Installing SSL using OpenSSL on a WAMP localhost

Cryptographically secure pseudorandom number g...

Image via Wikipedia

I’m working on a project that is requiring me to use SSL (to make a https connection) on my local installation of WAMP.  After much searching and a couple tries, it appears that I finally got it working.  This post should be useful to anyone who is trying to do the same.

Before starting with all the key stuff, I installed the OpenSSL binaries for Windows into the System directory.

The following is ripped from a comment buried on WampServer.com.  Your paths may be slightly different.. so change them appropriately.

 

GENERATE KEY

Again in the command prompt, go to C:\wamp\Apache2\bin and run the following command:

openssl req -new > webserver.csr

The command runs and prompts you to enter a PEM pass phrase and verify it. Since we are doing this locally, just put in some sort of “password”, but write it down, because you will need it in the next step.

It will then ask you to enter information that will be incorporated into your certificate request. When the command finishes, it has created several files, including privkey.pem, in c:\wamp\apache2\bin.

 

REMOVE PASSPHRASE

Run the following command:

openssl rsa -in privkey.pem -out webserver.key

You will be prompted for the pass phrase from the previous step. The RSA key is written and the file webserver.key is now available in the folder.

 

CONVERT INTO SIGNED CERTIFICATE

Run the following command to create a certificate which expires after one year:

openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365

 

STORE CERTIFICATE FILES

Create a folder c:\wamp\OpenSSL with the following subfolders:

/certs
/crl
/newcerts
/private

Copy the following files to /certs/:

webserver.cert
webserver.csr
webserver.key

Copy the following files to /private/:

.rnd
privkey.pem
cacert.pem (same as above, just a wild guess) [<em>i skipped this part ^Joel</em>]

 

MODIFY HTTPD-SSL.CONF

Change the following lines, adjusting the email address and the paths to your settings:

SSLSessionCache "shmcb:C:/wamp/Apache2/logs/ssl_scache(512000)"
 
SSLMutex default
 
# General setup for the virtual host
DocumentRoot "C:/www/mysecuresite"
ServerName localhost:443
ServerAdmin myemail@example.com
ErrorLog "C:/wamp/logs/mysecuresite_error_log"
TransferLog "C:/wamp/logs/mysecuresite_access_log"
 
SSLCertificateFile "C:/wamp/OpenSSL/certs/webserver.cert"
 
SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/webserver.key"
 
SSLCARevocationPath "C:/wamp/OpenSSL/crl"
 
CustomLog "C:/wamp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

MODIFY OPENSSL.CNF

There is a file openssl.cnf in c:\wamp\Apache2\conf even though no extension is shown in Windows Explorer. Go to the DOS command prompt and run DIR to see the file extension. Make a backup copy of this file first and rename it in DOS to openssl.cnf.txt so that you can edit it.

Modify the base directory:

dir	 = c:/wamp/OpenSSL	# Where everything is kept

Go to the DOS prompt and change the name of the file back to openssl.cnf.

 

MODIFY HTTPD.CONF

Last, but not least, make sure your secure site is part of the virtual hosts in Apache:

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf

 

Ensure SSL is Enabled
Make sure that Apache is setup to even use SSL.
Do this by clicking the WAMP icon in your tray,
hovering to: Apache > Apache Modules,
scroll through the list and make sure that ssl_module has a check next to it.
If not, then click it.

 

TEST HTTPS

Run httpd –t and make sure the syntax is OK.

Restart Apache.

Check that port 443 is open by running the following in the command prompt:

netstat -an | more

Test the https connection from your browser and hopefully it works :-)

    This entry was posted in Software and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

    Post a Comment

    Your email is never published nor shared. Required fields are marked *

    *
    *

    You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>