sslWhen I do sideline work, I always use Apache HTTP Server as the web server and PHP as the programming language.

This, together with MySQL are totally free and you do not have to worry about money and legal issues and other annoying extra modules needed to be downloaded (say .NET if the PC does not have the framework installed).

Especially in Windows, setting these up is pretty easy (unlike unix based operating systems which is so much of a hassle). Anyway, if you plan to have your site use SSL for secure transactions, you only need 3 files (as this was my experience where the site is hosted with GoDaddy’s).

You need to do the following …

– Generate a KEY file
– Generate the CSR file.

To generate a KEY and a CSR file, you can use OpenSSL to generate them. But you first need to create a KEY file in order to create a CSR file. To generate a KEY file, do this …

There is also an option that will encrypt the KEY file although I did not opt to encrypt it because it is not supported in Windows. At least that was the error that I got in Apache server’s logs.

To generate a CSR file, do this …

To avoid confusion, it is best to use your domain name as the name of the files. Although this is not really important since the content of the files are what is really important.

Once you have the CSR file, you can then send the contents of that file to GoDaddy so they can generate you the SSL certificate file with the extension CRT.

Note that you must not delete the KEY file as it is needed when you will configure your web server to use SSL. Upon creating a CSR file, you will be asked some questions. Please take note of the following.

Common Name – this is not the owner’s name whatsoever. The correct value for this is your domain url e.g. www.domain.com
Organization Name – The exact legal name of your organization. Do not abbreviate
Organization Unit – Section of the organization (not really important. up to you)
City or Locality – The city where your organization is located. Do not abbreviate
State or Province – The state or province where your organization is legally located.
Country – The two-letter country code.

Configuring Apache HTTP Server with SSL is very easy. This post assumes that you already have a certificate file generated and signed. I will not discuss here how to generate your own one using the open source OpenSSL. This guide is intended for people who already have signed certificates from a security certificate company to be used in their websites.

First off, you must download the binary of Apache HTTP Server with SSL. Install/extract it to your desired folder. Now it’s time for some configuration. Go to the folder conf/ in your Apache folder and open the file httpd.conf . Look for this string LoadModule ssl_module modules/mod_ssl.so and remove the # sign to uncomment it.

Next, place these lines anywhere in the file.

<IfModule mod_ssl.c>
  Include conf/httpd-ssl.conf
</IfModule>

The file httpd-ssl.conf (or ssl.conf) is found in the extra/ folder in your conf/ folder. You can either move this file to your preferred directory or have it stay as is. You would have to change the path in the above tag to point it to the right path.

Now, let’s open up httpd-ssl.conf. Look for the following strings:
SSLCertificateFile
SSLCertificateKeyFile

Change the path to where you stored your .crt file and .key file. Sometimes your host provider may require you to also set a certificate chain file in order for SSL to work. Just look for the string SSLCertificateChainFile and change the path. The file usually has a substring of the word “bundle”.

Next, we set the DocumentRoot, ServerName, and ServerAdmin values. Look for this string VirtualHost and change the values. Your DocumentRoot must be the same path as the DocumentRoot path in httpd.conf if you wish to have the same pages in SSL. Your ServerName should point to your domain url e.g. www.domain.com. ServerAdmin can be left out as it is.

Save the files and restart Apache and point your site to https://domain:443/

If in case your server doesnt start because of this error:
Error: Init: SSLPassPhraseDialog builtin is not supported on Win32

Copy your encrypted key file using this command:
openssl rsa -in file1.key -out file2.key

file2.key will contain your unencrypted key. Use that key file in your httpd-ssl.conf settings.

Related Posts Plugin for WordPress, Blogger...