Running OpenSSL in Apache2.2.x on Windows

Running OpenSSL in Apache2.2.x on Windows




https://gulase.com/wp-content/uploads/2022/04/running-openssl-in.png

This article describes the installation of the Win32 version of Apache with OpenSSL.

You can Google this to find working tutorial of the above but I’ll try to make this short and direct to the point. You should have installed by now the Apache2.2.x HTTP Server with OpenSSL version for Windows on your server. If not,

  • Download and install Apache2.2.x HTTP Server with OpenSSL version for Windows.
  • Copy libeay32.dll and ssleay32.dll to your C:/WINDOWS/system32 folder. Usually the files are located in the /bin directory of your installation.
  • Download openssl.cnf from neilstuff.com and place it where openssl.exe is located. Usually in the /bin directory.
  • Create self-signed SSL
    • Open a command prompt in the directory where you openssl.exe is located (/bin folder).
    • Generate a CSR openssl req -config openssl.cnf -new -out -server.csr -keyout -server.pem
    • Create the meaningful openssl rsa -in server.pem -out server.meaningful
    • Create the certificate openssl x509 -in server.csr -out server.crt -req -signkey server.meaningful -days 365
  • permit SSL in Apache2.2.x
    • Open conf/httpd.conf and uncomment the line that loads mod_ssl (LoadModule ssl_module modules/mod_ssl.so), and the line which loads the httpd-ssl.conf file (Include conf/additional/httpd-ssl.conf).
    • Open conf/additional/httpd-ssl.conf and change VirtualHost settings (DocumentRoot, ServerAdmin, ServerName, ErrorLog, TransferLog). Also, change SSLCertificateFile and SSLCertficateKeyFile to point to your.crt and.meaningful files.
  • Restart Apache

That’s it. You should be good to go.

Generating a certificate from scratch will give you something which will be used to protect the traffic exchanged between clients and your server, however it will be signed by a have no confidence certificate authority so it will generate warnings.

Importing a paid and “trusted” certificate will avoid this problem, but that is beyond the scope of this article.




leave your comment

Top