Thursday, February 3, 2011

Install Apache2 SSL on Windows for https


Test in my Windows 7  for localhost, you may need to change localhost to real servers.
 The steps are as follows:
1) Download Apache OpenSSL binary for indows using the links below:
 httpd-2.2.17-win32-x86-openssl-0.9.8o.msi
2) Download Win32OpenSLL from
http://www.slproweb.com/products/Win32OpenSSL.html
I download two binaries
3) Install Openssl in C:\OpenSSL-Win32
4) Download openssl.cnf from
http://www.thompsonbd.com/files/apache/openssl.cnf
and save in C:\OpenSSL-Win32\bin, in command prompt
set  OPENSSL_CONF= C:\OpenSSL-Win32\bin\openssl.cnf
5)  cd  C:\OpenSSL-Win32\bin
openssl genrsa -des3 1024 > servername.key
openssl req –new –key server.key –out server.csr
(type password, such as wife*7*9*)
5. openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.6.  Save those key files in: C:/Servers/ssl/certs/
6.  Open the httpd.conf file and add (un-comment)
 LoadModule ssl_module modules/mod_ssl.so
 ( I use the log, I install another module log_rotate_module
LoadModule log_rotate_module modules/mod_log_rotate.so)

Add:
<VirtualHost *:443>
     ServerName egps.localhost:443
     DocumentRoot C:/Users/jiansen/Desktop/CAS/jiansen_dir/www/
     <Directory />
        Options FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
       
       <IfModule rewrite_module>
          #RewriteEngine On
          #RewriteRule !maintenance_msg\.php$ /maintenance_msg.php [R,L]
         
          RewriteEngine On
          RewriteCond %{HTTP_REFERER} !^$
          RewriteCond %{HTTP_REFERER} !^https://192.168.1.52/.*$ [NC]
          RewriteRule .*\.(jpe?g|png|gif|bmp|swf|flv) - [NC,F,L]
       </IfModule>   

     </Directory>

    SSLEngine on

     SSLCertificateFile "C:/Servers/ssl/certs/server.crt"
     SSLCertificateKeyFile "C:/Servers/ssl/keys/server.key"
     SSLCertificateChainFile "C:/Servers/ssl/certs/server.crt"

     BrowserMatch ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown
</VirtualHost>

7. To redirect http to https, add following in httpd.conf
<VirtualHost *:80>

    ServerName egps.localhost:80
   # ServerAlias http://www.mywebsite.com:80
    #ServerAlias 122.123.124.1:80
    Redirect permanent / https://localhost
</VirtualHost>

 
Posted by Jiansen Lu at 9:04 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)