How to enable SSL for an Apache web server?
1. Create a certificate and key, using keytool and openssl
Create a keystore (.jks) file:
keytool -genkey -alias rolf -keyalg RSA -keystore rolf.jks -keysize 2048
Create a pfx (.p12) file:
keytool -importkeystore -srckeystore rolf.jks -destkeystore rolf.p12 -deststoretype PKCS12
Start openssl and generate .key- and .crt files:
OpenSSL> pkcs12 -in rolf.p12 -nocerts -out rolf.org.key
OpenSSL> pkcs12 -in rolf.p12 -clcerts -nokeys -out rolf.crt
Remove the private keyphrase from the .key file:
OpenSSL> rsa -in rolf.org.key -out rolf.key
2. Update the httpd.conf file
Enable mod_ssl.so (uncomment the next line):
LoadModule ssl_module modules/mod_ssl.so
Include the SSL config file (add the following line):
Include conf/extra/httpd-ssl.conf
3. Update the httpd-ssl.conf file
Disable the cache:
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache"
#SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)"
#SSLSessionCacheTimeout 300
Add the location of the .key and .crt files:
#SSLCertificateFile "c:/Apache24/conf/server.crt"
SSLCertificateFile "C:/.../apache/conf/rolf.crt"
# SSLCertificateKeyFile "c:/Apache24/conf/server.key"
SSLCertificateKeyFile "C:/.../apache/conf/rolf.key"
Disable per-server logging:
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
#CustomLog "c:/Apache24/logs/ssl_request.log" \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Disable PassPhraseDialog:
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog builtin
4. PHP OpenSSL extension not working (TYPO3)
Activate the PHP module openssl in php.ini
extension=php_openssl.dll
Add an environment variable “OPENSSL_CONF” with value:
C:\...\apache\conf\openssl.cnf
Add to the PATH environment variable:
C:\...\apache\bin
Restart the webserver.
5. Resource
http://stackoverflow.com/questions/23754996/php-openssl-extension-not-working-while-install-typo3-6-2-2-on-window7