgi-bin" should be changed to whatever your ScriptAliased

349. # CGI directory exists, if you have that configured.

350. #

351. <Directory "D:/phpStudy/Apache/cgi-bin">

352. AllowOverride None

353. Options None

354. Require all granted

355. </Directory>

356.  

357. <IfModule mime_module>

358. #

359. # TypesConfig points to the file containing the list of mappings from

360. # filename extension to MIME-type.

361. #

362. TypesConfig conf/mime.types

363.  

364. #

365. # AddType allows you to add to or override the MIME configuration

366. # file specified in TypesConfig for specific file types.

367. #

368. #AddType application/x-gzip .tgz

369. #

370. # AddEncoding allows you to have certain browsers uncompress

371. # information on the fly. Note: Not all browsers support this.

372. #

373. #AddEncoding x-compress .Z

374. #AddEncoding x-gzip .gz .tgz

375. #

376. # If the AddEncoding directives above are commented-out, then you

377. # probably should define those extensions to indicate media types:

378. #

379. AddType application/x-compress .Z

380. AddType application/x-gzip .gz .tgz

381.  

382. #

383. # AddHandler allows you to map certain file extensions to "handlers":

384. # actions unrelated to filetype. These can be either built into the server

385. # or added with the Action directive (see below)

386. #

387. # To use CGI scripts outside of ScriptAliased directories:

388. # (You will also need to add "ExecCGI" to the "Options" directive.)

389. #

390. #AddHandler cgi-script .cgi

391.  

392. # For type maps (negotiated resources):

393. #AddHandler type-map var

394.  

395. #

396. # Filters allow you to process content before it is sent to the client.

397. #

398. # To parse .shtml files for server-side includes (SSI):

399. # (You will also need to add "Includes" to the "Options" directive.)

400. #

401. #AddType text/html .shtml

402. #AddOutputFilter INCLUDES .shtml

403. #AddType application/x-httpd-php .php .phtml

404. </IfModule>

405.  

406. #

407. # The mod_mime_magic module allows the server to use various hints from the

408. # contents of the file itself to determine its type. The MIMEMagicFile

409. # directive tells the module where the hint definitions are located.

410. #

411. #MIMEMagicFile conf/magic

412.  

413. #

414. # Customizable error responses come in three flavors:

415. # 1) plain text 2) local redirects 3) external redirects

416. #

417. # Some examples:

418. #ErrorDocument 500 "The server made a boo boo."

419. #ErrorDocument 404 /missing.html

420. #ErrorDocument 404 "/cgi-bin/missing_handler.pl"

421. #ErrorDocument 402 http://www.example.com/subscription_info.html

422. #

423.  

424. #

425. # MaxRanges: Maximum number of Ranges in a request before

426. # returning the entire resource, or one of the special

427. # values 'default', 'none' or 'unlimited'.

428. # Default setting is to accept 200 Ranges.

429. #MaxRanges unlimited

430.  

431. #

432. # EnableMMAP and EnableSendfile: On systems that support it,

433. # memory-mapping or the sendfile syscall may be used to deliver

434. # files. This usually improves server performance, but must

435. # be turned off when serving from networked-mounted

436. # filesystems or if support for these functions is otherwise

437. # broken on your system.

438. # Defaults: EnableMMAP On, EnableSendfile Off

439. #

440. #EnableMMAP off

441. #EnableSendfile on

442.  

443. # Supplemental configuration

444. #

445. # The configuration files in the conf/extra/ directory can be

446. # included to add extra features or to modify the default configuration of

447. # the server, or you may simply copy their contents here and change as

448. # necessary.

449.  

450. # Server-pool management (MPM specific)

451. Include conf/extra/httpd-mpm.conf

452. Include conf/extra/httpd-php.conf

453.  

454. # Multi-language error messages

455. #Include conf/extra/httpd-multilang-errordoc.conf

456.  

457. # Fancy directory listings

458. #Include conf/extra/httpd-autoindex.conf

459.  

460. # Language settings

461. #Include conf/extra/httpd-languages.conf

462.  

463. # User home directories

464. #Include conf/extra/httpd-userdir.conf

465.  

