Apache HTTPS/SSL on Windows easy how to - virtualhost, subdomains

User avatar
axew3
w3all User
w3all User
Posts: 1448
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Apache HTTPS/SSL on Windows easy how to - virtualhost, subdomains

Post by axew3 » Wed Aug 03, 2016 9:13 pm

From 2010, when this article has been write http://rubayathasan.com/tutorial/apache-ssl-on-windows/, nothing +- have been changed about how to setup https ssl on Apache in a Windows os.
Here i just report in steps, with corrections and my hints (on how i have get work my test HTTPS on Apache server in Win, as reminder):
We start assuming that we have an apache web server installed and configured already with virtual hosts on htdocs.conf.
So the htdocs.conf will contain something like this for my working example:

Code: Select all

# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#NameVirtualHost *:80
<VirtualHost *:80>
# ServerAdmin alias@example.com
 DocumentRoot "F:/HTDOCS"
 ServerName w3host.com
# ErrorLog "logs/www.w3host.com-error_log"
# TransferLog "logs/localhost-access_log"
</VirtualHost>
<VirtualHost *:80>
# ServerAdmin alias@.example.com
 DocumentRoot "F:/HTDOCS/subdomain"
 ServerName subdomain.w3host.com
</VirtualHost>
<VirtualHost *:80>
# ServerAdmin alias@host.example.com
 DocumentRoot "F:/HTDOCS/subdomain-2"
 ServerName subdomain-2.w3host.com
 </VirtualHost>
 <VirtualHost *:80>
# ServerAdmin alias@.example.com
 DocumentRoot "F:/HTDOCS/updomain"
 ServerName updomain.com
 </VirtualHost>
We need to setup the Windows environment variable OPENSSL_CONF ...
Open Control Panel\System and Security\System\Advanced System Settings choose Environment Variables
and under System Variables set the correct value to the openssl.cnf file, so for example:
as Variable value set OPENSSL_CONF
as Value set something like:
C:\Apache2.4\conf\openssl.cnf
Check that there is not already present a Variable named OPENSSL_CONF maybe due to previous install: in case edit value to correct path only.
(I had to restart win to get effectively loaded as changed the OPENSSL_CONF value after edited and saved it. I have read somewhere that should not be necessary: i do not know, on my test, i had to restart win. Maybe you have not to restart, or you know how to refresh win, loading new or changed environment vars, without restarting).

now from promt as admin, on bin folder of Apache install folder, execute:
openssl req -new -out server.csr
It will ask you some questions and you can safely ignore them and just answer the following questions:
PEM pass phrase: Password associated with the private key you’re generating (anything of your choice).
Common Name: The fully-qualified domain name associated with this certificate (i.e. http://www.domain.com).
NOTE about Common Name: maybe you would like to setup an unique .crt and .key for subdomains, so, enter *.domain.com (for my test i've give *.w3host.com) as Common Name value.
Now we need to remove the passphrase from the private key. The file "server.key" created from the following command should be only readable by the apache server and the administrator. You should also delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

openssl rsa -in privkey.pem -out server.key

Now we need to set up an expiry date, it could be any time of your choice, we use 365 days below:

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

We have the Self-signed SSL certificates ready now on apache bin folder. Now we need to MOVE the "server.crt" and "server.key" files to the
"C:\Apache2.4\conf" location.
Configuring Apache to run SSL/HTTPS server:

Now that we have the Self-signed SSL certificate ready, all we need is to configure Apache to start the SSL server.

First we modify the "C:\Apache2.4\conf\httpd.conf" file.

Open up conf\httpd.conf in a text editor and look for these two lines:

LoadModule ssl_module modules/mod_ssl.so and remove pound sign (#) character preceding it.
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so and remove pound sign (#) character preceding it.

Include conf/extra/httpd-ssl.conf and remove pound sign (#) character preceding it.

Now we need to modify the "C:\Apache2.4\conf\extra\httpd-ssl.conf". Let all the default options as it is but make sure to modify the following section according to your need:

<VirtualHost _default_:443>
ServerAdmin some@email.com
DocumentRoot "Your Root folder location"
ServerName http://www.domain.com:443
ServerAlias domain.com:443
ErrorLog "logs/anyFile-error.log"
CustomLog "logs/anyFile-access.log" common
SSLEngine on
..... .....
.....
SSLCertificateFile "C:\Apache2.4\conf\server.crt"
..... .....
.....
SSLCertificateKeyFile "C:\Apache2.4\conf\server.key"
</VirtualHost>

Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.
if any correction or addition on this, please just post.

User avatar
axew3
w3all User
w3all User
Posts: 1448
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Using same .crt and .key for Virtualhosts subdomains: how to with httpd-ssl.conf

Post by axew3 » Wed Aug 03, 2016 10:26 pm

This is an example, on how to setup multiple Virtualhosts for subdomains, on file conf/extra/httpd-ssl.conf, using same .crt and .key files, and using same IP. Before or after the default Virtual Host directive, add virtual hosts you need in this way:

Code: Select all

##
## SSL Virtual Host Context
##

<VirtualHost subdomain.w3host.com:443>
DocumentRoot "F:\HTDOCS\subdomain"
ServerAdmin me@axew3.com
ServerName http://www.subdomain.w3host.com
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
SSLCertificateFile "C:\Apache2.4\conf\server.crt"
SSLCertificateKeyFile "C:\Apache2.4\conf\server.key"
</VirtualHost>

<VirtualHost subdomain-2.w3host.com:443>
DocumentRoot "F:\HTDOCS\subdomain-2"
ServerAdmin me@axew3.com
ServerName http://www.subdomain-2.w3host.com
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
SSLCertificateFile "C:\Apache2.4\conf\server.crt"
SSLCertificateKeyFile "C:\Apache2.4\conf\server.key"
</VirtualHost>
this is +- how look like the default that you'll setup with main server values:

Code: Select all

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "F:\HTDOCS"
ServerName http://www.w3host.com:443
ServerAdmin me@axew3.com
ErrorLog "C:\Apache2.4\logs\error.log"
TransferLog "C:\Apache2.4\logs\access.log"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
.... ..... etc etc

Post Reply