Here are my notes how I managed to get HTTPS working on Wamp5 in my test environment, meaning my laptop. The credits go to the guys at [www.apache-ssl.org].
OPENSSL_CONF ENVIRONMENT VARIABLE
Go to Control Panel – System – Advanced – Environment Variables
Add a new system variable OPENSSL_CONF:
Variable name: OPENSSL_CONF
Variable value: c:\wamp\Apache2\conf\openssl.cnf
Log out and log back in.
Go to the command prompt and type in:
set | more
Make sure you see the following line among the environment variables:
OPENSSL_CONF=c:\wamp\Apache2\conf\openssl.cnf
GENERATE KEY
Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command:
openssl req -new > webserver.csr
The command runs and prompts you to enter a PEM pass phrase and verify it. Write down the phrase because you will need it later.
It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin.
REMOVE PASSPHRASE
Run the following command:
openssl rsa -in privkey.pem -out webserver.key
You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder.
CONVERT INTO SIGNED CERTIFICATE
Run the following command to create a certificate which expires after one year:
openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365
STORE CERTIFICATE FILES
Create a folder c:\wamp\OpenSSL with the following subfolders:
certs
crl
newcerts
private
Copy the following files to certs:
webserver.cert
webserver.csr
webserver.key
Copy the following files to private:
.rnd
privkey.pem
cacert.pem (same as above, just a wild guess)
MODIFY HTTPD-SSL.CONF
Change the following lines, adjusting the email address and the paths to your settings:
SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)"
SSLMutex default
# General setup for the virtual host
DocumentRoot "C:/www/mysecuresite"
ServerName localhost:443
ServerAdmin myemail@example.com
ErrorLog "C:/wamp/logs/mysecuresite_error_log"
TransferLog "C:/wamp/logs/mysecuresite_access_log"
SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert"
SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key"
SSLCARevocationPath "C:/wamp/OpenSSL/crl"
<Directory "C:/wamp/Apache2/cgi-bin">
CustomLog "C:/wamp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
MODIFY OPENSSL.CNF
There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it.
Modify the base directory:
dir = c:/wamp/OpenSSL # Where everything is kept
Go to the DOS prompt and change the name of the file back to openssl.cnf.
MODIFY HTTPD.CONF
Last, but not least, make sure your secure site is part of the virtual hosts in Apache:
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf
TEST HTTPS
Run httpd –t and make sure the syntax is OK.
Restart Apache.
Check that port 443 is open by running the following in the command prompt:
netstat -an | more
Test the https connection from your browser and hopefully it works :-)
CLIENT CERTIFICATES
For details on how to generate a client certificate see the instructions at [www.apache-ssl.org]
OPENSSL_CONF ENVIRONMENT VARIABLE
Go to Control Panel – System – Advanced – Environment Variables
Add a new system variable OPENSSL_CONF:
Variable name: OPENSSL_CONF
Variable value: c:\wamp\Apache2\conf\openssl.cnf
Log out and log back in.
Go to the command prompt and type in:
set | more
Make sure you see the following line among the environment variables:
OPENSSL_CONF=c:\wamp\Apache2\conf\openssl.cnf
GENERATE KEY
Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command:
openssl req -new > webserver.csr
The command runs and prompts you to enter a PEM pass phrase and verify it. Write down the phrase because you will need it later.
It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin.
REMOVE PASSPHRASE
Run the following command:
openssl rsa -in privkey.pem -out webserver.key
You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder.
CONVERT INTO SIGNED CERTIFICATE
Run the following command to create a certificate which expires after one year:
openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365
STORE CERTIFICATE FILES
Create a folder c:\wamp\OpenSSL with the following subfolders:
certs
crl
newcerts
private
Copy the following files to certs:
webserver.cert
webserver.csr
webserver.key
Copy the following files to private:
.rnd
privkey.pem
cacert.pem (same as above, just a wild guess)
MODIFY HTTPD-SSL.CONF
Change the following lines, adjusting the email address and the paths to your settings:
SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)"
SSLMutex default
# General setup for the virtual host
DocumentRoot "C:/www/mysecuresite"
ServerName localhost:443
ServerAdmin myemail@example.com
ErrorLog "C:/wamp/logs/mysecuresite_error_log"
TransferLog "C:/wamp/logs/mysecuresite_access_log"
SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert"
SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key"
SSLCARevocationPath "C:/wamp/OpenSSL/crl"
<Directory "C:/wamp/Apache2/cgi-bin">
CustomLog "C:/wamp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
MODIFY OPENSSL.CNF
There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it.
Modify the base directory:
dir = c:/wamp/OpenSSL # Where everything is kept
Go to the DOS prompt and change the name of the file back to openssl.cnf.
MODIFY HTTPD.CONF
Change
#LoadModule ssl_module modules/mod_ssl.so
to
LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf
TEST HTTPS
Run httpd –t and make sure the syntax is OK.
Restart Apache.
Check that port 443 is open by running the following in the command prompt:
netstat -an | more
Test the https connection from your browser and hopefully it works :-)
CLIENT CERTIFICATES
For details on how to generate a client certificate see the instructions at [www.apache-ssl.org]
0 comments:
Posting Komentar