466. # Real-time info on requests and configuration

467. #Include conf/extra/httpd-info.conf

468.  

469. # Virtual hosts

470. #Include conf/extra/httpd-vhosts.conf

471.  
472.  

473. # Local access to the Apache HTTP Server Manual

474. #Include conf/extra/httpd-manual.conf

475.  

476. # Distributed authoring and versioning (WebDAV)

477. #Include conf/extra/httpd-dav.conf

478.  

479. # Various default settings

480. #Include conf/extra/httpd-default.conf

481.  

482. # Configure mod_proxy_html to understand HTML4/XHTML1

483. #<IfModule proxy_html_module>

484. #Include conf/extra/proxy-html.conf

485. #</IfModule>

486.  

487. Include conf/vhosts.conf

488.  
489.  
490.  
491.  
492.  

493. # Secure (SSL/TLS) connections

494. #Include conf/extra/httpd-ssl.conf

495. Include conf/extra/weixin-ssl.conf

496.  
497.  

498. #

499. # Note: The following must must be present to support

500. # starting without SSL on platforms with no /dev/random equivalent

501. # but a statically compiled-in mod_ssl.

502. #

503.  

504. SSLSessionCache "shmcb:logs/ssl_scache(512000)"

505. SSLSessionCacheTimeout 300

506.  

507. <IfModule ssl_module>

508. SSLRandomSeed startup builtin

509. SSLRandomSeed connect builtin

510. </IfModule>

511.  

512. # Deal with user agents that deliberately violate open standards

513. #

514. <IfModule setenvif_module>

515. BrowserMatch "MSIE 10.0;" bad_DNT

516. </IfModule>

517. <IfModule headers_module>

518. RequestHeader unset DNT env=bad_DNT

519. </IfModule>

第四步：在D:\phpStudy\Apache\conf\extra创建文件weixin-ssl.conf

第五步：修改文件：weixin-ssl.conf

最后贴出更改后的代码

1. #

2. # This is the Apache server configuration file providing SSL support.

3. # It contains the configuration directives to instruct the server how to

4. # serve pages over an https connection. For detailed information about these

5. # directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>

6. #

7. # Do NOT simply read the instructions in here without understanding

8. # what they do. They're here only as hints or reminders. If you are unsure

9. # consult the online docs. You have been warned.

10. #

11.  

12. #

13. # Pseudo Random Number Generator (PRNG):

14. # Configure one or more sources to seed the PRNG of the SSL library.

15. # The seed data should be of good random quality.

16. # WARNING! On some platforms /dev/random blocks if not enough entropy

17. # is available. This means you then cannot use the /dev/random device

18. # because it would lead to very long connection times (as long as

19. # it requires to make more entropy available). But usually those

20. # platforms additionally provide a /dev/urandom device which doesn't

21. # block. So, if available, use this one instead. Read the mod_ssl User

22. # Manual for more details.

23. #

24. #SSLRandomSeed startup file:/dev/random 512

25. #SSLRandomSeed startup file:/dev/urandom 512

26. #SSLRandomSeed connect file:/dev/random 512

27. #SSLRandomSeed connect file:/dev/urandom 512

28.  
29.  

30. #

31. # When we also provide SSL we have to listen to the

32. # standard HTTP port (see above) and to the HTTPS port

33. #

34. # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two

35. # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"

36. #

37. Listen 443

38.  

39. ##

40. ## SSL Global Context

41. ##

42. ## All SSL configuration in this context applies both to

43. ## the main server and all SSL-enabled virtual hosts.

44. ##

45.  

46. # Pass Phrase Dialog:

47. # Configure the pass phrase gathering process.

48. # The filtering dialog program (`builtin' is a internal

49. # terminal dialog) has to provide the pass phrase on stdout.

50. SSLPassPhraseDialog builtin

51.  

52. # Inter-Process Session Cache:

53. # Configure the SSL Session Cache: First the mechanism

54. # to use and second the expiring timeout (in seconds).

55. #SSLSessionCache "dbm:logs/ssl_scache"

56. SSLSessionCache "shmcb:logs/ssl_scache(512000)"

57. SSLSessionCacheTimeout 300

58.  

