SSL
Encryption can be added to your Wamp Server package to make it more secure as well as to test the SSL environment before taking your application to production.
Note 1:
Example given in case the folder in which apache is installed is apache2.2.6 where 2.2.6 is the version of apache installed.
In case of another version being installed, say apache 2.2.22, this folder
would change to apache2.2.22
Note 2: the foldername appName used below should be changed to whatever is the foldername where your application is placed which should be served to users connecting via https://
1. Create SSL Certificate and Key
Open
the DOS command window and change directory to bin directory of wamp apache
directory by using the DOS command
cd
c:\wamp\bin\apache\apache2.2.6\bin
Now
the DOS prompt should look like: C:\wamp\bin\apache\apache2.2.6\bin>
To
create a server key with 1024 bits encryption, enter this command:
openssl
genrsa -des3 -out server.key 1024
It’ll
ask you a pass phrase, enter a passphrase of your choice which you will
remember
Remove
the pass phrase from the RSA private key (while keeping a backup copy of the
original file). Enter these commands:
copy
server.key server.key.org
openssl
rsa -in server.key.org -out server.key
It’ll
ask you the pass phrase you entered earlier, enter it
Create
a self-signed Certificate (X509 structure) with the RSA key you just created.
Enter the command:
openssl
req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config
C:\wamp\bin\apache\apache2.2.6\conf\openssl.cnf
You'll
be asked to fill in information after entering this command.
2. Copy the server.key and server.crt files
In
the conf folder of apache2.2.6 folder, create two folders named as ssl.key and
ssl.crt
Copy
the server.key file to ssl.key folder and server.crt file to ssl.crt
3. Edit the httpd.conf file and php.ini
In
httpd.conf file, remove the comment definer # at the line which says:
LoadModule ssl_module
modules/mod_ssl.so
In
httpd.conf, remove the comment definer # at the line which says:
Include conf/extra/httpd_ssl.conf
Then
move that line after this block <IfModule
ssl_module>…. </IfModule>
Open
the php.ini file located in apache2.2.6/bin folder, remove the comment definer;
at the line which says:
extension=php_openssl.dll
4. Edit the httpd-ssl.conf file
The
httpd-ssl.conf file is located at C:\wamp\bin\apache\Apache2.2.6\conf\extra
This
should be edited as follows
Find
the line which says "SSLMutex
…." and change it to SSLMutex
default without quotes
Find
the line which says: <VirtualHost
_default_:443>.
Right
after it, change the line which says
DocumentRoot … to DocumentRoot
"C:/wamp/www/appname" with quotes.
Change
the line "ErrorLog…." to Errorlog C:/wamp/logs/sslerror.log without
quotes
Change
the line "TransferLog …."
to TransferLog C:/wamp/logs/sslaccess.log
without quotes
Specify
the SSL crt file: Change the line "SSLCertificateFile …." to SSLCertificateFile "C:/wamp/bin/apache/apache2.2.6/conf/ssl.crt/server.crt"
Specify
the SSL key file: Change the line "SSLCertificateKeyFile
…." to SSLCertificateKeyFile
" C:/wamp/bin/apache/apache2.2.6/conf/ssl.key/server.key"
Change
the line which says <Directory
"C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
to <Directory
"C:/wamp/www/">
and
add the following lines inside those <Directory
… >…</Directory> tags:
Options Indexes
FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Make
sure the line CustomLog "C:/wamp/logs/ssl_request.log"
\ is uncommented (remove the #).
In
the DOS Command window, enter httpd -t . If it displays Syntax is OK, then proceed, else you have made a syntactical error
and will need to troubleshoot
Go
to C:/wamp/logs and create the
following 3 files
i.
sslerror.log
ii.
ssl_request.log
iii.
sslaccess.log
5. Starting the HTTPS Server and Putting it Online
Restart
the Apache server
If
restart is successful, then open the browser and enter https://localhost
If
you want to allow put your HTTPS secure server online then in the
httpd_ssl.conf file, change the line which says "ServerName localhost:443" to "ServerName www.yourwebsitename.com:443" or "ServerName
X.Y.Z.A:443" without quotes where yourwebsitename is your registered
internet domain name and/or X.Y.Z.A is
your WAN IP Address
The
DocumentRoot you modified in Step 4 points to the correct website folder on
your server.
If
your server is connected to a router, setup the router to allow port 443
forwarding to your server.
If
your server has a firewall enabled or behind a network firewall, set up the
firewall to allow incoming port 443 connection
No comments:
Post a Comment