Drupal website specialists.

Enabling and configuring SSL for Apache 2.2 under Windows WAMP server 2

Posted 20/July/2008 by neubreed

WAMP Server 2.0 comes with openssl so we need to create a self signing SSL certificate first before we touch WAMP

First you need a DOS box and to locate your openssl.exe. Mine is located here:

C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\openssl.exe
 
Jump into that directory
 
cd c:\\wamp\\bin\\apache\\apache2.2.6\\bin

Generate a Private Key and CSR

First you need to generate an RSA Private Key and Certificate Signing Request (CSR)

openssl genrsa -des3 -out myserver.key 1024

This command will ask you to enter a pass phrase. Enter and confirm it

Next, we need to remove the pas phrase from the key to that the server does pause to request it.. which would be a bit annoying !

openssl rsa -in myserver.key -out myserver.pem

Now that we've created the private key, we need to generate the CSR like so:

openssl req -new -key myserver.key -out myserver.csr

If you get errors about a missing conf file you can add the following option:

-config c:\\wamp\\bin\\apache\\apache2.2.6\\conf\\openssl.cnf

Here's how the above process will look like

C:\\wamp\\bin\\apache\\apache2.2.6\\bin>openssl req -new -key myserver.key -out myserver.csr
Enter pass phrase for myserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:NSW
Locality Name (eg, city) []:Crows Nest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Neubreed Design Pty Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:neubreed.localhost
Email Address []:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

NOTE: make sure "Common Name (eg, YOUR name)" is your host name for the VirtualHost eg . mylocalhost

Generating a Self-Signed Certificate

To generate a temporary certificate which is good for 365 days, use the following command:

openssl x509 -req -days 365 -in myserver.csr -signkey myserver.key -out myserver.crt 

Create an directory under: C:\\wamp\\bin\\apache\\apache2.2.6\\conf\\ssl and move the myserver.key and myserver.cert into it.

Configure Apache to use SSL

Edit the http.conf file via WAMPs menu or directly here: C:\\wamp\\bin\\apache\\apache2.2.6\\conf\\httpd.cnf

Locate the line

Listen 80

And make it also listem on the standard ssl port 443

Listen 80
Listen 443

Now create a new virtual host like so (in addition to any normal port 80 entries):

This has a complete symfony setup up too FYI

<VirtualHost *:443>
  ServerName neubreed.localhost
  DocumentRoot "/home/neubreed/web"
  DirectoryIndex index.php
 
  Alias /sf c:\\wamp\\bin\\php\\php5.2.5/PEAR/data/symfony/web/sf
  <Directory "c:\\wamp\\bin\\php\\php5.2.5\\PEAR/data/symfony/web/sf">
    AllowOverride All
    Allow from All
  </Directory>
 
  <Directory "/home/neubreed/web">
    AllowOverride All
    Allow from All
  </Directory>
  # These are the actual SSL directives needed to get it all working!
  SSLEngine on
  SSLCertificateFile C:/wamp/bin/apache/apache2.2.6/conf/ssl/myserver.crt
  SSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.6/conf/ssl/myserver.pem
</VirtualHost>

Finally click the WAMP Systray icon and navigate to the apache modules menu and make sure there's a tick next to ssl_module

This will enable the line below in httpd.conf

LoadModule ssl_module modules/mod_ssl.so

Apache will restart and you should be able to browse to https://yourlocalhost

Post replies if you get stuck!

Comments

Submitted by Anonymous (not verified) on
Comment: 

Hello Ryan, Congratulations for your post !
It work's very well for me.

Thank you.

Submitted by Ezequiel Moraes... (not verified) on
Comment: 

Hello Ryan, Congratulations for your post !
It work's very well for me.

Thank you.

Submitted by Zulfadly (not verified) on
Comment: 

Where do you add the Virtual:443

Submitted by Anas Ali (not verified) on
Comment: 

plz.. tell me
hwo can i make a virtual host...
i cant understand..
guide me..
urgently thanks

Comment: 

Hi,

Thanks for the informative tutorial.

I can't find openssl.conf (or cnf) in my wamp installation. I tried reinstalling, but its not there. I couldn't locate the file on internet too. Any idea where to get it from?

Though I strongly feel that with so much to do for enabling ssl, I think it should be automated with some tool or probably made a part of wamp installation as an option. Do you know of any such tool or option?

Thanks,
Mukesh

Submitted by Umer (not verified) on
Comment: 

Hi
It is not working...
certificate is generated. But i think these lines are getting problem:

ServerName neubreed.localhost
DocumentRoot "/home/neubreed/web"
DirectoryIndex index.php

Alias /sf c:\\wamp\\bin\\php\\php5.2.5/PEAR/data/symfony/web/sf

AllowOverride All
Allow from All

AllowOverride All
Allow from All

# These are the actual SSL directives needed to get it all working!
SSLEngine on
SSLCertificateFile C:/wamp/bin/apache/apache2.2.6/conf/ssl/myserver.crt
SSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.6/conf/ssl/myserver.pem

please can u explain these
thank u.

Comment: 

I managed to locate openssl.conf by downloading something called wampssl from http://downloads.jlbn.net/WampSSL.html . I got the reference from http://www.wampserver.com/phorum/read.php?2,32986,printview,page=5

Maybe you can have a thing or two about this in your tutorial.

Also, after this my agony was not over. My Apache won't start with following error:
Init: SSLPassPhraseDialog builtin is not supported on Win32

I found solution for this on http://www.entrust.net/knowledge-base/technote.cfm?tn=6558

Even now my pains were not over. When I entered https://localhost in my browser it complained something like certificate is not correct or some such. But then it gave me an option to add an exception so I did. Not sure if that was right thing to do.

But now I am getting a "Forbidden" error. "You don't have permissions to access index.php on this server".

I am tired now. Please enlighten me if you know of any solution to this problem.

I hate these tech things. Nothing goes right in one shot.

Submitted by kivikall (not verified) on
Comment: 

It was really good until the last part. Why everybody always end up a little too early. Like, you don't explain at all about virtual hosts. And are you sure this is right SSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.6/conf/ssl/myserver.pem? Doesn't have to be .key file instead of .pem? I'm confused. Please next time pay attention to little things like that. This could have been a really good if it would have been ended up with care. Anyway you helped me alot to go forward but I still have to keep searching how to set up virtual hosts.

Submitted by Jacques (not verified) on
Comment: 

Hi Ryan
I'm battling with this.
I go with dos to the bin directory where openssl.exe is located.
I type in the command "openssl genrsa -des3 -out myserver.key 1024"
But it then errors out with the following.
4240:error:02001015:system library:fopen:Is a directory:.crypto\bio\bss_file.c:126:fopen('d:/test/openssl1098kvc6/openssl.cnf','rb')
and another long 4240: error

I've never done it before so would like some help with this please.
I can follow your steps but need to get pass this error.
Jacques

Submitted by Joe (not verified) on
Comment: 

Worked great. Thanks for that. Only problem I had was Skype listening on port 443 so had to close Skype to get apache running.