Apache SSL: Installing Apache and OpenSSL from package
Apache and SSL package: This page is for installing Apache with OpenSSL as a single package. If you wish to install Apache and OpenSSL separately, please go to page
1. Installing Apache. Download the Apache HTTP Server binary from one of the mirrors at
http://httpd.apache.org/download.cgi. You need to download the package which includes OpenSSL. This package will
include the needed files/binaries to use OpenSSL with Apache. If you do not wish
to download the package that includes OpenSSL and opt to install this manually, please go to page 3.
To start the installation of Apache run the installer. Follow the
on-screen instructions. At the server information screen enter localhost
for the Network Domain and Server Name. Enter your email address and
click Next to continue.
When you are presented with the Destination Folder selections select
Change. Create the directory structure C:\Apache\Apache2 on your hard
Change the destination folder to the newly created folder Apache2 folder
and click OK to continue.
Continue following the on-screen instructions to complete the
installation of Apache. When completed test your install by opening a
browser and going to http://localhost/
2. Creating a Certificate Request. You now have to create a certificate to be used when clients connect to your server using https. The first step in obtaining a SSL certificate is to create a
certificate request. Open the command window and navigate to the location of Apache2. You will now run openssl with commands to create the certificate request and private key.
Run bin\openssl req -config conf\openssl.cnf -new -out my-server.csr
You will be prompted to enter a PEM pass phrase and then to verify it. Enter 12345 or you can enter your own pass phrase. This is used to protect your private key from being read or modified by an unauthorized individual.
Now you must enter the information that will be entered into your certificate. Enter the geographical, organizational, and contact information.
You will also be prompted to enter extra attributes, which is a challenge password that will be sent with your certificate. Enter test or create your own password. Press Enter to create your certificate request. When asked for the Common Name or the Domain Name, give the exact domain name of your server.
If the name does not match browsers will produce a warning message about the name mismatch when clients visit the site.
3. Removing Passpharse. Now you need to remove the pass phrase from the private key you just created. Your private key should only be readable by the Apache server and the
administrator, which is done using the pass phrase. Enter bin\openssl rsa -in privkey.pem -out server.key to remove the pass phrase from the private key. You will be prompted for the pass phrase you created from your private key to complete the task. Enter 12345 or the pass phrase you created and press Enter to continue. The output is your private key without the pass phrase attached.
You should also delete the .rnd file created in the Apache/modssl bin folder because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
4. Creating a Certificate. Now you can create your certificate using the certificate request you generated earlier. This certificate will be self signed. Enter bin\openssl x509 -in my-server.csr -out server.cert -req -signkey server.key -days 365
5. Importing Certificate and Key. Move the new files created (server.key server.crt) to the conf directory within Apache2.
6. Enabling SSL Module mod_ssl. Even though you have installed the Apache + OpenSSL package, it is still necessary to modify the Apache configuration file to use mod_ssl. The main Apache
configuration file is usually found in your Apache installation directory/conf/httpd.conf. Open this file in an editor and uncomment (or add) the following line(s):
(Comments are designated with a #)
LoadModule ssl_module modules/mod_ssl.so
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Save the file.
Please continue to page 6 to complete the lab.
*Note: There are multiple ways that the conf file may be configured.