Tuesday, March 6, 2012

WAMP Server 2 HTTPS SSL Configuration


What I want to achieve is to send email from my localhost host to my gmail account. But since Gmail uses SSL encryption, I figured that I need to enable SSL of my WAMP server.





STEP 1 : Setting an environment variable

  • Right Click on My Computer > Select Properties > Click Advance System Settings.
  • A window dialog will appear, Select Environment Variables.
  • Add a new system variable OPENSSL_CONF:
    • Variable name: OPENSSL_CONF
    • Variable value: C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf

STEP 2 : Create SSL Certificate and Key

  • Open command prompt and change directory to C
  •         cd /d c:\
            cd wamp\bin\apache\apache2.2.11\bin
         
  • Create a server private key with 1024 encyrption using the command below. It will ask for a password, just write any password (pass phrase) you like but you have to remember it since it will still be used later.
  •         openssl genrsa -des3 -out server.key 1024
         
  • Remove the password from the RSA private key and create a backup file by using the command below. It will ask for a password, just type the password you encoded earlier.
  •         copy server.key server.key.org
            openssl rsa -in server.key.org -out server.key
         
  • Make a self-signed certificate (X509 Structure) with the RSA key you just created. It will ask for information that will encoded at the certificate
  •         openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf
         

STEP 3 : Storing certificates

  • Create a folder C:\wamp\OpenSSL with the following subfolders:
    • certs
    • crl
    • newcerts
    • private
  • Copy the following files from C:\wamp\bin\apache\Apache2.2.11\bin to C:\wamp\OpenSSL\certs:
    • server.cert
    • server.csr
    • server.key
  • Copy the following files from C:\wamp\bin\apache\Apache2.2.11\bin to C:\wamp\OpenSSL\private:
    • server.key.org

STEP 4 : Configure httpd.conf

  • Go to C:\wamp\bin\apache\Apache2.2.11\conf\ and open httpd.conf
  • Remove comment (#) of LoadModule ssl_module modules/mod_ssl.so
  • Remove comment (#) of LoadModule setenvif_module modules/mod_setenvif.so
  • Remove comment (#) of Include conf/extra/httpd-ssl.conf then move it inside the block of <ifmodule ssl_module="ssl_module">.... </ifmodule>

STEP 5 : Configure php.ini

  • Remove comment (;) of extension=php_openssl.dll

STEP 6 : Configure httpd-ssl.conf

  • Go to C:\wamp\bin\apache\Apache2.2.11\conf\extra\ and open httpd-ssl.conf
  • Find the line which says "SSLMutex ...." and change it to "SSLMutex default"
  • Find the line and follow the settings as shown below:
          #   General setup for the virtual host
          DocumentRoot "C:/wamp/www"
          ServerName localhost:443
          ServerAdmin me@localhost
          ErrorLog "C:/wamp/logs/ssl_ErrorLog.txt"
          TransferLog "C:/wamp/logs/ssl_TransferLog.txt"
         
  • Find SSLCertificateFile and update it
  •      SSLCertificateFile "C:/wamp/OpenSSL/certs/server.crt"
         
  • Find SSLCertificateKeyFile and update it
  •      SSLCertificateKeyFile "C:/wamp/OpenSSL/certs/server.key"
         
  • Change the line which says or something similar to and add the following lines inside the directory tags:
  •         Options Indexes FollowSymLinks MultiViews 
     AllowOverride All 
     Order allow,deny 
     allow from all 
         

Verify if SSL is enabled

  • At your command prompt, type httpd -t. If it displays Sysntax is OK, then restart apache server, otherwise, check your settings


For other helpful resources:
Wamp2 HTTPS and SSL Setup Step-by-Step guide
WAMP SERVER 2 SSL Configuration
Open SSL Configuration in Wamp Stack

17 comments:

  1. Already an error at the first cmd:

    in french "L'ordinal 320 est introuvable dans la bibliothèque de liens dynamiques ssleay32.dll"

    ReplyDelete
  2. Eventualy i made it work
    binaries ssl with the native wamp have something wrong so you need to get those ones:

    http://downloads.jlbn.net/download.php?WampSSL.zip

    ReplyDelete
  3. I ve pointed out a small mistake but enough to loose a lot of time.

    In httpd.conf file

    should be this : "Remove comment (#) of Include conf/extra/httpd-ssl.conf"

    instead of "Remove comment (#) of Include conf/extra/httpd_ssl.conf "

    ReplyDelete
    Replies
    1. Thank you for pointing it out. I'll fix my post.

      Delete
  4. This comment has been removed by the author.

    ReplyDelete
  5. If you schedule to use this tutorial with free ssl certificates such as startssl and you want your website to be available with all browsers (even mobile browsers) you need to add sometimes the intermediates certificates in STEP 6.

    For instance if you use startssl you should download also intermediates certificates here:

    https://www.startssl.com/certs/sub.class1.server.ca.pem
    https://www.startssl.com/certs/ca.pem

    and modify your httpd-ssl.conf like this in order to add three url:

    SSLCACertificatePath "C:/wamp/OpenSSL/certs/"
    SSLCertificateChainFile "C:/wamp/OpenSSL/certs/sub.class1.server.ca.pem"
    SSLCACertificateFile "C:/wamp/OpenSSL/certs/ca.pem"


    After restarting apache you will have no longer warnings with firefox and chrome mobile!!!

    ReplyDelete
  6. I can't find server.csr file. any reason?

    ReplyDelete
    Replies
    1. Hi Praneeth, perhaps you should try creating a server.csr. Try this command:

      openssl req -new -key server.key -out server.csr

      Delete
    2. This comment has been removed by the author.

      Delete
    3. This comment has been removed by the author.

      Delete
  7. This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

    ReplyDelete
    Replies
    1. excuse the dumb question, but could add?

      Delete
  8. The enviroment setting could be letter case sensitive in Windows 8.

    good:
    set OPENSSL_CONF=c:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf

    not good:
    set OPENSSL_CONF=C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf

    ReplyDelete
  9. HI in the sept 6 I can't find the line ...SSLMutex ... if I have to create it I don't know where put this line, would you like help me with this?

    ReplyDelete
  10. i follow all the steps properly.but not even i find a single signal for openssl execution.if i type https -t ,it shows me "Sysntax is OK" then i execute my localhost. "the web site is not available screen only displayed to me. please any body help me to solve this problem.i am suffering by this issue.

    ReplyDelete
  11. For Wamp verison 2.4.9 use
    openssl req -new -key server.key -out server.csr (last line in step2)

    Replace Apache24 for wamp if you have

    C:\wamp\bin\apache\apache2.4.9\bin>httpd -t
    (OS 3)The system cannot find the path specified. : AH02297: Cannot access direc
    tory 'C:/Apache24/logs/' for log file 'c:/Apache24/logs/ssl_request.log' defined
    at C:/wamp/bin/apache/apache2.4.9/conf/extra/httpd-ssl.conf:247
    AH00014: Configuration check failed

    ReplyDelete