evolution creations
when you put your mind to it, anything is possible
Installing SSL Certificate on Apache2.2 installed on Windows 2003 Server
This guide assumes that you have already installed Apache2.2 and OpenSSL on your server.
Once you have gotten the certificate file back from your CA, you will want to rename the certificate file to your commonname.cert.
You will then go to:
C:\Program Files\Apache Foundation Software\Apache2.2\conf
and create a directory called ‘ssl’. Then go into the directory:
C:\Program Files\Apache Foundation Software\Apache2.2\conf\ssl
Copy your *.key file and *.cert file into this directory. We then have to make changes to the httpd.conf file. You will need to add a few lines. The first will go towards the bottom of the configuration file before any
Include conf/ssl.conf
Then you will want to browse to:
C:\Program Files\Apache Foundation Software\Apache2.2\conf\extra
and locate the httpd-ssl.conf file. Copy this into your:
C:\Program Files\Apache Foundation Software\Apache2.2\conf
directory and rename this to ssl.conf. In both the httpd.conf and ssl.conf, locate the lines:
ServerName
and make sure that they are formated as:
httpd.conf
ServerName commonname:80ssl.conf
ServerName commonname:443
In the ssl.conf file, locate the following variables: SSLCertificateFile and SSLCertificateKeyFile. You will need to point these to the location of your *.cert and *.key. They should look like:
SSLCertificateFile C:/Program Files/Apache Foundation Software/Apache2.2/conf/ssl/commonname.cert
SSLCertificateKeyFile C:/Program Files/Apache Foundation Software/Apache2.2/conf/ssl/commonname.key
Save all your files, and start Apache from Start > Run > services.msc. All things being, this should work and you should be able to go to a command prompt and type in the following:
telnet localhost 80
and
telnet localhost 443
and each should return a blank screen with a blinking curser in the upper left corner. If you get any errors, make sure to check the Event Viewer > Application to see what Apache is reporting as being a problem. Also within the directory:
C:\Program Files\Apache Foundation Software\Apache2.2\log
there is an error.log file that will log out any errors that you might have.
Also you can also check your installation by going to Verisign’s Checker tool.
Known Issue 1
There is one know issue on Windows, if you get the error message in the error.log as:
Error: Init: SSLPassPhraseDialog builtin is not supported on Win32
This is because a password was entered while generating the key file via openssl. To fix this, you will first need to go to the ssl.conf file and comment out the line that contains:
SSLPassPhraseDialog
and save the file. Then you will want to go to your directory:
C:/Program Files/Apache Foundation Software/Apache2.2/bin
and run the following command:
openssl rsa -in commonname.key -out commonname2.key
Copy the commonname2.key file and then go to:
C:/Program Files/Apache Foundation Software/Apache2.2/conf/ssl
and delete the current commonname.key and replace it with commonname2.key. Rename commonname2.key to commoname.key.
Try to restart Apache from Start > Run > services.msc and see if that works for you!
Known Issue 2
If you are using a Verisign SSL Certificate, you may have a experienced a problem where pulling up the secure site will return an error indicating: Unable to verify the identify of commonname as a trusted site.
This is because with Verisign certificates, you now need to install an intermediate certificate. That can be found directly from Verisign. The key is that within the ssl.conf file you need to uncomment out the line:
SSLCertificateChainFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/ssl/intermediate.crt”
save, then restart Apache. Keep in mind that the name there is what you save the intermediate certificate that you get from the Verisign site, make sure that you save the file name in the ssl directory.
Once you do this, your cert should work fine. Use the Verisign checker to verify your findings.
Explore Badlands
Tempest Keep
Twilight Duo (10 player)
February 28, 2009 - 6:53 AM
I have applied in those steps but not working for installing SSL Certificate .
Error:
3096:error:02001005:
system library:fopen:Input/output error:.\crypto\bio\bss_file.c:126:fopen(‘D:\apache2triad\opssl\bin’,'rb’)
3096:error:2006D002:
BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:131:
3096:error:0E078002:
configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:
can you tell there problem and tell me the steps..
February 28, 2009 - 9:58 AM
What part of the guide did you experience this issue on?
February 28, 2009 - 11:14 AM
hi
i used these steps
# Create a RSA private key for your server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this host.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
$ openssl rsa -in server.key -out server.key.unsecure
# Create a self-signed Certificate (X509 structure) with the RSA key you just created (output will be PEM formatted):
$ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt
This signs the server CSR and results in a server.crt file.
You can see the details of this Certificate using:
$ openssl x509 -noout -text -in server.crt
Error shown on this step
# Create a self-signed Certificate (X509 structure) with the RSA key you just created (output will be PEM formatted):
these steps are creating for ssl certificate .
thanks in advance
February 28, 2009 - 1:13 PM
Ah I see, I haven’t tried to integrate RSA encryption keys into Apache before. It looks like you are trying to install this from the steps on this board:
http://www.wampserver.com/phorum/read.php?2,32986,page=1
I’d have to try to install using these instructions in a VM environment to see if I could replicate the issue and figure this out. Might be also worth reaching out to that community as it seems like your error has been experienced there also by others.
August 22, 2009 - 9:09 AM
Please can ou help when I run the decrypt command line I keep getting a error saying "Warning: can't open config file: /usr/local/ssl/openssl.cnf" ,, tried various switches to point the command at the location of it,, but they all get rejected.. can you help
Andy Hughes
Ahughes * 2t2t.co.uk
August 22, 2009 - 9:23 AM
@Andy, is this a Windows install of Apache/SSL? The path that you provide is for linux:
/usr/local/ssl/openssl.cnf
as Windows shouldn't recognize a /usr mount. Can you tell me where in the guide you are stopped at?
September 28, 2009 - 7:24 AM
hi friend,
If you can buy the new certificate from http://www.tucktail.com/ or you can renew it. Then install the Apache,
January 2, 2010 - 10:22 PM
Dear Sir:
Thanks for your documantion for Apache 2.2 SSL Certificate installation,
http://wp.evolutioncreations.com/2008/05/installing-ssl-certificate-on-apache22/
it give me a big big help!
wish you have nice day and Happy new year!!
burt
from Taiwan
February 2, 2010 - 11:22 PM
Glad it helped! Need to update the posting though cause the formatting came in a little weird from Blogger, but nonetheless the information is there =)!