|
|
Rubayat Hasan
Software Development, Music, Web Design, life, thoughts…
- Home
- Portfolio
- Projects
- Contact
- Categories
http://rubayathasan.com/wp-content/themes/modified-elegant-grunge/images/rss-t.png
APR22010Setting up Apache HTTPS/SSL on Windows
by Rubayat
posted in Tutorial
I am assuming that you already have Apache2 installed and working on a Windows server.
For SSL/HTTPS to work you need to download and setup the Win32 Binary including OpenSSL "httpd/apache_x.x.x-win32-x86-openssl-x.x.x.msi" on your Windows server.
If you now have regular HTTP server working follow the guide below to setup HTTPS.
Setting up HTTPS on a Windows Server:
- Creating a self-signed SSL Certificate using OpenSSL:
Open the command prompt and cd to your Apache installations "bin" directory. Usually it would be:
cd "C:\Program Files\Apache Software Foundation\Apache2.2\bin"
To create the SSL certificate we will need the openssl.cnf files location but the default location set by OpenSSL for this file is setup according to a Linux distribution, so we need to fix it for Windows.
We need to setup the Windows environment variable OPENSSL_CONF to point to the openssl.cnf files location. It is usually located in "C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf" directory.
So we can set it up by the following command or through the GUI interface:
set OPENSSL_CONF=C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf
All files generated from the following commands will reside in "C:\Program Files\Apache Software Foundation\Apache2.2\bin" folder.
Now that we have the environment variable set we need to create a new OpenSSL certificate request using the following command:
openssl req -new -out server.csr
It will ask you some questions and you can safely ignore them and just answer the following questions:
PEM pass phrase: Password associated with the private key you’regenerating (anything of your choice).
Common Name: The fully-qualified domain name associated with this certificate (i.e. www.your-domain.com).
Now we need to remove the passphrase from the private key. The file"server.key" created from the following command should be only readable by the apache server and the administrator. You should also delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
openssl rsa -in privkey.pem -out server.key
Now we need to set up an expiry date, it could be any time of your choice, we use 365 days below:
openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 365
We have the Self-signed SSL certificates ready now. Now We need to MOVE the "server.cert" and "server.key" file to the
"C:\Program Files\Apache Software Foundation\Apache2.2\conf" location.
- Configuring Apache to run SSL/HTTPS server:
Now that we have the Self-signed SSL certificate ready, all we need is to configure Apache to start the SSL server.
First we modify the "C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf" file.
Open up conf\httpd.conf in a text editor and look for the line:
LoadModule ssl_module modules/mod_ssl.so and remove any pound sign (#) characters preceding it.
Include conf/extra/httpd-ssl.conf and remove any pound sign (#) characters preceding it.
Now we need to modify the "C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-ssl.conf". Let all the default options as it is but make sure to modify the following section according to your need:
ServerAdmin some@email.com
DocumentRoot "Your Root folder location"
ServerName www.domain.com:443
ServerAlias domain.com:443
ErrorLog "logs/anyFile-error.log"
CustomLog "logs/anyFile-access.log" common
SSLEngine on
SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.cert"
SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.
For better organizing you can also put the whole section in the "C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-vhosts.conf" along with your other Virtual Host settings there but you need to uncomment “Include conf/extra/httpd-vhosts.conf” in your conf\httpd.conf file to use that.
- Opening SSL/HTTPS port on Windows:
Now we need to open an exception in Windows Firewall for TCP port 443. You can do that by going to “Windows Firewall” settings in Control Panel and adding a port in the exception section.
Well that was long and painful but but now Restart the server and everything should work fine.
Please feel free to leave comments if this guide helped.
Create Self-Signed CertificateC
Related posts:
- Guide to Running Apache on Windows or Ubuntu - After using IIS for almost 4 years now, I have...
