Thursday, March 17, 2011

Apache SSL setup on Windows

Download the software and go through the default installation process. I downloaded the one with openssl -
Win32 Binary including OpenSSL 0.9.8o (MSI Installer)
Start the apache from programs menu.
By default, port 80 works.

To setup SSL, follow these instructions.
1) Uncomment the following lines from httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

2) Edit these lines from extra/httpd-ssl.conf file
 Add NameVirtualHost *:443 under Listen 443
 Modify to <VirtualHost _default_:443> to <VirtualHost *:443>

3) Create self signed certficate using openssl.
Launch openssl from Apache binary folder
a) OpenSSL> req -config c:\openssl.cnf -out c:\myserver.csr -new -newkey rsa:2048 -nodes -keyout c:\myserver-privkey.key
Fill out the required parameters.
b) openssl x509 -req -days 3000 -in c:\myserver.csr -signkey c:\myserver-
privkey.key -out c:\myserver.crt

4) Update httpd-ssl.conf with the correct path for these attributes.
SSLCertificateFile "C:\apachessl\myserver.crt"
SSLCertificateKeyFile "C:\apachessl\myserver-privkey.key"

5) Restart server.

6) Access http://localhost/ https://locahost/
There will be certificate warning because it is self signed.


Common Issues:

Problem
Syntax error on line 56 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a
module not included in the server configuration
Note the errors or messages above, and press the <ESC> key to exit. 

Solution
Uncomment these line from httpd-conf.
LoadModule ssl_module modules/mod_ssl.so

Problem
Unable to load config info from /usr/local/ssl/openssl.cnf
Solution
OpenSSL requires a config file. Refer to step 3a) above to specify "-config c:\apache-conf-folder\openssl.cnf"

Problem
Syntax error on line 63 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes
Note the errors or messages above, and press the <ESC> key to exit. 

Solution
The error message is due to the default installation path which is lengthy
Create a shortcut c:\apache2.2 pointing to C:\Program Files (x86)\Apache Software Foundation\Apache2.2 and update your configuration accordingly.

posted by Jayanthi Krishnamurthy @ 3:23 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home

Newer›  ‹Older