Selasa, 17 April 2012

Here are my notes how I managed to get HTTPS working on Wamp5 in my test environment, meaning my laptop. The credits go to the guys at [www.apache-ssl.org].


OPENSSL_CONF ENVIRONMENT VARIABLE 

Go to Control Panel – System – Advanced – Environment Variables 

Add a new system variable OPENSSL_CONF: 

Variable name: OPENSSL_CONF 
Variable value: c:\wamp\Apache2\conf\openssl.cnf 

Log out and log back in. 

Go to the command prompt and type in: 

set | more 

Make sure you see the following line among the environment variables: 
OPENSSL_CONF=c:\wamp\Apache2\conf\openssl.cnf 


GENERATE KEY 

Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command: 

openssl req -new > webserver.csr 

The command runs and prompts you to enter a PEM pass phrase and verify it. Write down the phrase because you will need it later. 

It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin. 

REMOVE PASSPHRASE 

Run the following command: 

openssl rsa -in privkey.pem -out webserver.key 

You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder. 

CONVERT INTO SIGNED CERTIFICATE 

Run the following command to create a certificate which expires after one year: 

openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365 


STORE CERTIFICATE FILES 

Create a folder c:\wamp\OpenSSL with the following subfolders: 

certs 
crl 
newcerts 
private 

Copy the following files to certs: 

webserver.cert 
webserver.csr 
webserver.key 

Copy the following files to private: 

.rnd 
privkey.pem 
cacert.pem (same as above, just a wild guess) 


MODIFY HTTPD-SSL.CONF 

Change the following lines, adjusting the email address and the paths to your settings: 

SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)" 

SSLMutex default 

# General setup for the virtual host 
DocumentRoot "C:/www/mysecuresite" 
ServerName localhost:443 
ServerAdmin myemail@example.com 
ErrorLog "C:/wamp/logs/mysecuresite_error_log" 
TransferLog "C:/wamp/logs/mysecuresite_access_log" 

SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert" 

SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key" 

SSLCARevocationPath "C:/wamp/OpenSSL/crl" 

<Directory "C:/wamp/Apache2/cgi-bin"> 

CustomLog "C:/wamp/logs/ssl_request_log" \ 
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 



MODIFY OPENSSL.CNF 

There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it. 

Modify the base directory: 

dir = c:/wamp/OpenSSL # Where everything is kept 

Go to the DOS prompt and change the name of the file back to openssl.cnf. 


MODIFY HTTPD.CONF 


Change
#LoadModule ssl_module modules/mod_ssl.so
to
LoadModule ssl_module modules/mod_ssl.so

Last, but not least, make sure your secure site is part of the virtual hosts in Apache: 

# Secure (SSL/TLS) connections 
#Include conf/extra/httpd-ssl.conf 
Include conf/extra/httpd-ssl.conf 


TEST HTTPS 

Run httpd –t and make sure the syntax is OK. 

Restart Apache. 

Check that port 443 is open by running the following in the command prompt: 

netstat -an | more 


Test the https connection from your browser and hopefully it works :-) 



CLIENT CERTIFICATES 

For details on how to generate a client certificate see the instructions at [www.apache-ssl.org
Categories: , ,

0 comments:

Posting Komentar

Subscribe to RSS Feed Follow me on Twitter!