The Win32 Binary (MSI Installer): apache_2.2.4-win32-x86-no_ssl.msi that you download from
does not provide mod_ssl support based on OpenSSL. Apache Software Foundation does not offer the compiled binaries for the SSL module, due to the export regulations for cryptographic software from USA. Various ISVs provide free binaries for this module in various projects such as Apache-SSL etc.
For Windows, the precompiled module can be downloaded from
(where you will find Apache 2.2.4 binaries with the corresponding mod_ssl.so module versions included), while binaries for Linux are included in the major Linux distributions.
You can also compile Apache with mod_ssl support for windows by following the instructions given in any of these sites.
1. Installation of Apache 2.2.4
Download httpd-2.2.4-win32-x86-ssl.zip from
Apache 2.2.4 with openssl 0.9.8d and zlib 1.2.3, Starting with 2.2.4 is built with Visual Studio® 2005 Service Pack 1. Be sure to install the new Visual C++ 2005 Redistributable Package, see below.
Installation:
- You must first install the Visual C++ 2005 Redistributable Package (the binary is build with VC 2005 SP1).
- Download it from:
and install.
- Unzip the apache2 folder to c:\Apache2 (that is the server root in the config)
Refer the “Read Me First.txt” in httpd-2.2.4-win32-x86-ssl.zip for more information.
2. Creating a test certificate
1. Copy openssl.cnf from $APACHE_HOME\conf folder to $APACHE_HOME\bin folder.
2. Run $APACHE_HOME\bin\openssl.exe
Openssl> req -config openssl.cnf -new -out my-server.csr
This creates a certificate signing request and a private key. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server. The certificate belongs to this server name and browsers complain if the name doesn't match.
Openssl> rsa -in privkey.pem -out my-server.key
This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
Openssl> x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.
3. Copy my-server.cert and my-server.key to $APACHE_HOME\conf folder
Changes in $APACHE_HOME\conf\httpd.conf
4. In conf\httpd.conf uncomment these lines
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
5. Change Servername from localhost to registered DNS name
ServerName localhost:80
Changes in $APACHE_HOME\conf\extra\httpd-ssl.conf
6. Change ServerName to registered DNS name:443
ServerName
:443
7. Modify SSLCertificateFile path to point to $APACHE_HOME\conf\my-server.cert
8. Modify SSLCertificateKeyFile path to point to $APACHE_HOME\conf\my-server.key
9. To test if the syntax of the config (ie httpd.conf and httpd-ssl.conf)files are proper
in command prompt go to $APACHE_HOME\bin\ and type http –t. It should return
“Syntax Ok”
Testing if Apache is SSL enabled
10. Stop and restart Apache
11. Try the url
An alert message will popup since the certificate you are using is not generated
by a trusted CA. Select “yes” and you will be redirected to the page secured by
SSL.
Refer these links for more details on creating test certificates
