To setup virtual hosts, mysql, apache and php, read this (on bottom about setup virtual hosts), where there is line "To setup custom domain name or subdomains":
https://www.axew3.com/w3/forums/viewtop ... f=7&t=1637
From 2010, when this article has been written
http://rubayathasan.com/tutorial/apache-ssl-on-windows/, nothing +- changed about how to setup https ssl on Apache in a Windows os.
Here on 2021 report in steps, with corrections and my hints (to get work my test HTTPS on Apache server in Win, as reminder):
Start assuming that you have an apache web server installed and configured already with virtual hosts on htdocs.conf.
So the htdocs.conf will contain something like this for my working example:
Code: Select all
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#NameVirtualHost *:80
<VirtualHost *:80>
# ServerAdmin alias@example.com
DocumentRoot "F:/HTDOCS"
ServerName w3host.com
# ErrorLog "logs/www.w3host.com-error_log"
# TransferLog "logs/localhost-access_log"
</VirtualHost>
<VirtualHost *:80>
# ServerAdmin alias@.example.com
DocumentRoot "F:/HTDOCS/subdomain"
ServerName subdomain.w3host.com
</VirtualHost>
We need to setup the Windows environment variable OPENSSL_CONF ...
Open
Control Panel\System and Security\System\Advanced System Settings choose
Environment Variables
and under System Variables set the correct value to the openssl.cnf file, so for example:
as
Variable value set
OPENSSL_CONF
as
Value set something like:
C:\Apache2.4\conf\openssl.cnf
or
C:\Program Files (x86)\Apache Software Foundation\Apache2.4\conf\openssl.cnf
Check that there is not already present a Variable named OPENSSL_CONF maybe due to previous install: in case edit value to correct path only.
(I had to restart win to get effectively loaded as changed the OPENSSL_CONF value after edited and saved it. I have read somewhere that should not be necessary: i do not know, on my test, i had to restart win. Maybe you have not to restart, or you know how to refresh win, loading new or changed environment vars, without restarting).
now from promt as admin, on
bin folder of
Apache install folder, execute:
openssl req -new -out server.csr
It will ask you some questions and you can safely ignore them and just answer the following questions:
PEM pass phrase: Password associated with the private key you’re generating (anything of your choice).
Common Name: The fully-qualified domain name associated with this certificate (i.e.
http://www.domain.com).
NOTE about Common Name: maybe you would like to setup an unique .crt and .key for subdomains, so, enter
*.domain.com (for my test i've give
*.w3host.com) as
Common Name value.
Now we need to remove the passphrase from the private key. The file "server.key" created from the following command should be only readable by the apache server and the administrator. You should also delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
openssl rsa -in privkey.pem -out server.key
Now we need to set up an expiry date, it could be any time of your choice, we use 365 days below:
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
We have the Self-signed SSL certificates ready now on apache bin folder. Now we need to MOVE the "server.csr", "server.crt" and "server.key" files to the
"C:\Apache2.4\conf" location
or to the folder where the
SSLCertificateFile directive point to, into file
/conf/extra/httpd-ssl.conf
Now configure Apache to run SSL/HTTPS server:
Now that we have the Self-signed SSL certificate ready, all we need is to configure Apache to start the SSL server.
First we modify the "C:\Apache2.4\conf\httpd.conf" file.
Open up conf\httpd.conf in a text editor and look for these three lines:
LoadModule ssl_module modules/mod_ssl.so and remove pound sign (#) character preceding it.
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so and remove pound sign (#) character preceding it.
Include conf/extra/httpd-ssl.conf and remove pound sign (#) character preceding it.
Now we need to modify the "C:\Apache2.4\conf\extra\httpd-ssl.conf". Let all the default options as it is but make sure to modify the following section according to your need:
<VirtualHost _default_:443>
ServerAdmin
some@email.com
DocumentRoot "Your Root folder location"
ServerName
http://www.domain.com:443
ServerAlias domain.com:443
#ErrorLog "logs/anyFile-error.log"
#CustomLog "logs/anyFile-access.log" common
SSLEngine on
..... .....
.....
SSLCertificateFile "C:\Apache2.4\conf\server.crt"
..... .....
.....
SSLCertificateKeyFile "C:\Apache2.4\conf\server.key"
</VirtualHost>
Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.
search for line:
SSLPassPhraseDialog builtin
change into:
#SSLPassPhraseDialog builtin
may, may not, search also for line
SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"
comment out:
#SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"
restart Apache
[size=150][color=#BF0040]To setup virtual hosts, mysql, apache and php, read this (on bottom about setup virtual hosts), where there is line "To setup custom domain name or subdomains":[/color][/size]
https://www.axew3.com/w3/forums/viewtopic.php?f=7&t=1637
From 2010, when this article has been written [url]http://rubayathasan.com/tutorial/apache-ssl-on-windows/[/url], nothing +- changed about how to setup https ssl on Apache in a Windows os.
