The following SSL seems to be working for my Webid WAMP install, so far https://localhost/ http://www.wampserver.com/phorum/read.php?2,28731 Re: HTTPS or SSL - Breaks WAMP Server Posted by: toivo (---.nsw.bigpond.net.au) Date: December 29, 2007 05:34AM Hi, Here are my notes how I managed to get HTTPS working on Wamp5 in my test environment, meaning my laptop. Those of you who know more about the topic are likely to find numerous grey areas, omissions and inaccuracies, but please point them out The credits go to the guys at [www.apache-ssl.org]. OPENSSL_CONF ENVIRONMENT VARIABLE Go to Control Panel – System – Advanced – Environment Variables Add a new system variable OPENSSL_CONF: Variable name: OPENSSL_CONF Variable value: c:\wamp\Apache2\conf\openssl.cnf Log out and log back in. Go to the command prompt and type in: set | more Make sure you see the following line among the environment variables: OPENSSL_CONF=c:\wamp\Apache2\conf\openssl.cnf GENERATE KEY Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command: openssl req -new > webserver.csr The command runs and prompts you to enter a PEM pass phrase and verify it. Write down the phrase because you will need it later. It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin. REMOVE PASSPHRASE Run the following command: openssl rsa -in privkey.pem -out webserver.key You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder. CONVERT INTO SIGNED CERTIFICATE Run the following command to create a certificate which expires after one year: openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365 STORE CERTIFICATE FILES Create a folder c:\wamp\OpenSSL with the following subfolders: certs crl newcerts private Copy the following files to certs: webserver.cert webserver.csr webserver.key Copy the following files to private: .rnd privkey.pem cacert.pem (same as above, just a wild guess) MODIFY HTTPD-SSL.CONF Change the following lines, adjusting the email address and the paths to your settings: SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)" SSLMutex default # General setup for the virtual host DocumentRoot "C:/www/mysecuresite" ServerName localhost:443 ServerAdmin myemail@example.com ErrorLog "C:/wamp/logs/mysecuresite_error_log" TransferLog "C:/wamp/logs/mysecuresite_access_log" SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert" SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key" SSLCARevocationPath "C:/wamp/OpenSSL/crl" <Directory "C:/wamp/Apache2/cgi-bin"> CustomLog "C:/wamp/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" MODIFY OPENSSL.CNF There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it. Modify the base directory: dir = c:/wamp/OpenSSL # Where everything is kept Go to the DOS prompt and change the name of the file back to openssl.cnf. MODIFY HTTPD.CONF Last, but not least, make sure your secure site is part of the virtual hosts in Apache: # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf Include conf/extra/httpd-ssl.conf TEST HTTPS Run httpd –t and make sure the syntax is OK. Restart Apache. Check that port 443 is open by running the following in the command prompt: netstat -an | more Test the https connection from your browser and hopefully it works CLIENT CERTIFICATES For details on how to generate a client certificate see the instructions at [www.apache-ssl.org] Regards, toivo sydney, australia