apache2 / WampServer - instruction how to enable https on Windows (SSL / TSL connection)
In this article we would like to show how to enable HTTPS connection for Apache 2.4 under Windows.
Note: presented solution should be working for Linux too.
Read below sections to know:
- what software should be used,
- how to generate certificates,
- what Apache 2 modules are requred,
- how to configure server,
- how restart server,
- how to verify https connection.Â
1. Software
During configuration following software were used (treat it only as recommendation):
- Windows 10,
- Apache 2.4.39 installed as WampServer x64 (download link here),
- PHP 7.3.5 (is installed automatically with WampServer, we need to select it with context menu only).
2. Configuration
To enable HTTPS it is necessary to do 3 things: prepare certificate, enable required modules and set server configurations.
Do following steps:
2.1. Certificate preparation
We can buy certificate, use free certificate or create self signed one.
In this section we use self signed certificate.
Do following steps:
- at begining we need to create directory to store certificates -Â in my case it will be:
C:\wamp64\bin\apache\apache2.4.39\conf\cert\ - check if you have installed
openssl, or download and install it from here, - open Windows Command Prompt and run following command to create key with certificate:
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365Where:
- paths should be addopted to correct locations,
- we will use RSA key,
- certificate will expire after 365 days.Note: we will be asked for some informations, where most important will be to type
our_secret_password(it is called PEM pass phrase). -
convert encrypred key to RSA key with following command:
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key"Note: use same
Example output:our_secret_passwordduring conversion.C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365 Generating a RSA private key .................................................................................++++ ........................................................++++ writing new private key to 'C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]:Lesser Poland Locality Name (eg, city) []:Cracow Organization Name (eg, company) [Internet Widgits Pty Ltd]:ACME Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:localhost Email Address []: C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" Enter pass phrase for C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key: writing RSA key C:\>
2.2. Enabling Apache 2.4 modules
In this case we need to enable only one module: ssl_module.
We can do it in 2 ways:
- from context menu: Apache -> Apache modules -> ssl_module
- from configuration file
c:\wamp64\bin\apache\apache2.4.39\conf\httpd.confby uncommenting following line:LoadModule ssl_module modules/mod_ssl.so
2.3. Setting Apache 2.4 configurations
We need to set listening ports for https and add virtual server that uses https protocol.
Add to c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf file, following lines:
Listen 0.0.0.0:443
Listen [::0]:443
Note: you can put is belowÂ
Listen 0.0.0.0:80Â (useCtrl+Fkeys in your Notepad to find phrase).
Add to c:\wamp64\bin\apache\apache2.4.39\conf\extra\httpd-vhosts.conf file, following lines:
<VirtualHost *:443>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
SSLEngine on
SSLCertificateKeyFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.key"
SSLCertificateFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.crt"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
Note: you can put it at the end of the file.
3. Server restart
Most simple is to click Restart All Services item in WampServer context menu located in try bar (check first screenshot).
4. Verify HTTPS connection
Type in web browser address bar https://localhost and confirm with Enter key.
For self signed certificate it will be necessary to confirm certificate -Â look on bellow confirmation examples.
Note: to see how to verify https with openssl read this article.
Â