http://www.tehuber.com

This is a quickie guide I put together to help you get Apache installed and running with SSL support. (https).

This was written in Nov 2010, urls and versions may have changed.

 

1) Install Apache with OpenSSL from the HTTPD project at apache.org:

Use the Win32 Binary including OpenSSL (MSI Installer):
http://httpd.apache.org/download.cgi#apache22

This part is very easy, just follow the default prompts and change what you know.

You can't really go wrong here.

2) Install the Micrsoft C++ Redistributable (2008 SP1 at the time this was written) .

This is required by the OpenSSL package in the next step.

http://www.microsoft.com/downloads/en/details.aspx?familyid=A5C84275-3B97-4AB7-A40D-3802B2AF5FC2&displaylang=en

3) Install the OpenSSL binary for windows so you can generate your certs.

Download Version 1.0.1a (I chose the full version note the light version) at the time this was written:

http://www.slproweb.com/products/Win32OpenSSL.html

Configure SSL and Apache by Doing the Following:

a) Install to C:\OpenSSL-Win32 when promted

b) Choose "the openssl bin directory" instead of the windows system directory when prompted.

c) After the installation completes, open a command prompt and cd to the C:\OpenSSL-Win32\bin directory the installer just created.

d) run this command to generate a server.csr file: openssl req -new -out server.csr

Follow the prompts and enter the various information requested. 
Enter localhost for everything you are not sure about, especially "Your name".

e) Run the following command to create the private key, you will be prompted for the passphrase you entered in the previous step.

openssl rsa -in privkey.pem -out server.key

d) Finally, create the cert by running:

openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 1095

The cert will be valid for 3 years, (1095 days), change that if you want.

e) Copy the server.cert, server.csr, server.key and privkey.pem to your apache conf folder which contains the ssl config file for apache, on my machine this is at:

C:\Program Files\Apache Software Foundation\Apache2.2\conf\

Rename server.cert to server.crt (Apache default config is set that way).

f) Edit httpd-ssl.conf using a text editor

if you're running Windows 7 you may need to launch Notepad as administrator or it will not let you save. Right click notepad, choose run as administrator.

Edit the DocumentRoot entry, for me it now looks like this:

                DocumentRoot "C:/htdocs"

The distributed httpd-ssl.conf I received when I installed Apache had these as the default values, since we copied the key and cert here, you shouldn't need to change these values, if you didn't copy the files here, change them:

SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"

SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"

g) Save and close the config file

h) Open httpd.conf using Notepad, again if using windows 7, you'll need elevated privs as described in step f) above.

CTRL-F find the line: #LoadModule ssl_module modules/mod_ssl.so

Remove the pound symbol to uncomment this line.

Find the line: #Include conf/extra/httpd-ssl.conf

Uncomment that line as well. Save the changes, close the httpd.conf.

i) Restart Apache, test https://localhost/ in your browser.

You will receive a warning about the certificate, we don't care, accept it.

j) Add the certificate to your trusted certs so the browser warning doesn't bother you all the time:

 

                Google Chrome:

                Click the Preferences Icon (top right of browser), choose Options, scroll down, click Manage Certificates, Click Import, and import the cert from step e), and change the CERT STORE to "Trusted Root Certification Authorities", Next, Accept, done.

                                Firefox:

                                From the menubar go to Tools > Options > Advanced > Encryption > View Certificates

                                Import the certificate, check all the boxes, done.

                                Internet Explorer:

                                This one's the worst, it won't even access the page or say what went wrong on my machine. You may have to fiddle with some of these steps. I don't use IE until testing so I just get by without messing with it.

                                Browse to the site whose certificate you want to trust.

When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."

Select Tools->Internet Options.

Select Security->Trusted sites->Sites.

Confirm the URL matches, and click "Add" then "Close".

Close the "Internet Options" dialog box with either "OK" or "Cancel".

Refresh the current page.

When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."

Click on "Certificate Error" at the right of the address bar and select "View certificates".

Click on "Install Certificate...", then in the wizard, click "Next".

On the next page select "Place all certificates in the following store".

Click "Browse", select "Trusted Root Certification Authorities", and click "OK".

Back in the wizard, click "Next", the "Finish".

If you get a "Security Warning" message box, click "Yes".

Dismiss the message box with "OK".

Select Tools->Internet Options.

Select Security->Trusted sites->Sites.

Select the URL you just added, click "Remove", then "Close".

Now shut down all running instances of IE, and start up IE again.

The site's certificate should now be trusted.