Sitemap    
  Home Food Photographs IT Parenting Resources Learning  
SERVERS
Apache
How to configure Win32 Apache 2 2 x SSLHTTPS
How to use apache to serve multiple applications using mod proxy
Tomcat
Websphere
How to configure Win32 Apache 2 2 x SSLHTTPS

Steps
1: Download and install Apache SSL for Windows
2: Download and install OpenSSL for Windows
3: Add openssl.conf to openssl/bin directory
4: Create certs,keys, requests folders and generate KEY, REQUEST, CERTIFICATE, RSA KEY using OpenSSL
5: Edit conf/httpd.conf add LoadModule, VirtualHost directive
6: Run

3: Add openssl.conf to OpenSSL bin directory 
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE		= .rnd

############################################
[ ca ]
default_ca	= CA_default		# The default ca section

############################################
[ CA_default ]

dir		= demoCA		# Where everything is kept
certs		= $dir\certs		# Where the issued certs are kept
crl_dir		= $dir\crl		# Where the issued crl are kept
database	= $dir\index.txt	# database index file.
new_certs_dir	= $dir\newcerts		# default place for new certs.

certificate	= $dir\cacert.pem 	   # The CA certificate
serial		= $dir\serial 		   # The current serial number
crl		= $dir\crl.pem 		   # The current CRL
private_key	= $dir\private\cakey.pem   # The private key
RANDFILE	= $dir\private\private.rnd # private random number file

x509_extensions	= x509v3_extensions	# The extentions to add to the cert
default_days	= 365			# how long to certify for
default_crl_days= 30			# how long before next CRL
default_md	= md5			# which md to use.
preserve	= no			# keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy		= policy_match

# For the CA policy
[ policy_match ]
countryName		= optional
stateOrProvinceName	= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

#############################################
[ req ]
default_bits		= 1024
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_min			= 2
countryName_max			= 2

stateOrProvinceName		= State or Province Name (full name)

localityName			= Locality Name (eg, city)

0.organizationName		= Organization Name (eg, company)

organizationalUnitName		= Organizational Unit Name (eg, section)

commonName			= Common Name (eg, your website's domain name)
commonName_max			= 64

emailAddress			= Email Address
emailAddress_max		= 40

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20

[ x509v3_extensions ]

# under ASN.1, the 0 bit would be encoded as 80
nsCertType			= 0x40

#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType

4A: Create three folders keys, requests, certs under bin directory

4B: Create and run bin/generate_keys_certs.bat. These commands will create KEY, REQUEST, CERTIFICATE, RSA KEY 
rem generate key
openssl genrsa -des3 -out keys/trupti.localhost.key 1024

rem generate request
openssl req -config openssl.conf -new -key keys/trupti.localhost.key -out requests/trupti.localhost.csr

rem generate certificate
openssl x509 -req -days 1001 -in requests/trupti.localhost.csr -signkey keys/trupti.localhost.key -out certs/trupti.localhost.crt

rem generate RSA key
openssl rsa -in keys/trupti.localhost.key -out keys/trupti.localhost.rsa.key


generate_keys_certs.bat output 
C:\apps\GnuWin32\bin>generate_keys_certs.bat

C:\apps\GnuWin32\bin>rem generate key

C:\apps\GnuWin32\bin>openssl genrsa -des3 -out keys/trupti.localhost.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..............................++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for keys/trupti.localhost.key:
Verifying - Enter pass phrase for keys/trupti.localhost.key:

C:\apps\GnuWin32\bin>rem generate request

C:\apps\GnuWin32\bin>openssl req -config openssl.conf -new -key keys/trupti.localhost.key -out reque
sts/trupti.localhost.csr
Enter pass phrase for keys/trupti.localhost.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:IN
State or Province Name (full name) []:MH
Locality Name (eg, city) []:MU
Organization Name (eg, company) []:TRUPTI
Organizational Unit Name (eg, section) []:.
Common Name (eg, your websites domain name) []:trupti
Email Address []:.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:.

