Tuesday, May 18, 2010

WAMP SERVER 2 (https SSL configuration)

#Let’s assume that your wamp's version is 2.0h and is installed on drive C:
STEP1 . ADDING AN ENVIRONMENT VARIABLE (OPENSSL_CONF)
Go to Control Panel > System > Advanced > Environment Variables
OR
Right Click on My Computer > Properties > Advanced > Environment Variables

Add a
new system variable OPENSSL_CONF:

Variable name:
OPENSSL_CONF
Variable value:
C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf

Log out > log in

Go to
command prompt and type in:

set | more

Make sure you see the following line among the environment variables:
OPENSSL_CONF= C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf

STEP2. GENERATING KEY
Go to
command prompt and type in:
cd\
cd wamp\bin\apache\apache2.2.11\bin
openssl req -new > webserver.csr

The command runs and prompts you to enter a
PEM pass phrase and verify it. Write down the phrase because you will need it later. It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in C:\wamp\bin\apache\apache2.2.11\bin.

STEP 3. REMOVING PASSPHRASE
Run the following command:
openssl rsa -in privkey.pem -out webserver.key

You will be
prompted for the pass phrase from the previous step.
The RSA key is written and the file webserver.key is now available in the folder.


STEP 4. CONVERTING INTO SIGNED CERTIFICATE
Run the following command to create a certificate which expires after one year:

openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365


STEP 5. STORING CERTIFICATE FILES
Create a folder
C:\wamp\OpenSSL with the following subfolders:

certs
crl
newcerts
private


Copy the following files from
C:\wamp\bin\apache\Apache2.2.11\bin to C:\wamp\OpenSSL\certs:

webserver.cert
webserver.csr
webserver.key


Copy the following files from
C:\wamp\bin\apache\Apache2.2.11\bin to C:\wamp\OpenSSL\private:

.rnd
privkey.pem


STEP 6. CREATING ERROR LOG FILES
Create 2 text files on C:/wamp/logs
1. ssl_ErrorLog.txt
2. ssl_TransferLog.txt
STEP 7. MODIFING HTTPD-SSL.CONF
Go to C:\wamp\bin\apache\Apache2.2.11\conf\extra
Make a backup copy of the file httpd-ssl.conf and rename to httpd-ssl.conf.old
Using any text editor, open the file httpd-ssl.conf
Change the following lines, adjusting the email address and the paths to your settings:

SSLSessionCache
"shmcb:C:/wamp/logs"

SSLMutex default

# General setup for the virtual host
DocumentRoot "C:/wamp/www"
ServerName localhost:443

ServerAdmin
myemailaddress@domain.com
ErrorLog "C:/wamp/logs/ssl_ ErrorLog.txt"
TransferLog "
C:/wamp/logs/ssl_TransferLog.txt"

SSLCertificateFile "
C:/wamp/OpenSSL/certs/webserver.cert"

SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key"

SSLCARevocationPath "C:/wamp/OpenSSL/crl"

C:/wamp/bin/apache/Apache2.2.11/cgi-bin">

CustomLog "C:/wamp/logs/ssl_request.log" \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

STEP 8. MODIFIND OPENSSL.CNF
Make a
backup copy of the file openssl.cnf from C:\wamp\bin\apache\Apache2.2.11\conf.
Click and drag the file openssl.cnf into notepad (or other text editor) so you can edit it.

STEP 9. Modify the base directory:
dir = C:/wamp/OpenSSL # Where everything is kept

STEP 10. MODIFING HTTPD.CONF
Make a backup copy of the file httpd.conf from C:\wamp\bin\apache\Apache2.2.11\conf.
Open the file httpd.conf and change the following lines:

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so

STEP 11. TESTING HTTPS


Go to command prompt and run the followinf command:
httpd –t
You should see syntax is OK. If not, then you may have miss some of the steps above.

If OK, restart Apache then check that port 443 is open by running the following in the command prompt:

netstat -an | more
If tha port is not open, then you may have miss some of the steps above.
You can now test the https connection from your browser.