https SSL Under WAMP

Discussion in 'Install/Upgrade Support' started by chrism, May 2, 2009.

  1. chrism

    chrism New Member

    Joined:
    Apr 27, 2009
    Messages:
    21
    Likes Received:
    0
    The following SSL seems to be working for my Webid WAMP install, so far ;)

    https://localhost/

    http://www.wampserver.com/phorum/read.php?2,28731
    Re: HTTPS or SSL - Breaks WAMP Server
    Posted by: toivo (---.nsw.bigpond.net.au)
    Date: December 29, 2007 05:34AM

    Hi,

    Here are my notes how I managed to get HTTPS working on Wamp5 in my test environment, meaning my laptop. Those of you who know more about the topic are likely to find numerous grey areas, omissions and inaccuracies, but please point them out :) The credits go to the guys at [www.apache-ssl.org].

    OPENSSL_CONF ENVIRONMENT VARIABLE

    Go to Control Panel – System – Advanced – Environment Variables

    Add a new system variable OPENSSL_CONF:

    Variable name: OPENSSL_CONF
    Variable value: c:\wamp\Apache2\conf\openssl.cnf

    Log out and log back in.

    Go to the command prompt and type in:

    set | more

    Make sure you see the following line among the environment variables:
    OPENSSL_CONF=c:\wamp\Apache2\conf\openssl.cnf


    GENERATE KEY

    Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command:

    openssl req -new > webserver.csr

    The command runs and prompts you to enter a PEM pass phrase and verify it. Write down the phrase because you will need it later.

    It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin.

    REMOVE PASSPHRASE

    Run the following command:

    openssl rsa -in privkey.pem -out webserver.key

    You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder.

    CONVERT INTO SIGNED CERTIFICATE

    Run the following command to create a certificate which expires after one year:

    openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365


    STORE CERTIFICATE FILES

    Create a folder c:\wamp\OpenSSL with the following subfolders:

    certs
    crl
    newcerts
    private

    Copy the following files to certs:

    webserver.cert
    webserver.csr
    webserver.key

    Copy the following files to private:

    .rnd
    privkey.pem
    cacert.pem (same as above, just a wild guess)


    MODIFY HTTPD-SSL.CONF

    Change the following lines, adjusting the email address and the paths to your settings:

    SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)"

    SSLMutex default

    # General setup for the virtual host
    DocumentRoot "C:/www/mysecuresite"
    ServerName localhost:443
    ServerAdmin myemail@example.com
    ErrorLog "C:/wamp/logs/mysecuresite_error_log"
    TransferLog "C:/wamp/logs/mysecuresite_access_log"

    SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert"

    SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key"

    SSLCARevocationPath "C:/wamp/OpenSSL/crl"

    <Directory "C:/wamp/Apache2/cgi-bin">

    CustomLog "C:/wamp/logs/ssl_request_log" \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



    MODIFY OPENSSL.CNF

    There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it.

    Modify the base directory:

    dir = c:/wamp/OpenSSL # Where everything is kept

    Go to the DOS prompt and change the name of the file back to openssl.cnf.


    MODIFY HTTPD.CONF

    Last, but not least, make sure your secure site is part of the virtual hosts in Apache:

    # Secure (SSL/TLS) connections
    #Include conf/extra/httpd-ssl.conf
    Include conf/extra/httpd-ssl.conf


    TEST HTTPS

    Run httpd –t and make sure the syntax is OK.

    Restart Apache.

    Check that port 443 is open by running the following in the command prompt:

    netstat -an | more


    Test the https connection from your browser and hopefully it works :)



    CLIENT CERTIFICATES

    For details on how to generate a client certificate see the instructions at [www.apache-ssl.org]



    Regards,

    toivo
    sydney, australia
     

Share This Page