SSL Set-up on Apache for HTTPS

<< Click to Display Table of Contents >>

Navigation:  »No topics above this level«

SSL Set-up on Apache for HTTPS

Setting up SSL should be undertaken by a competent IT administrator, or personnel with equivalent technical skills.

If you are unsure and require help with this task, please contact our Technical Support team who can assist at our normal hourly rate.

Note:Hanwell cannot interact with a signing authority on your organisation’s behalf; you must handle obtaining certificate files yourselves.
All paths shown assume the default path was used during installation; if non-default path was used, the user will need to alter paths to suit their particular installation.
Backup each configuration file, before making changes.

1.Set windows environment variable OPENSSL_CONF to:

C:\Program Files (x86)\Hanwell Solutions Ltd\Apache24\conf\openssl.cnf

2.Open a Command prompt in Administrator mode and go to the following directory:

C:\Program Files (x86)\Hanwell Solutions Ltd\Apache24\bin

Type the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you are securing. For example, if your domain name is synergyserver.com, you would type synergyserver.key and synergyserver.csr.

3.Enter the requested information:

Common Name:
The fully-qualified domain name, or URL, you are securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.

Organization:
The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.

Organization Unit:
If applicable, enter the DBA (doing business as) name.

City or Locality:
Name of the city where your organization is registered/located. Do not abbreviate.

State or Province:
Name of the state or province where your organization is located. Do not abbreviate.

Country:
The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered. [https://www.iso.org/obp/ui/#search]

4.Send CSR text to a signing authority & they will send you back CRT files.

5.You can find more information about CRT files by double clicking them i.e. if your signing authority does not specify which file is which.

Look under General tab.

If it is issued to yourdomain, and issued by the signing authority then it is a SSL Certificate File.

If it is issued to and by the signing authority then it is a SSL CA Certificate File. Its file size is generally bigger than SSL Certificate File.

6.Copy .CRT and .KEY files to CONF folder

7.Read related comments in httpd.conf & httpd-ssl.conf files when following changes are made,  httpd.conf file resides in CONF folder & httpd-ssl.conf in EXTRA folder.

8.Uncomment the following  in httpd.conf i.e. by removing ‘#’

LoadModule rewrite_module modules/mod_rewrite.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

9.In httpd-ssl.conf find and replace existing commands with the following

For example:

Find

SSLSessionCache        "shmcb:c:/Apache24/logs/ssl_scache(512000)"

And replace with the following 2 lines which is basically a path change.

SSLSessionCache        "shmcb:c:/Program Files (x86)/The IMC Group Ltd/Apache24/logs/ssl_scache(512000)"

Now repeat the process for the following commands.

DocumentRoot "c:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/htdocs"

ServerName www.example.com:443 [Change as per requirement]

ServerAdmin admin@example.com   [Change as per requirement]

 

ErrorLog "c:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/logs/error.log" [Comment this out for better performance]

 

#TransferLog "c:/Apache24/logs/access.log" [Comment out]

 

SSLCertificateFile "C:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/conf/server.crt"

[Signing authority will provide this file under a different name, Change file name accordingly]

 

SSLCertificateKeyFile "C:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/conf/synergyserver.key"

[File generated in step-2]

 

SSLCertificateChainFile "C:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/conf/server-ca.crt"

[Signing authority might provide this file under a different name, Change file name accordingly. Use SSL Certificate file name if this file is not provided OR comment the line by putting ‘#’ in front of it.]

 

SSLCACertificatePath "C:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/conf"

SSLCACertificateFile "C:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/conf/ca-bundle.crt" [Signing authority will provide this file under a different name, Change file name accordingly.]

 

<Directory "c:/Program Files (x86)/Hanwell Solutions Ltd/Apache24/cgi-bin">

 

#CustomLog "c:/Apache24/logs/ssl_request.log" \ [Comment out]

 

<VirtualHost *:80>

   RewriteEngine On

   RewriteCond %{HTTPS} off

 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</VirtualHost> [Append at the end of file]

 

10.After saving changes restart Apache service.