59. ##

60. ## SSL Virtual Host Context

61. ##

62.  

63. <VirtualHost _default_:443>

64.  

65. # General setup for the virtual host

66. DocumentRoot "D:\wwwroot\uuuyicms"

67. ServerName weixin.glmljd.com:443

68. ServerAdmin admin@example.com

69. ErrorLog "logs/error.log"

70. TransferLog "logs/access.log"

71.  

72. # SSL Engine Switch:

73. # Enable/Disable SSL for this virtual host.

74. SSLEngine on

75.  

76. # SSL Cipher Suite:

77. # List the ciphers that the client is permitted to negotiate.

78. # See the mod_ssl documentation for a complete list.

79. # Recent OpenSSL snapshots include Elliptic Curve Cryptograhpy (ECC)

80. # cipher suites (see RFC 4492) as part of "ALL". Edit this line

81. # if you need to disable any of those ciphers.

82. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

83.  

84. # Server Certificate:

85. # Point SSLCertificateFile at a PEM encoded certificate. If

86. # the certificate is encrypted, then you will be prompted for a

87. # pass phrase. Note that a kill -HUP will prompt again. Keep

88. # in mind that if you have both an RSA and a DSA certificate you

89. # can configure both in parallel (to also allow the use of DSA

90. # ciphers, etc.)

91. # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)

92. # require an ECC certificate which can also be configured in

93. # parallel.

94. SSLCertificateFile "D:\phpStudy\Apache\conf\ssl\2_weixin.glmljd.com.crt"

95. #SSLCertificateFile "/Apache24/conf/server-dsa.crt"

96. #SSLCertificateFile "/Apache24/conf/server-ecc.crt"

97.  

98. # Server Private Key:

99. # If the key is not combined with the certificate, use this

100. # directive to point at the key file. Keep in mind that if

101. # you've both a RSA and a DSA private key you can configure

102. # both in parallel (to also allow the use of DSA ciphers, etc.)

103. # ECC keys, when in use, can also be configured in parallel

104. SSLCertificateKeyFile "D:\phpStudy\Apache\conf\ssl\3_weixin.glmljd.com.key"

105. #SSLCertificateKeyFile "/Apache24/conf/server-dsa.key"

106. #SSLCertificateKeyFile "/Apache24/conf/server-ecc.key"

107.  

108. # Server Certificate Chain:

109. # Point SSLCertificateChainFile at a file containing the

110. # concatenation of PEM encoded CA certificates which form the

111. # certificate chain for the server certificate. Alternatively

112. # the referenced file can be the same as SSLCertificateFile

113. # when the CA certificates are directly appended to the server

114. # certificate for convenience.

115. SSLCertificateChainFile "D:\phpStudy\Apache\conf\ssl\1_root_bundle.crt"

116.  

117. # Certificate Authority (CA):

118. # Set the CA certificate verification path where to find CA

119. # certificates for client authentication or alternatively one

120. # huge file containing all of them (file must be PEM encoded)

121. # Note: Inside SSLCACertificatePath you need hash symlinks

122. # to point to the certificate files. Use the provided

123. # Makefile to update the hash symlinks after changes.

124. #SSLCACertificatePath "/Apache24/conf/ssl.crt"

125. #SSLCACertificateFile "/Apache24/conf/ssl.crt/ca-bundle.crt"

126.  

127. # Certificate Revocation Lists (CRL):

128. # Set the CA revocation path where to find CA CRLs for client

129. # authentication or alternatively one huge file containing all

130. # of them (file must be PEM encoded)

131. # Note: Inside SSLCARevocationPath you need hash symlinks

132. # to point to the certificate files. Use the provided

133. # Makefile to update the hash symlinks after changes.

134. #SSLCARevocationPath "/Apache24/conf/ssl.crl"

135. #SSLCARevocationFile "/Apache24/conf/ssl.crl/ca-bundle.crl"

136.  

