Friday, July 6, 2012

SSL in Wamp Server

SSL Encryption can be added to your Wamp Server package to make it more secure as well as to test the SSL environment before taking your application to production. 

Note 1: Example given in case the folder in which apache is installed is apache2.2.6  where 2.2.6 is the version of apache installed. In case of another version being installed, say apache 2.2.22, this folder would change to apache2.2.22

Note 2: the foldername appName used below should be changed to whatever is the foldername where your application is placed which should be served to users connecting via https://

1. Create SSL Certificate and Key

Open the DOS command window and change directory to bin directory of wamp apache directory by using the DOS command

cd c:\wamp\bin\apache\apache2.2.6\bin

Now the DOS prompt should look like: C:\wamp\bin\apache\apache2.2.6\bin>

To create a server key with 1024 bits encryption, enter this command:

openssl genrsa -des3 -out server.key 1024

It’ll ask you a pass phrase, enter a passphrase of your choice which you will remember

Remove the pass phrase from the RSA private key (while keeping a backup copy of the original file). Enter these commands:

copy server.key
openssl rsa -in -out server.key

It’ll ask you the pass phrase you entered earlier, enter it

Create a self-signed Certificate (X509 structure) with the RSA key you just created. Enter the command:

openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.2.6\conf\openssl.cnf

You'll be asked to fill in information after entering this command.

2. Copy the server.key and server.crt files

In the conf folder of apache2.2.6 folder, create two folders named as ssl.key and ssl.crt

Copy the server.key file to ssl.key folder and server.crt file to ssl.crt

3. Edit the httpd.conf file and php.ini

In httpd.conf file, remove the comment definer # at the line which says:
LoadModule ssl_module modules/

In httpd.conf, remove the comment definer # at the line which says:
Include conf/extra/httpd_ssl.conf

Then move that line after this block <IfModule ssl_module>…. </IfModule>

Open the php.ini file located in apache2.2.6/bin folder, remove the comment definer; at the line which says:

4. Edit the httpd-ssl.conf file

The httpd-ssl.conf file is located at C:\wamp\bin\apache\Apache2.2.6\conf\extra

This should be edited as follows

Find the line which says "SSLMutex …." and change it to SSLMutex default without quotes

Find the line which says: <VirtualHost _default_:443>.
Right after it, change the line which says DocumentRoot … to DocumentRoot "C:/wamp/www/appname" with quotes.  
Change the line "ErrorLog…." to Errorlog C:/wamp/logs/sslerror.log without quotes
Change the line "TransferLog …." to TransferLog C:/wamp/logs/sslaccess.log without quotes

Specify the SSL crt file:  Change the line "SSLCertificateFile …." to SSLCertificateFile "C:/wamp/bin/apache/apache2.2.6/conf/ssl.crt/server.crt"

Specify the SSL key file: Change the line "SSLCertificateKeyFile …." to SSLCertificateKeyFile " C:/wamp/bin/apache/apache2.2.6/conf/ssl.key/server.key"

Change the line which says <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin"> to <Directory "C:/wamp/www/">
and add the following lines inside those <Directory … >…</Directory> tags:

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

Make sure the line CustomLog "C:/wamp/logs/ssl_request.log" \  is uncommented (remove the #).

In the DOS Command window, enter httpd -t . If it displays Syntax is OK, then proceed, else you have made a syntactical error and will need to troubleshoot

Go to C:/wamp/logs and create the following 3  files
                                i.            sslerror.log
                              ii.            ssl_request.log
                             iii.            sslaccess.log

5. Starting the HTTPS Server and Putting it Online

Restart the Apache server

If restart is successful, then open the browser and enter https://localhost

If you want to allow put your HTTPS secure server online then in the httpd_ssl.conf file, change the line which says "ServerName localhost:443" to "ServerName" or  "ServerName X.Y.Z.A:443" without quotes where yourwebsitename is your registered internet domain name and/or  X.Y.Z.A is your WAN IP Address

The DocumentRoot you modified in Step 4 points to the correct website folder on your server.

If your server is connected to a router, setup the router to allow port 443 forwarding to your server.

If your server has a firewall enabled or behind a network firewall, set up the firewall to allow incoming port 443 connection

No comments:

Post a Comment