Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 1:54 PM Mario Brandt wrote:
> Maybe this can be added to the wiki?
>
> Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46:
>
>>
>>
>> On Mon, May 6, 2024 at 2:55 AM General Email <
>> general.email.12341...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I have configured SSL and enabled HTTPS on Apache 2.4. It is working
>>> fine.
>>>
>>> If the docs team is interested, then they can put my instructions on
>>> the above topic in the documentation.
>>>
>>> The instructions are below:
>>>
>>>
>>> --
>>> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10
>>> Date: April, 2024
>>> --
>>>
>>>
>>>
>>> VERY IMPORTANT:
>>>
>>> You should not follow this process for a production environment because
>>> self-signed SSL certificate (that is being generated here) is a security
>>> risk.
>>> You should follow this process only for the local development
>>> environment.
>>>
>>>
>>>
>>> -
>>> Please follow the steps listed below:
>>> -
>>>
>>> Step 1: Stop Apache web server if it is already running.
>>>
>>> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment
>>> variable "Path". openssl.exe is in this folder.
>>>
>>> Step 3: Open the Windows command prompt and change directory to
>>> "absolute_path_to_apache24_dir\conf".
>>>
>>> Step 4: On the command prompt, execute the following command:
>>>
>>> set
>>> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf
>>>
>>> If "absolute_path_to_apache24_dir" contains spaces then enclose
>>> the
>>> path in quotes.
>>>
>>> Step 5: Check that the OPENSSL_CONF variable is set to correct directory
>>> by
>>> executing the following command on the command prompt:
>>>
>>> echo %OPENSSL_CONF%
>>>
>>> Step 6: On the command prompt, execute the following command
>>> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder):
>>>
>>> openssl genrsa -out cert.key 2048
>>>
>>> Step 7: On the command prompt, execute the following command:
>>>
>>> openssl req -new -key cert.key -out cert.csr
>>>
>>> When you execute this command, you will be asked to give input
>>> for
>>> some fields. I had given input for only one field (and for other
>>> fields,
>>> I just hit "Enter" key):
>>>
>>> Common Name (e.g. server FQDN or YOUR name) []:localhost
>>>
>>> Step 8: On the command prompt, execute the following command:
>>>
>>> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out
>>> cert.crt
>>>
>>> Step 9: Change a few lines in the
>>> "absolute_path_to_apache24_dir\conf\httpd.conf"
>>> file. I am listing the lines after the changes. I am not listing
>>> the
>>> original lines. You can search and change/replace the original
>>> lines.
>>>
>>> The changed lines are:
>>>
>>> Define SRVROOT "absolute_path_to_apache24_dir"
>>> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
>>> LoadModule ssl_module modules/mod_ssl.so
>>> ServerName localhost:80
>>> Include conf/extra/httpd-ssl.conf
>>>
>>> Step 10: Change a few lines in the
>>> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file.
>>> I am listing the lines after the changes. I am not listing the
>>> original lines. You can search and change/replace the original
>>> lines.
>>>
>>> The changed lines are:
>>>
>>> ServerName localhost:443
>>> ServerAdmin ad...@localhost.localdomain.com
>>> SSLCertificateFile "${SRVROOT}/conf/cert.crt"
>>> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key"
>>>
>>> Step 11 (Last Step): Now, you can start Apache web server and test.
>>>
>>> Since the security certificate that was generated here is
>>> self-signed,
>>> the browser may show you a warning that the
>>> connection/certificate,
>>> etc. is not trusted. But since this is your local development
>>> environment, you can ignore this warning and accept the risk and
>>> go ahead with the testing/development, etc.
>>>
>>> I do the same (ignore the warning and accept the risk).
>>>
>>> End
>>>
>>> -
>>> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: docs-h...@httpd.apache.org
>>>
>>>
>> I don't think those belong in the official httpd documentation, but I
>> wouldn't be opposed to adding the recipe in the httpd wiki.
>>
>
Mario,
That was my train of
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
Maybe this can be added to the wiki?
Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46:
>
>
> On Mon, May 6, 2024 at 2:55 AM General Email <
> general.email.12341...@gmail.com> wrote:
>
>> Hi,
>>
>> I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine.
>>
>> If the docs team is interested, then they can put my instructions on
>> the above topic in the documentation.
>>
>> The instructions are below:
>>
>>
>> --
>> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10
>> Date: April, 2024
>> --
>>
>>
>>
>> VERY IMPORTANT:
>>
>> You should not follow this process for a production environment because
>> self-signed SSL certificate (that is being generated here) is a security
>> risk.
>> You should follow this process only for the local development environment.
>>
>>
>>
>> -
>> Please follow the steps listed below:
>> -
>>
>> Step 1: Stop Apache web server if it is already running.
>>
>> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment
>> variable "Path". openssl.exe is in this folder.
>>
>> Step 3: Open the Windows command prompt and change directory to
>> "absolute_path_to_apache24_dir\conf".
>>
>> Step 4: On the command prompt, execute the following command:
>>
>> set
>> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf
>>
>> If "absolute_path_to_apache24_dir" contains spaces then enclose
>> the
>> path in quotes.