137. # Client Authentication (Type):

138. # Client certificate verification type and depth. Types are

139. # none, optional, require and optional_no_ca. Depth is a

140. # number which specifies how deeply to verify the certificate

141. # issuer chain before deciding the certificate is not valid.

142. #SSLVerifyClient require

143. #SSLVerifyDepth 10

144.  

145. # Access Control:

146. # With SSLRequire you can do per-directory access control based

147. # on arbitrary complex boolean expressions containing server

148. # variable checks and other lookup directives. The syntax is a

149. # mixture between C and Perl. See the mod_ssl documentation

150. # for more details.

151. #<Location />

152. #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \

153. # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \

154. # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \

155. # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \

156. # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \

157. # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

158. #</Location>

159.  

160. # SSL Engine Options:

161. # Set various options for the SSL engine.

162. # o FakeBasicAuth:

163. # Translate the client X.509 into a Basic Authorisation. This means that

164. # the standard Auth/DBMAuth methods can be used for access control. The

165. # user name is the `one line' version of the client's X.509 certificate.

166. # Note that no password is obtained from the user. Every entry in the user

167. # file needs this password: `xxj31ZMTZzkVA'.

168. # o ExportCertData:

169. # This exports two additional environment variables: SSL_CLIENT_CERT and

170. # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the

171. # server (always existing) and the client (only existing when client

172. # authentication is used). This can be used to import the certificates

173. # into CGI scripts.

174. # o StdEnvVars:

175. # This exports the standard SSL/TLS related `SSL_*' environment variables.

176. # Per default this exportation is switched off for performance reasons,

177. # because the extraction step is an expensive operation and is usually

178. # useless for serving static content. So one usually enables the

179. # exportation for CGI and SSI requests only.

180. # o StrictRequire:

181. # This denies access when "SSLRequireSSL" or "SSLRequire" applied even

182. # under a "Satisfy any" situation, i.e. when it applies access is denied

183. # and no other module can change it.

184. # o OptRenegotiate:

185. # This enables optimized SSL connection renegotiation handling when SSL

186. # directives are used in per-directory context.

187. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

188. <FilesMatch "\.(cgi|shtml|phtml|php)$">

189. SSLOptions +StdEnvVars

190. </FilesMatch>

191. <Directory "/Apache24/cgi-bin">

192. SSLOptions +StdEnvVars

193. </Directory>

194.  

195. # SSL Protocol Adjustments:

196. # The safe and default but still SSL/TLS standard compliant shutdown

197. # approach is that mod_ssl sends the close notify alert but doesn't wait for

198. # the close notify alert from client. When you need a different shutdown

199. # approach you can use one of the following variables:

200. # o ssl-unclean-shutdown:

201. # This forces an unclean shutdown when the connection is closed, i.e. no

202. # SSL close notify alert is sent or allowed to be received. This violates

203. # the SSL/TLS standard but is needed for some brain-dead browsers. Use

204. # this when you receive I/O errors because of the standard approach where

205. # mod_ssl sends the close notify alert.

206. # o ssl-accurate-shutdown:

207. # This forces an accurate shutdown when the connection is closed, i.e. a

208. # SSL close notify alert is send and mod_ssl waits for the close notify

209. # alert of the client. This is 100% SSL/TLS standard compliant, but in

210. # practice often causes hanging connections with brain-dead browsers. Use

211. # this only for browsers where you know that their SSL implementation

212. # works correctly.

213. # Notice: Most problems of broken clients are also related to the HTTP

214. # keep-alive facility, so you usually additionally want to disable

215. # keep-alive for those clients, too. Use variable "nokeepalive" for this.

216. # Similarly, one has to force some clients to use HTTP/1.0 to workaround

217. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

218. # "force-response-1.0" for this.

219. BrowserMatch ".*MSIE.*" \

220. nokeepalive ssl-unclean-shutdown \

221. downgrade-1.0 force-response-1.0

222.  

223. # Per-Server Logging:

224. # The home of a custom SSL log file. Use this when you want a

225. # compact non-error SSL logfile on a virtual host basis.

226. CustomLog "logs/ssl_request.log" \

227. "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

228.  

229. </VirtualHost>

然后再重启PHP study即可生效。