Configuration Process for Apache HTTPS Mutual Authentication
Caution:
If your domain certificate has expired, follow the instructions below to reconfigure your domain certificate.
This document uses the third-party developer domain name www.example.com
as an example. The following two cases may arise:
The third-party developer already has a certificate issued by an authoritative third party.
The developer prepares the certificate www.example.com.crt
issued by and the private key www.example.com.key
assigned by the authoritative third party for www.example.com
. Note that the certificate must be issued by an authoritative third party, such as Topway or GlobalSign.
Chat provides the developer backend with a CA certificate TencentQQAuthCA.crt, which is used to verify the certificate of the requesting party (Chat). Perform configuration by referring to the Reference for Apache HTTPS Mutual Authentication Configuration below.
The third-party developer sends an application to Chat, requesting Chat to issue a certificate for its domain name.
Caution:
When you register a domain, follow the rules below:
Use English letters (a-z, case-insensitive), digits (0-9), and hyphen -
only.
Do not use spaces and special characters such as !
, $
, &
, and ?
.
Hyphen -
cannot appear consecutively, be registered independently, or be placed at the beginning or end.
The length of the domain cannot exceed 63 characters.
Chat issues the certificate www.example.com.crt
and assigns the private key www.example.com.key
to the developer with the domain name www.example.com
. The developer can download the certificate from the console. Chat provides the developer backend with a CA certificate TencentQQAuthCA.crt, which is used to verify the certificate of the requesting party (Chat). Perform configuration by referring to the Reference for Apache HTTPS Mutual Authentication Configuration below.
Reference for Apache HTTPS Mutual Authentication Configuration
1. Copy www.example.com.crt
, www.example.com.key
, and TencentQQAuthCA.crt
to the conf
folder under the Apache installation directory.
2. Modify the httpd.conf
file. The reference configuration is as follows:
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/example.com.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/example.com.key"
SSLCACertificateFile "/usr/local/apache2/conf/TencentQQAuthCA.crt"
SSLVerifyClient require
Was this page helpful?