>>
>> Step 5: Check that the OPENSSL_CONF variable is set to correct directory
>> by
>> executing the following command on the command prompt:
>>
>> echo %OPENSSL_CONF%
>>
>> Step 6: On the command prompt, execute the following command
>> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder):
>>
>> openssl genrsa -out cert.key 2048
>>
>> Step 7: On the command prompt, execute the following command:
>>
>> openssl req -new -key cert.key -out cert.csr
>>
>> When you execute this command, you will be asked to give input for
>> some fields. I had given input for only one field (and for other
>> fields,
>> I just hit "Enter" key):
>>
>> Common Name (e.g. server FQDN or YOUR name) []:localhost
>>
>> Step 8: On the command prompt, execute the following command:
>>
>> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out
>> cert.crt
>>
>> Step 9: Change a few lines in the
>> "absolute_path_to_apache24_dir\conf\httpd.conf"
>> file. I am listing the lines after the changes. I am not listing
>> the
>> original lines. You can search and change/replace the original
>> lines.
>>
>> The changed lines are:
>>
>> Define SRVROOT "absolute_path_to_apache24_dir"
>> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
>> LoadModule ssl_module modules/mod_ssl.so
>> ServerName localhost:80
>> Include conf/extra/httpd-ssl.conf
>>
>> Step 10: Change a few lines in the
>> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file.
>> I am listing the lines after the changes. I am not listing the
>> original lines. You can search and change/replace the original
>> lines.
>>
>> The changed lines are:
>>
>> ServerName localhost:443
>> ServerAdmin ad...@localhost.localdomain.com
>> SSLCertificateFile "${SRVROOT}/conf/cert.crt"
>> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key"
>>
>> Step 11 (Last Step): Now, you can start Apache web server and test.
>>
>> Since the security certificate that was generated here is
>> self-signed,
>> the browser may show you a warning that the
>> connection/certificate,
>> etc. is not trusted. But since this is your local development
>> environment, you can ignore this warning and accept the risk and
>> go ahead with the testing/development, etc.
>>
>> I do the same (ignore the warning and accept the risk).
>>
>> End
>>
>> -
>> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: docs-h...@httpd.apache.org
>>
>>
> I don't think those belong in the official httpd documentation, but I
> wouldn't be opposed to adding the recipe in the httpd wiki.
>
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 2:55 AM General Email <
general.email.12341...@gmail.com> wrote:
> Hi,
>
> I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine.
>
> If the docs team is interested, then they can put my instructions on
> the above topic in the documentation.
>
> The instructions are below:
>
>
> --
> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10
> Date: April, 2024
> --
>
>
>
> VERY IMPORTANT:
>
> You should not follow this process for a production environment because
> self-signed SSL certificate (that is being generated here) is a security
> risk.
> You should follow this process only for the local development environment.
>
>
>
> -
> Please follow the steps listed below:
> -
>
> Step 1: Stop Apache web server if it is already running.
>
> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment
> variable "Path". openssl.exe is in this folder.
>
> Step 3: Open the Windows command prompt and change directory to
> "absolute_path_to_apache24_dir\conf".
>
> Step 4: On the command prompt, execute the following command:
>
> set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf
>
> If "absolute_path_to_apache24_dir" contains spaces then enclose the
> path in quotes.
>
> Step 5: Check that the OPENSSL_CONF variable is set to correct directory by
> executing the following command on the command prompt:
>
> echo %OPENSSL_CONF%
>
> Step 6: On the command prompt, execute the following command
> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder):
>
> openssl genrsa -out cert.key 2048
>
> Step 7: On the command prompt, execute the following command:
>
> openssl req -new -key cert.key -out cert.csr
>
> When you execute this command, you will be asked to give input for
> some fields. I had given input for only one field (and for other
> fields,
> I just hit "Enter" key):
>
> Common Name (e.g. server FQDN or YOUR name) []:localhost
>
> Step 8: On the command prompt, execute the following command:
>
> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out
> cert.crt
>
> Step 9: Change a few lines in the
> "absolute_path_to_apache24_dir\conf\httpd.conf"
> file. I am listing the lines after the changes. I am not listing
> the
> original lines. You can search and change/replace the original
> lines.
>
> The changed lines are:
>
> Define SRVROOT "absolute_path_to_apache24_dir"
> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> LoadModule ssl_module modules/mod_ssl.so
> ServerName localhost:80
> Include conf/extra/httpd-ssl.conf
>
> Step 10: Change a few lines in the
> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file.
> I am listing the lines after the changes. I am not listing the
> original lines. You can search and change/replace the original
> lines.
>
> The changed lines are:
>
> ServerName localhost:443
> ServerAdmin ad...@localhost.localdomain.com
> SSLCertificateFile "${SRVROOT}/conf/cert.crt"
> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key"
>
> Step 11 (Last Step): Now, you can start Apache web server and test.
>
> Since the security certificate that was generated here is
> self-signed,
> the browser may show you a warning that the
> connection/certificate,
> etc. is not trusted. But since this is your local development
> environment, you can ignore this warning and accept the risk and
> go ahead with the testing/development, etc.
>
> I do the same (ignore the warning and accept the risk).
>
> End
>
> -
> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
> For additional commands, e-mail: docs-h...@httpd.apache.org
>
>
I don't think those belong in the official httpd documentation, but I
wouldn't be opposed to adding the recipe in the httpd wiki.
