30 July 2009

Setting up SSL and Apache

Setup the WampServer as explained here

------------------Generate your own CA------------------
1. Generate a ca key:
openssl genrsa -des3 -out ca.key 1024

2. Generate a ca certificate:
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
subject=/C=IN/ST=Karnataka/L=Bangalore/O=Nortel/OU=Engineering/CN=localhostca

3. Generate a server key:
openssl genrsa -des3 -out server.key 1024

4. Create a certificate signing request:
openssl req -new -key server.key -out server.csr
subject=/C=IN/ST=Karnataka/L=Bangalore/O=Nortel/OU=Engineering/CN=localhost

5. Sign the certificate signing request:
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

6. Create an insecure version of the server.key:
openssl rsa -in server.key -out server.key.insecure
mv server.key.insecure server.key

openssl req -noout -text -in server.csr
openssl x509 -noout -text -in server.crt

server.crt: The self-signed server certificate.
server.key: The private server key.
ca.crt: The Certificate Authority's own certificate.
--------------------------------------------------------

1. Update "C:\Program Files\wamp\bin\apache\Apache2.2.11\conf\httpd.conf"
-> LoadModule ssl_module modules/mod_ssl.so
-> Include conf/extra/httpd-ssl.conf
2. Update "C:\Program Files\wamp\bin\apache\Apache2.2.11\conf\extra\httpd-ssl.conf"
-> #DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
-> SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
-> SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
3. Copy server.crt and server.key to "C:\Program Files\Apache Software Foundation\Apache2.2\conf"
4. Restart Apache server
5. Copy ca.crt to:
-> Mozilla Tools >> Options >> Advanced >> Encryption >> Veiw Certificates >> Authorities
-> IE Tools >> Internet Options >> Content >> Certificates >> Trusted Root Certification Authorities

If https://localhost is not working then refer the logs at "C:\Program Files\Apache Software Foundation\Apache2.2\logs"

Reference:
http://middleware.its.state.nc.us/middleware/Documentation/en_US/htm/csqzas00/csqzas000p.htm
http://progtutorials.tripod.com/SSL.htm
http://www.tc.umn.edu/~brams006/selfsign.html
http://www.tc.umn.edu/~brams006/selfsign_redhat.html
http://articles.techrepublic.com.com/2415-3513_11-167032.html
Posted by ~mE at 23:40
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)