Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Aapche + SSL 1

Status
Not open for further replies.
vidz

vidz

Programmer
Jul 25, 2006
10
US
Hi,

I currently have Apache 2.2.4 running on Windows XP Pro. I want to enable SSL on Apache. I did some search on the net and came across few links. But still confused on how to do it. Can somebody suggest a link which gives the detailed steps for enabling ssl on Apache? Do i need to compile Apache as given in this link
Thanks in advance,
Vidya
 
Sort by date Sort by votes
Apache should come out of the box ready for ssl. I don't know how apache gets setup on Windows but there should be a file named ssl.conf with a sample ssl enabled vhost container. Your real container will not have <VirtualHost _default_:443> It will have <VirtualHost 192.168.1.20:443> however, you'd use your actual ip address. The certs for your specific domain would go inside this vhost container. Any time you edit httpd.conf or any other of its *.conf files, you will need to restart apache.
 
Upvote 0 Downvote
Thanks for responding. After going through few more links this is what i found. "Apache Software Foundation makes a point in not offering the compiled binaries for the SSL module, due to the export regulations for cryptographic software from USA. Don't ask for binaries if they will not be available at the currently indicated locations. Various ISVs provide free binaries for this module in various projects such as NuSphere Technology Platform, Apache-SSL etc"(ref -> So i downloaded httpd-2.2.4-win32-x86-ssl.zip from Made few changes in conf/httpd.conf and conf/extras/httpd-ssl.conf and it works now using SSL. If i use the apache_2.2.4-win32-x86-no_ssl.msi downloaded from apache.org i have to compile the src to support mod_ssl. I am not sure if i have understtod this properly. Please let me know your comments.

Thanks in advance
Vidya
 
Upvote 0 Downvote
Vidz wrote: So i downloaded httpd-2.2.4-win32-x86-ssl.zip from Made few changes in conf/httpd.conf and conf/extras/httpd-ssl.conf and it works now using SSL. If i use the apache_2.2.4-win32-x86-no_ssl.msi downloaded from apache.org i have to compile the src to support mod_ssl. I am not sure if i have understtod this properly.

Would you tell me how you set up ssl with Apache 2.2.4 on Windows XP ? I have the Apache 2.2.4 no ssl version installed and the procedure to install ssl is too confusing to me. I would appreciate a detailed, step-by-step instruction of how you did it without breaking the Apache's configuration setups as I have in my existing Apache version. Thanks in advance.
xvman
 
Upvote 0 Downvote
The Win32 Binary (MSI Installer): apache_2.2.4-win32-x86-no_ssl.msi that you download from does not provide mod_ssl support based on OpenSSL. Apache Software Foundation does not offer the compiled binaries for the SSL module, due to the export regulations for cryptographic software from USA. Various ISVs provide free binaries for this module in various projects such as Apache-SSL etc.

For Windows, the precompiled module can be downloaded from (where you will find Apache 2.2.4 binaries with the corresponding mod_ssl.so module versions included), while binaries for Linux are included in the major Linux distributions.

You can also compile Apache with mod_ssl support for windows by following the instructions given in any of these sites.


1. Installation of Apache 2.2.4

Download httpd-2.2.4-win32-x86-ssl.zip from Apache 2.2.4 with openssl 0.9.8d and zlib 1.2.3, Starting with 2.2.4 is built with Visual Studio® 2005 Service Pack 1. Be sure to install the new Visual C++ 2005 Redistributable Package, see below.

Installation:
- You must first install the Visual C++ 2005 Redistributable Package (the binary is build with VC 2005 SP1).

- Download it from: and install.

- Unzip the apache2 folder to c:\Apache2 (that is the server root in the config)

Refer the “Read Me First.txt” in httpd-2.2.4-win32-x86-ssl.zip for more information.


2. Creating a test certificate

1. Copy openssl.cnf from $APACHE_HOME\conf folder to $APACHE_HOME\bin folder.

2. Run $APACHE_HOME\bin\openssl.exe


Openssl> req -config openssl.cnf -new -out my-server.csr

This creates a certificate signing request and a private key. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server. The certificate belongs to this server name and browsers complain if the name doesn't match.

Openssl> rsa -in privkey.pem -out my-server.key

This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

Openssl> x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365

This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.


3. Copy my-server.cert and my-server.key to $APACHE_HOME\conf folder

Changes in $APACHE_HOME\conf\httpd.conf

4. In conf\httpd.conf uncomment these lines
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

5. Change Servername from localhost to registered DNS name
ServerName localhost:80

Changes in $APACHE_HOME\conf\extra\httpd-ssl.conf

6. Change ServerName to registered DNS name:443
ServerName :443

7. Modify SSLCertificateFile path to point to $APACHE_HOME\conf\my-server.cert

8. Modify SSLCertificateKeyFile path to point to $APACHE_HOME\conf\my-server.key

9. To test if the syntax of the config (ie httpd.conf and httpd-ssl.conf)files are proper
in command prompt go to $APACHE_HOME\bin\ and type http –t. It should return
“Syntax Ok”


Testing if Apache is SSL enabled

10. Stop and restart Apache

11. Try the url An alert message will popup since the certificate you are using is not generated
by a trusted CA. Select “yes” and you will be redirected to the page secured by
SSL.

Refer these links for more details on creating test certificates
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhaberman
  • Locked
  • Question
SSL_ERROR_NO_CYPHER_OVERLAP
Replies
2
Views
132
ChrisHirst
ChrisHirst
sniper57
  • Locked
  • Question
Mutual SSL with AD authorization
Replies
0
Views
60
sniper57
sniper57
kumar2222
  • Locked
  • Question
VirtualHost SSL
Replies
3
Views
73
Noway2
Noway2
kristo5747
  • Locked
  • Question
Does FTP have Auth SSL option?
Replies
5
Views
96
tphethai
tphethai
Riddleonto
  • Locked
  • Question
SSL certificate Question
Replies
3
Views
81
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top