Languages
[Edit]
EN

apache2 / WampServer - instruction how to enable https on Windows (SSL / TSL connection)

5 points
Created by:
Kate_C
19800

In this article we would like to show how to enable HTTPS connection for Apache 2.4 under Windows.

Note: presented solution should be working for Linux too.

Read below sections to know:

  • what software should be used,
  • how to generate certificates,
  • what Apache 2 modules are requred,
  • how to configure server,
  • how restart server,
  • how to verify https connection.¬†

1. Software

During configuration following software were used (treat it only as recommendation):

  1. Windows 10,
  2. Apache 2.4.39 installed as WampServer x64 (download link here),
  3. PHP 7.3.5 (is installed automatically with WampServer, we need to select it with context menu only).
Switching to PHP 7.3.5 in WampServer
Switching to PHP 7.3.5 in WampServer

2. Configuration

To enable HTTPS it is necessary to do 3 things: prepare certificate, enable required modules and set server configurations.

Do following steps:

2.1. Certificate preparation

We can buy certificate, use free certificate or create self signed one.

In this section we use self signed certificate.

Do following steps:

  1. at begining we need to create directory to store certificates - in my case it will be:
    C:\wamp64\bin\apache\apache2.4.39\conf\cert\
  2. check if you have installed openssl, or download and install it from here,
  3. open Windows Command Prompt and run following command to create key with certificate:
    "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365

    Where:
    - paths should be addopted to correct locations,
    - we will use RSA key,
    - certificate will expire after 365 days.

    Note: we will be asked for some informations, where most important will be to type our_secret_password (it is called PEM pass phrase).
  4. convert encrypred key to RSA key with following command:

    "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key"
    Note: use same our_secret_password during conversion.
    Example output:
    C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -keyout "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.crt" -days 365
    Generating a RSA private key
    .................................................................................++++
    ........................................................++++
    writing new private key to 'C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:PL
    State or Province Name (full name) [Some-State]:Lesser Poland
    Locality Name (eg, city) []:Cracow
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:ACME
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:localhost
    Email Address []:
    
    C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rsa -in "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key" -out "C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key"
    Enter pass phrase for C:\wamp64\bin\apache\apache2.4.39\conf\cert\localhost.key:
    writing RSA key
    
    C:\>

2.2. Enabling Apache 2.4 modules

In this case we need to enable only one module: ssl_module.

We can do it in 2 ways:

  • from context menu: Apache -> Apache modules -> ssl_module
  • from configuration file c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf by uncommenting following line:
    LoadModule ssl_module modules/mod_ssl.so

2.3. Setting Apache 2.4 configurations

We need to set listening ports for https and add virtual server that uses https protocol.

Add to c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf file, following lines:

Listen 0.0.0.0:443
Listen [::0]:443

Note: you can put is below Listen 0.0.0.0:80 (use Ctrl+F keys in your Notepad to find phrase).

Add to c:\wamp64\bin\apache\apache2.4.39\conf\extra\httpd-vhosts.conf file, following lines:

<VirtualHost *:443>
  ServerName localhost
  ServerAlias localhost
  DocumentRoot "${INSTALL_DIR}/www"
  SSLEngine on
  SSLCertificateKeyFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.key"
  SSLCertificateFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.crt"
  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  <Directory "${INSTALL_DIR}/www/">
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride All
    Require local
  </Directory>
</VirtualHost>

Note: you can put it at the end of the file.

3. Server restart

Most simple is to click Restart All Services item in WampServer context menu located in try bar (check first screenshot).

4. Verify HTTPS connection

Type in web browser address bar https://localhost and confirm with Enter key.

For self signed certificate it will be necessary to confirm certificate - look on bellow confirmation examples.

Note: to see how to verify https with openssl read this article.

Advanced options to confirm certificate.
Advanced options to confirm certificate.
Self signed certificate confirmation in Google Chrome web browser.
Self signed certificate confirmation in Google Chrome web browser.
Apache 2 with https protocol on Windows.
Apache 2 with https protocol on Windows - with self signed certificate.

 

Native Advertising
50 000 ad impressions - 449$
ūüöÄ
Get your tech brand or product in front of software developers.
For more information contact us:
Red dot
Dirask - friendly IT community for everyone.

‚̧ԳŹūüíĽ ūüôā

Join