Here on 2021 report in steps, with corrections and my hints (to get work my test HTTPS on Apache server in Win, as reminder):
Start assuming that you have an apache web server installed and configured already with virtual hosts on htdocs.conf.
So the htdocs.conf will contain something like this for my working example:
[code]# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#NameVirtualHost *:80
<VirtualHost *:80>
# ServerAdmin alias@example.com
DocumentRoot "F:/HTDOCS"
ServerName w3host.com
# ErrorLog "logs/www.w3host.com-error_log"
# TransferLog "logs/localhost-access_log"
</VirtualHost>
<VirtualHost *:80>
# ServerAdmin alias@.example.com
DocumentRoot "F:/HTDOCS/subdomain"
ServerName subdomain.w3host.com
</VirtualHost>
[/code]
[quote]We need to setup the Windows environment variable OPENSSL_CONF ...[/quote]
Open [b]Control Panel\System and Security\System\Advanced System Settings[/b] choose [b]Environment Variables[/b]
and under System Variables set the correct value to the openssl.cnf file, so for example:
as [b]Variable[/b] value set [i]OPENSSL_CONF[/i]
as [i]Value[/i] set something like:
[b]C:\Apache2.4\conf\openssl.cnf[/b]
or [i]C:\Program Files (x86)\Apache Software Foundation\Apache2.4\conf\openssl.cnf[/i]
Check that there is not already present a Variable named OPENSSL_CONF maybe due to previous install: in case edit value to correct path only.
(I had to restart win to get effectively loaded as changed the OPENSSL_CONF value after edited and saved it. I have read somewhere that should not be necessary: i do not know, on my test, i had to restart win. Maybe you have not to restart, or you know how to refresh win, loading new or changed environment vars, without restarting).
now from promt as admin, on [b]bin[/b] folder of [i]Apache[/i] install folder, execute:
[b]openssl req -new -out server.csr[/b]
[quote]It will ask you some questions and you can safely ignore them and just answer the following questions:
[b]PEM pass phrase[/b]: Password associated with the private key you’re generating (anything of your choice).
[b]Common Name[/b]: The fully-qualified domain name associated with this certificate (i.e. http://www.domain.com). [/quote]
[b]NOTE about Common Name[/b]: maybe you would like to setup an unique .crt and .key for subdomains, so, enter [b]*.domain.com[/b] (for my test i've give [i]*.w3host.com[/i]) as [i]Common Name[/i] value.
[b]Now we need to remove the passphrase from the private key[/b]. The file "server.key" created from the following command should be only readable by the apache server and the administrator. You should also delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
[b]openssl rsa -in privkey.pem -out server.key[/b]
Now we need to set up an expiry date, it could be any time of your choice, we use 365 days below:
[b]openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365[/b]
We have the Self-signed SSL certificates ready now on apache bin folder. Now we need to MOVE the "server.csr", "server.crt" and "server.key" files to the
"C:\Apache2.4\conf" location
or to the folder where the [i]SSLCertificateFile[/i] directive point to, into file
[i]/conf/extra/httpd-ssl.conf[/i]
[b]Now configure Apache to run SSL/HTTPS server:[/b]
Now that we have the Self-signed SSL certificate ready, all we need is to configure Apache to start the SSL server.
First we modify the "C:\Apache2.4\conf\httpd.conf" file.
Open up conf\httpd.conf in a text editor and look for these three lines:
[i]LoadModule ssl_module modules/mod_ssl.so[/i] and remove pound sign (#) character preceding it.
[i]LoadModule socache_shmcb_module modules/mod_socache_shmcb.so[/i] and remove pound sign (#) character preceding it.
Include conf/extra/httpd-ssl.conf and remove pound sign (#) character preceding it.
Now we need to modify the "C:\Apache2.4\conf\extra\httpd-ssl.conf". Let all the default options as it is but make sure to modify the following section according to your need:
<VirtualHost _default_:443>
ServerAdmin some@email.com
DocumentRoot "Your Root folder location"
ServerName http://www.domain.com:443
ServerAlias domain.com:443
#ErrorLog "logs/anyFile-error.log"
#CustomLog "logs/anyFile-access.log" common
SSLEngine on
..... .....
.....
SSLCertificateFile "C:\Apache2.4\conf\server.crt"
..... .....
.....
SSLCertificateKeyFile "C:\Apache2.4\conf\server.key"
</VirtualHost>
Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.
search for line:
[i]SSLPassPhraseDialog builtin[/i]
change into:
[b]#SSLPassPhraseDialog builtin[/b]
may, may not, search also for line
SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"
comment out:
#SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"
[b]restart Apache[/b]