Generate Security Certificates for Apache

If you want to access your website through a secure connection, encrypt your connection using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). https is a URI scheme used to indicate a secure HTTP connection. It is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. A https: URL indicates that HTTP is to be used, but with a different default TCP port (443) and an additional encryption/authentication layer between the HTTP and TCP. This was used for the first time by Netscape.

Implementing SSL in Apache is more difficult than you might think. For implementing SSL, we will use OpenSSL. OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Official OpenSSL websites distribute only the source code. If you don't want to compile it, use the installer provided by Shining Light Productions that will do the job for you, or the dlls from hunter's website. If you want to choose the easiest way, install the kit from Shining Light Productions, but I recommend you to install OpanSSL manually.

Download Openssl-0.9.8d-Win32.zip from hunter.campbus.com. Extract the files to a folder. Then copy libeay32.dll and ssleay32.dll to your /system32 folder. After that, you will need openssl.cnf, which is the configuration file for OpenSSL. Download it from here, and save it in the folder where you unzipped the files. Next, we'll create the self-signed certificate using the command: openssl req -config openssl.cnf -new -out softpedia.csr -keyout softpedia.pem. During this process, you will have to enter PEM pass phrase (password associated to the private key) and the common name (I used www.softpedia.com).

After that, we'll generate a non-password protected key for Apache using this command: openssl rsa -in softpedia.pem -out softpedia.key. The last step is generating an X.509 certificate: openssl x509 -in blarg.csr -out blarg.cert -req -signkey blarg.key -days 365.

Next, we'll install the OpenSSL support for Apache. Download Apache_2.2.3-Openssl_0.9.8d-Win32.zip and unzip it in a folder. From httpd.conf uncomment the line LoadModule ssl_module modules/mod_ssl.so which loads mod_ssl and include conf/extra/httpd-ssl.conf which loads ssl.conf file. After that, change VirtualHosts settings (DocumentRoot, ServerAdmin, ServerName, ErrorLog, TransferLog) from conf/extra/httpd-ssl.conf.