Apache SSL Configuration : How to configure apache for SSL
Apache come with two versions, one for SSL and other for non ssl
So, if you are downloading apache for SSL configuration download in below format naming convention
httpd-2.2.25-win32-x86-openssl-0.9.8y.msiand if you are downloading apache for SSL configuration download in below format naming convention
Download from here
http://httpd.apache.org/download.cgi#apache24
http://www.eng.lsu.edu/mirrors/apache//httpd/binaries/win32/
Installation is straight forward. I have installed at C:\Apache
After installation -
Generate certificate ( private ) key
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>openssl genrsa -des3 -out server.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..................++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
Now, generate the certificate request ( CSR )
sharing the errors i have got during configuration on Windows
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>openssl req -new -key server.key -config " C:\Apache\conf \openssl.cnf" -out server.csr
error on line -1 of C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf \openssl.cnf
2036:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c:126:fopen('C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf \openssl.cnf','rb')
2036:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
2036:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>
if you get above error then, copy openssl.con from conf to bin directory and run again
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>openssl req -new -key server.key -config openssl.cnf -out server.csr
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:webl0gic
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:UP
Locality Name (eg, city) []:Ghaziabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OracleIndiaPvtLtd
Organizational Unit Name (eg, section) []:OnDemand
Common Name (e.g. server FQDN or YOUR name) []:weblogicserveradministration.blogspot.com
Email Address []:mukesh.negi0910@outlook.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:webl0gic
An optional company name []:Oracle
Apache SSL configuration for self signed certificates
Generate the self signed certificate using above generated private key and csr
C:\Apache\bin>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=UP/L=Ghaziabad/O=Oracle/OU=OnDemand/CN=weblogicserveradministration.blogspot.com/emailAddress=mukesh.negi0910@outlook.com
Getting Private key
Enter pass phrase for server.key:
Now make sure to copy your server.key and server.crt files under conf directory.
Now, open httpd.conf file and enable below lines by removing #
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Now, go to conf/extra, open httpd-ssl.conf and make sure below lines enabled, if not enabled by removing #
SSLCertificateFile "C:/Apache/conf/server.crt"
SSLCertificateKeyFile "C:/Apache/conf/server.key"
Now restart apaches and tests as below
https://localhost or https://localhost:443
Default secure port ( in httpd-ssl.cong ) is 443, if you want to change it then update at below locations in httpd-ssl.conf and restart apache
-----------------------------------------------------------
Listen 443
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Apache/htdocs"
ServerName localhost:443
-----------------------------------------------------------
and test as https://localhost:new_port_defined_in_httpd_ssl.conf
Apache SSL configuration for trusted Third Party certificates
Above is the self signed certificate SSl configuration, for third party trusted ssl configuration, send the generated .csr file to the certificate authority and they will send you two certificates, called intermediate( DigiCert will send you DigiCertCA.crt ) and primary certificate ( your_domain.crt) save it under conf directory and update httpd-ssl.conf for below parameters and restart apache.
SSLCertificateFile /path/to/your_domain.crt
SSLCertificateKeyFile /path/to/your_private.key ( which is server.key in our case )
SSLCertificateChainFile /path/to/DigiCertCA.crt ( enable this one also )
No comments:
Post a Comment