C:\apps\GnuWin32\bin>rem generate certificate

C:\apps\GnuWin32\bin>openssl x509 -req -days 1001 -in requests/trupti.localhost.csr -signkey keys/tr
upti.localhost.key -out certs/trupti.localhost.crt
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=MH/L=MU/O=TRUPTI/CN=trupti
Getting Private key
Enter pass phrase for keys/trupti.localhost.key:

C:\apps\GnuWin32\bin>rem generate RSA key

C:\apps\GnuWin32\bin>openssl rsa -in keys/trupti.localhost.key -out keys/trupti.localhost.rsa.key
Enter pass phrase for keys/trupti.localhost.key:
writing RSA key


5: Edit conf/httpd/conf 
# Change port to default HTTPS port 443
Listen 443


# Uncomment LoadModule ssl_module and setenvif_module
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so


# SSL CONFIGURATION
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/ssl_scache(512000)"
# OR
# SSLSessionCache  none
SSLSessionCacheTimeout 300
SSLMutex default
<VirtualHost *:443>
     ServerName trupti.localhost:443
     DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
     SSLEngine on
     SSLCertificateFile "C:/apps/GnuWin32/bin/certs/trupti.localhost.crt"
     SSLCertificateKeyFile "C:/apps/GnuWin32/bin/keys/trupti.localhost.rsa.key"
     SSLCertificateChainFile "C:/apps/GnuWin32/bin/certs/trupti.localhost.crt"
     BrowserMatch ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown
</VirtualHost>

NOW RUN https://trupti.localhost/ you should be able to see certificate error. Follow the link and you will see your page from DocumentRoot


ADD TO DEL.ICIO.US ADD TO DIGG ADD TO FURL ADD TO REDDIT ADD TO STUMBLEUPON ADD TO TECHNORATI FAVORITES ADD TO SQUIDOO ADD TO YAHOO MYWEB ADD TO ASK ADD TO GOOGLE
Post your comments:
Your Name: 
Security check:
Your Comment: 1500 chars
Latest
How to loop arraylist JAVA6 Syntax
How to iterrate through ArrayList and display multiple rows using for loop JAVA6 syntax..
Java JSP  2010-Oct-12
How to loop arraylist
How to iterrate through ArrayList and display multiple rows using for loop, JSTL tags..
Java JSP  2010-Oct-12
Consumer using JAX WS Dispatch API and DOM parser 1
Access/Consume Webservice using Servlet, JAX-WS Dispatch API dynamic client and parsing SOAP response using DOM parser...
Java Webservice  2010-Sep-20
Simple Java first CXF Webservice 4
Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
Java Webservice  2010-Sep-19
Simple Java first CXF Webservice 3
Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
Java Webservice  2010-Sep-18
Simple Java first CXF Webservice 1
Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
Java Webservice  2010-Sep-18
Simple Java first CXF Webservice 2
Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
Java Webservice  2010-Sep-18
Encoding special characters in userinput or on server
Encoding can be done either in Javascript or JAVA encodeURIComponent, escape, java.net.URLEncoder..
Java JSP  2010-Aug-09
Jstl fmt tag i18n formatdate formatcurrency
fmt:setBundle, native2ascii.exe, fmt:message, fmt:setLocale, fmt:formatDate, fmt:formatNumber type=currency..
Java JSP  2010-Aug-05
How to read and write a file
How to read and write a file java.io.BufferedReader,java.io.FileReader, InputStreamReader ...
Java J2SE  2010-Aug-04
jQuery validate form using ajax 2
How to validate/submit form using ajax and jQuery input#, ($.ajax)..
Javascript  2010-Jul-23
jQuery validate form using ajax 1
How to validate/submit form using ajax and jQuery ($.ajax)..
Javascript  2010-Jul-23
How to create datasource in RAD Websphere
Create JDBC provider, datasource and JAAS security setup, JDBC connection URLs
Servers Websphere  2010-Jul-08
Get Started 4
Struts2 framework structure, how various components fit together
Java Struts2  2010-Jul-07
How to populate a form when JSP is called first time
This is achieved throught setting bean in request, using frameworks like Struts2, Spring3..
Java JSP  2010-Jul-07
Spring3 And Hibernate 4
Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
Java Spring  2010-Jul-07