apache2 / WampServer - instruction how to enable https on Windows (SSL / TSL connection)

In this article we would like to show how to enable HTTPS connection for Apache 2.4 under Windows.

Note: presented solution should be working for Linux too.

Read below sections to know:

• what software should be used,
• how to generate certificates,
• what Apache 2 modules are requred,
• how to configure server,
• how restart server,
• how to verify https connection. 

During configuration following software were used (treat it only as recommendation):

1. Windows 10,
2. Apache 2.4.39 installed as WampServer x64 (download link here),
3. PHP 7.3.5 (is installed automatically with WampServer, we need to select it with context menu only).

To enable HTTPS it is necessary to do 3 things: prepare certificate, enable required modules and set server configurations.

Do following steps:

We can buy certificate, use free certificate or create self signed one.

In this section we use self signed certificate.

Do following steps:

1. at begining we need to create directory to store certificates - in my case it will be:
   Copy

   xxxxxxxxxx

    

   1

   C:\wamp64\bin\apache\apache2.4.39\conf\cert\
2. check if you have installed openssl, or download and install it from here,
3. open Windows Command Prompt and run following command to create key with certificate:
   Copy

   xxxxxxxxxx

    

   1

   "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365

   Where:
   - paths should be addopted to correct locations,
   - we will use RSA key,
   - certificate will expire after 365 days.

   Note: we will be asked for some informations, where most important will be to type our_secret_password (it is called PEM pass phrase).

4. convert encrypred key to RSA key with following command:

   Copy

   xxxxxxxxxx

    

   1

   "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key"

   Note: use same our_secret_password during conversion.

   Example output:
   Copy

   xxxxxxxxxx

    

   1

   C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365

   2

   Generating a RSA private key

   3

   .................................................................................++++

   4

   ........................................................++++

   5

   writing new private key to 'C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key'

   6

   Enter PEM pass phrase:

   7

   Verifying - Enter PEM pass phrase:

   8

   -----

   9

   You are about to be asked to enter information that will be incorporated

   10

   into your certificate request.

   11

   What you are about to enter is what is called a Distinguished Name or a DN.

   12

   There are quite a few fields but you can leave some blank

   13

   For some fields there will be a default value,

   14

   If you enter '.', the field will be left blank.

   15

   -----

   16

   Country Name (2 letter code) [AU]:PL

   17

   State or Province Name (full name) [Some-State]:Lesser Poland

   18

   Locality Name (eg, city) []:Cracow

   19

   Organization Name (eg, company) [Internet Widgits Pty Ltd]:ACME

   20

   Organizational Unit Name (eg, section) []:

   21

   Common Name (e.g. server FQDN or YOUR name) []:localhost

   22

   Email Address []:

   23

   ​

   24

   C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key"

   25

   Enter pass phrase for C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key:

   26

   writing RSA key

   27

   ​

   28

   C:\>

In this case we need to enable only one module: ssl_module.

We can do it in 2 ways:

• from context menu: Apache -> Apache modules -> ssl_module
• from configuration file c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf by uncommenting following line:
  Copy

  xxxxxxxxxx

   

  1

  LoadModule ssl_module modules/mod_ssl.so

We need to set listening ports for https and add virtual server that uses https protocol.

Add to c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf file, following lines:

xxxxxxxxxx

Listen 0.0.0.0:443

Listen [::0]:443

Note: you can put is below Listen 0.0.0.0:80 (use Ctrl+F keys in your Notepad to find phrase).

Add to c:\wamp64\bin\apache\apache2.4.39\conf\extra\httpd-vhosts.conf file, following lines:

xxxxxxxxxx

<VirtualHost *:443>

  ServerName localhost

  ServerAlias localhost

  DocumentRoot "${INSTALL_DIR}/www"

  SSLEngine on

  SSLCertificateKeyFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.key"

  SSLCertificateFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.crt"

  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

  <Directory "${INSTALL_DIR}/www/">

    Options +Indexes +Includes +FollowSymLinks +MultiViews

    AllowOverride All

    Require local

  </Directory>

</VirtualHost>

Note: you can put it at the end of the file.

Most simple is to click Restart All Services item in WampServer context menu located in try bar (check first screenshot).

Type in web browser address bar https://localhost and confirm with Enter key.

For self signed certificate it will be necessary to confirm certificate - look on bellow confirmation examples.

Note: to see how to verify https with openssl read this article.