Leave a Comment
tags: Apache, HTTPS, OpenSSL, SSL, SSL Certificate
23 Responses to “Setting up Apache HTTPS/SSL on Windows”
http://1.gravatar.com/avatar/57873dc6f7145265d312ecf205ee1af1?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GFirdi Says:
December 18th, 2011 at 12:39 pm
hi,
please change:
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
instead
openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 365
Reply
Briefly summary of deploying apache2.2.21 with OPENSSL « Who's William? Says:
December 9th, 2011 at 12:16 am
[...] reference: http://rubayathasan.com/tutorial/apache-ssl-on-windows/?replytocom=46419#respond [...]
Reply
http://1.gravatar.com/avatar/95cf764b956547ba655d26c35f2e5755?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GPreston Says:
August 18th, 2011 at 1:42 pm
Really good guide. Thank you very much for posting this.
Reply
http://0.gravatar.com/avatar/60452ad42ac45661fca85ded2b0415b4?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gofem Says:
August 11th, 2011 at 3:40 am
where are the files located after this guide ? can’t find them.
Reply
http://1.gravatar.com/avatar/77864601526fc73452f5c7f942ac4ff4?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gjack Says:
July 28th, 2011 at 7:01 am
Today I have downloadedhttp://www.fightrice.com/mirrors/apache//httpd/binaries/win32/httpd-2.2.19-win32-x86-openssl-0.9.8r.msi file on Windows 2008 RC2 64-bit. Installed the file and Apache default web page on http is working fine.
Configuring all this settings and starting Apache Windows service and I get error: “Windows could not start the Apache2.2 on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1.”
I have looked into System Event Log and there is message: “The Apache2.2 service terminated with service-specific error Incorrect function.”
I have looked at Apache \log\ folder and there are no files in this folder (I have deleted all files from this log folder before starting Apache).
Any idea what could be wrong?
Reply
http://1.gravatar.com/avatar/34ad9289d30c35d83629b86e45ab5c42?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GOlivier Says:
July 5th, 2011 at 3:56 am
Great tutorial. But I had to replace :
SSLCertificateFile “F:/Bin/Apache Software Foundation/Apache2.2/conf/server.crt”
by :
SSLCertificateFile “F:/Bin/Apache Software Foundation/Apache2.2/conf/server.cert”
(.cert instead of .crt) in httpd-ssl.conf to make it work.
Reply
http://0.gravatar.com/avatar/0e002d0b5b357bc23273df1a6590a042?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GEugen Says:
July 1st, 2011 at 5:17 am
Many Thanks,
Your doku is very precise.
Only one detail:
In conf/extra/httpd-ssl.conf we have SSLMutex to sat to default like beneath.
SSLMutex default
Reply
http://1.gravatar.com/avatar/365bbf2e87325ee5c1a09081fe7403d8?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GRAJAT SHUVRA ROY Says:
June 15th, 2011 at 2:38 am
thnx a lot 4 ur kind info but the command “C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf” is not working…the command is saying that… the path is wrong..
Reply
http://1.gravatar.com/avatar/365bbf2e87325ee5c1a09081fe7403d8?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GRAJAT SHUVRA ROY Says:
June 15th, 2011 at 2:23 am
really,i was much confused before ur suggestion…thnx u.
Reply
http://0.gravatar.com/avatar/044d387dd5e8e8852f5fc2c8a43bde0a?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gmjb Says:
May 26th, 2011 at 2:23 pm
Be aware on Win 64, you must uncomment the OTHER SSLSessionCache for things to work. The default SSLSessionCache setting will fail with a spurious “values must be > 8192)”
Reply
http://1.gravatar.com/avatar/780015e2e2301d614aa612a913c0bbbb?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GDavid Says:
May 12th, 2011 at 7:27 am
Hi
Thanks a lot for the help on this especially on pointing to the openssl.cnf in command prompt.
I still have a big problem, after doing all this, I restart my server and it says: “The requested operation has failed”. Do note that Iinstalled the following file for Apache: httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.
What can be the problem?
