How to enable SSL for an Apache web server?
1. Create a certificate and key, using keytool and openssl
Create a keystore (.jks) file:
keytool -genkey -alias rolf -keyalg RSA -keystore rolf.jks -keysize 2048
Create a pfx (.p12) file:
keytool -importkeystore -srckeystore rolf.jks -destkeystore rolf.p12 -deststoretype PKCS12
Start openssl and generate .key- and .crt files:
OpenSSL> pkcs12 -in rolf.p12 -nocerts -out rolf.org.key OpenSSL> pkcs12 -in rolf.p12 -clcerts -nokeys -out rolf.crt
Remove the private keyphrase from the .key file:
OpenSSL> rsa -in rolf.org.key -out rolf.key
2. Update the httpd.conf file
Enable mod_ssl.so (uncomment the next line):
LoadModule ssl_module modules/mod_ssl.so
Include the SSL config file (add the following line):
Include conf/extra/httpd-ssl.conf
3. Update the httpd-ssl.conf file
Disable the cache:
# Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache" #SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)" #SSLSessionCacheTimeout 300
Add the location of the .key and .crt files:
#SSLCertificateFile "c:/Apache24/conf/server.crt" SSLCertificateFile "C:/.../apache/conf/rolf.crt" # SSLCertificateKeyFile "c:/Apache24/conf/server.key" SSLCertificateKeyFile "C:/.../apache/conf/rolf.key"
Disable per-server logging:
# Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. #CustomLog "c:/Apache24/logs/ssl_request.log" \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Disable PassPhraseDialog:
# Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. #SSLPassPhraseDialog builtin
4. PHP OpenSSL extension not working (TYPO3)
Activate the PHP module openssl in php.ini
extension=php_openssl.dll
Add an environment variable “OPENSSL_CONF” with value:
C:\...\apache\conf\openssl.cnf
Add to the PATH environment variable:
C:\...\apache\bin
Restart the webserver.
5. Resource