Reply
http://1.gravatar.com/avatar/9b1a5632ba9b7c2053902c1745f588f1?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GDeb Z Says:
May 10th, 2011 at 3:24 pm
It’s been a bit of time, yet still your directions are great. I’ve just downloaded the WampServer, and was having the error “ordinal 924 could not be located in the dynamic link library LIBEAY32.dll” when trying to general the new certificate request. I replace the openssl.exe, libeay32.dll, and ssleay32.dll from an older version of PHP (i.e., version 5.2.17-Win32), and the command “magically” worked. (Think it may have to do with the setup -or lack thereof – of my machine.) From there on, it was clear sailing.
Reply
http://1.gravatar.com/avatar/b8ea8f28fc1c9b3ee7fefd2aeb20a7d1?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gmnutsch Says:
March 3rd, 2011 at 12:20 am
Rubayat,
This tutorial was immensely helpful. Thank you for writing it.
Reply
http://0.gravatar.com/avatar/e79caff7f7b07f0654887792be7654b7?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gpranav Says:
January 31st, 2011 at 2:12 pm
Great article! Thanks!
Reply
http://1.gravatar.com/avatar/30a649cff3d7e800f666bc3a7c191c1a?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Glwpro2 Says:
October 25th, 2010 at 1:19 am
instead of
“set OPENSSL_CONF=C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf”,
we can specify the configuration file location by using “openssl req –config openssl.conf –new –out ./sss/blarg.csr –keyout ./ssl/blarg.pem”.
and all is about generating certificate file and config httpd.conf to load the module and know where is the certificate. cheers.
Reply
http://0.gravatar.com/avatar/cf98a4b84699ef7d525ae96d9d92722b?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GYC Says:
October 9th, 2010 at 6:39 pm
Hi Rubayat…
I have a question here…. About the openssl.cnf file. We need to change all the directories in that file manually if we implement it in Windows?
Reply
http://0.gravatar.com/avatar/ae5b7747bce2040147d06537503a78b3?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=Gnanda Says:
October 6th, 2010 at 10:18 pm
what i’ve missed?
after follow the steps, and i restart the apache
then i open http://www.my-website.com is still doing nothing!, only ‘the page cannot display’
please help me
Reply
http://1.gravatar.com/avatar/12a1623f22ef4eec2da37b32549cb0ee?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GPris Says:
June 13th, 2010 at 5:51 pm
Thank you so much for getting me back on track. I think it was removing the passphrase that tripped me up!
Reply
http://1.gravatar.com/avatar/b305aa292b5de4c392c35e7c7118f4c9?s=40&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GAnshul Says:
April 29th, 2010 at 7:08 pm
Hi Rubiyat,
Is it possible to specify 2 server certificates for within tag. The server certificate on my proxy server is expiring and before it expires i need to install a new certificate. I was wondering whether it was possible to have 2 certificates for the same ip address and domain specified in the vHosts configuration.
Any help in this regard would be greatly appreciated.
Reply
http://0.gravatar.com/avatar/6daf37b4d5e6943fb9df6f5f3053054f?s=40&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D40&r=GRobert Says:
April 19th, 2010 at 7:28 pm
Great guide, Rubayat!
Reply
Leave a Reply
Name (required)
Mail (will not be published) (required)
Website
Click the "Preview" button to preview your comment here.
This entry was posted on Friday, April 2nd, 2010 at 11:44 pmand is filed under Tutorial. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
- Popular Posts
- Enabling Line Break “” in Wordpress
- Setting up Apache HTTPS/SSL on Windows
- iPhone - Manually Backup SMS, Notes, Pictures, Video, MxTube Folder
- Clearing NetBT in XP to Repair Network Connection
- 98 Dodge Caravan Dash Light Blinking/Flashing
- Topics
Ad Integration Apachebackup bicycling cars CourseCricket csc321 dodge caravan driving Evelyn Glennie fav-vdos iisinfolinks iphone kernelLaptop Lecture MovieMusic NetBT Network Repair neural networks Newsnotes osx86 permalinkphotoblog picPostRogers safari park SA vs AUSservlet sms South Africa Cricket Star Trek stuntstomcat UofT winterWordpressWordpress PluginWordpress Theme XP zee avi
Subscribe RSS
Categories
- Apps (2)
- Blog (5)
- Course (1)
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-7-31 12:29:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