Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 1:54 PM Mario Brandt wrote: > Maybe this can be added to the wiki? > > Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46: > >> >> >> On Mon, May 6, 2024 at 2:55 AM General Email < >> general.email.12341...@gmail.com> wrote: >> >>> Hi, >>> >>> I have configured SSL and enabled HTTPS on Apache 2.4. It is working >>> fine. >>> >>> If the docs team is interested, then they can put my instructions on >>> the above topic in the documentation. >>> >>> The instructions are below: >>> >>> >>> -- >>> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 >>> Date: April, 2024 >>> -- >>> >>> >>> >>> VERY IMPORTANT: >>> >>> You should not follow this process for a production environment because >>> self-signed SSL certificate (that is being generated here) is a security >>> risk. >>> You should follow this process only for the local development >>> environment. >>> >>> >>> >>> - >>> Please follow the steps listed below: >>> - >>> >>> Step 1: Stop Apache web server if it is already running. >>> >>> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment >>> variable "Path". openssl.exe is in this folder. >>> >>> Step 3: Open the Windows command prompt and change directory to >>> "absolute_path_to_apache24_dir\conf". >>> >>> Step 4: On the command prompt, execute the following command: >>> >>> set >>> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf >>> >>> If "absolute_path_to_apache24_dir" contains spaces then enclose >>> the >>> path in quotes. >>> >>> Step 5: Check that the OPENSSL_CONF variable is set to correct directory >>> by >>> executing the following command on the command prompt: >>> >>> echo %OPENSSL_CONF% >>> >>> Step 6: On the command prompt, execute the following command >>> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): >>> >>> openssl genrsa -out cert.key 2048 >>> >>> Step 7: On the command prompt, execute the following command: >>> >>> openssl req -new -key cert.key -out cert.csr >>> >>> When you execute this command, you will be asked to give input >>> for >>> some fields. I had given input for only one field (and for other >>> fields, >>> I just hit "Enter" key): >>> >>> Common Name (e.g. server FQDN or YOUR name) []:localhost >>> >>> Step 8: On the command prompt, execute the following command: >>> >>> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out >>> cert.crt >>> >>> Step 9: Change a few lines in the >>> "absolute_path_to_apache24_dir\conf\httpd.conf" >>> file. I am listing the lines after the changes. I am not listing >>> the >>> original lines. You can search and change/replace the original >>> lines. >>> >>> The changed lines are: >>> >>> Define SRVROOT "absolute_path_to_apache24_dir" >>> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so >>> LoadModule ssl_module modules/mod_ssl.so >>> ServerName localhost:80 >>> Include conf/extra/httpd-ssl.conf >>> >>> Step 10: Change a few lines in the >>> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. >>> I am listing the lines after the changes. I am not listing the >>> original lines. You can search and change/replace the original >>> lines. >>> >>> The changed lines are: >>> >>> ServerName localhost:443 >>> ServerAdmin ad...@localhost.localdomain.com >>> SSLCertificateFile "${SRVROOT}/conf/cert.crt" >>> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" >>> >>> Step 11 (Last Step): Now, you can start Apache web server and test. >>> >>> Since the security certificate that was generated here is >>> self-signed, >>> the browser may show you a warning that the >>> connection/certificate, >>> etc. is not trusted. But since this is your local development >>> environment, you can ignore this warning and accept the risk and >>> go ahead with the testing/development, etc. >>> >>> I do the same (ignore the warning and accept the risk). >>> >>> End >>> >>> - >>> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: docs-h...@httpd.apache.org >>> >>> >> I don't think those belong in the official httpd documentation, but I >> wouldn't be opposed to adding the recipe in the httpd wiki. >> > Mario, That was my train of
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
Maybe this can be added to the wiki? Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46: > > > On Mon, May 6, 2024 at 2:55 AM General Email < > general.email.12341...@gmail.com> wrote: > >> Hi, >> >> I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine. >> >> If the docs team is interested, then they can put my instructions on >> the above topic in the documentation. >> >> The instructions are below: >> >> >> -- >> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 >> Date: April, 2024 >> -- >> >> >> >> VERY IMPORTANT: >> >> You should not follow this process for a production environment because >> self-signed SSL certificate (that is being generated here) is a security >> risk. >> You should follow this process only for the local development environment. >> >> >> >> - >> Please follow the steps listed below: >> - >> >> Step 1: Stop Apache web server if it is already running. >> >> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment >> variable "Path". openssl.exe is in this folder. >> >> Step 3: Open the Windows command prompt and change directory to >> "absolute_path_to_apache24_dir\conf". >> >> Step 4: On the command prompt, execute the following command: >> >> set >> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf >> >> If "absolute_path_to_apache24_dir" contains spaces then enclose >> the >> path in quotes. >> >> Step 5: Check that the OPENSSL_CONF variable is set to correct directory >> by >> executing the following command on the command prompt: >> >> echo %OPENSSL_CONF% >> >> Step 6: On the command prompt, execute the following command >> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): >> >> openssl genrsa -out cert.key 2048 >> >> Step 7: On the command prompt, execute the following command: >> >> openssl req -new -key cert.key -out cert.csr >> >> When you execute this command, you will be asked to give input for >> some fields. I had given input for only one field (and for other >> fields, >> I just hit "Enter" key): >> >> Common Name (e.g. server FQDN or YOUR name) []:localhost >> >> Step 8: On the command prompt, execute the following command: >> >> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out >> cert.crt >> >> Step 9: Change a few lines in the >> "absolute_path_to_apache24_dir\conf\httpd.conf" >> file. I am listing the lines after the changes. I am not listing >> the >> original lines. You can search and change/replace the original >> lines. >> >> The changed lines are: >> >> Define SRVROOT "absolute_path_to_apache24_dir" >> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so >> LoadModule ssl_module modules/mod_ssl.so >> ServerName localhost:80 >> Include conf/extra/httpd-ssl.conf >> >> Step 10: Change a few lines in the >> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. >> I am listing the lines after the changes. I am not listing the >> original lines. You can search and change/replace the original >> lines. >> >> The changed lines are: >> >> ServerName localhost:443 >> ServerAdmin ad...@localhost.localdomain.com >> SSLCertificateFile "${SRVROOT}/conf/cert.crt" >> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" >> >> Step 11 (Last Step): Now, you can start Apache web server and test. >> >> Since the security certificate that was generated here is >> self-signed, >> the browser may show you a warning that the >> connection/certificate, >> etc. is not trusted. But since this is your local development >> environment, you can ignore this warning and accept the risk and >> go ahead with the testing/development, etc. >> >> I do the same (ignore the warning and accept the risk). >> >> End >> >> - >> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org >> For additional commands, e-mail: docs-h...@httpd.apache.org >> >> > I don't think those belong in the official httpd documentation, but I > wouldn't be opposed to adding the recipe in the httpd wiki. >
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 2:55 AM General Email < general.email.12341...@gmail.com> wrote: > Hi, > > I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine. > > If the docs team is interested, then they can put my instructions on > the above topic in the documentation. > > The instructions are below: > > > -- > Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 > Date: April, 2024 > -- > > > > VERY IMPORTANT: > > You should not follow this process for a production environment because > self-signed SSL certificate (that is being generated here) is a security > risk. > You should follow this process only for the local development environment. > > > > - > Please follow the steps listed below: > - > > Step 1: Stop Apache web server if it is already running. > > Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment > variable "Path". openssl.exe is in this folder. > > Step 3: Open the Windows command prompt and change directory to > "absolute_path_to_apache24_dir\conf". > > Step 4: On the command prompt, execute the following command: > > set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf > > If "absolute_path_to_apache24_dir" contains spaces then enclose the > path in quotes. > > Step 5: Check that the OPENSSL_CONF variable is set to correct directory by > executing the following command on the command prompt: > > echo %OPENSSL_CONF% > > Step 6: On the command prompt, execute the following command > (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): > > openssl genrsa -out cert.key 2048 > > Step 7: On the command prompt, execute the following command: > > openssl req -new -key cert.key -out cert.csr > > When you execute this command, you will be asked to give input for > some fields. I had given input for only one field (and for other > fields, > I just hit "Enter" key): > > Common Name (e.g. server FQDN or YOUR name) []:localhost > > Step 8: On the command prompt, execute the following command: > > openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out > cert.crt > > Step 9: Change a few lines in the > "absolute_path_to_apache24_dir\conf\httpd.conf" > file. I am listing the lines after the changes. I am not listing > the > original lines. You can search and change/replace the original > lines. > > The changed lines are: > > Define SRVROOT "absolute_path_to_apache24_dir" > LoadModule socache_shmcb_module modules/mod_socache_shmcb.so > LoadModule ssl_module modules/mod_ssl.so > ServerName localhost:80 > Include conf/extra/httpd-ssl.conf > > Step 10: Change a few lines in the > "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. > I am listing the lines after the changes. I am not listing the > original lines. You can search and change/replace the original > lines. > > The changed lines are: > > ServerName localhost:443 > ServerAdmin ad...@localhost.localdomain.com > SSLCertificateFile "${SRVROOT}/conf/cert.crt" > SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" > > Step 11 (Last Step): Now, you can start Apache web server and test. > > Since the security certificate that was generated here is > self-signed, > the browser may show you a warning that the > connection/certificate, > etc. is not trusted. But since this is your local development > environment, you can ignore this warning and accept the risk and > go ahead with the testing/development, etc. > > I do the same (ignore the warning and accept the risk). > > End > > - > To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org > For additional commands, e-mail: docs-h...@httpd.apache.org > > I don't think those belong in the official httpd documentation, but I wouldn't be opposed to adding the recipe in the httpd wiki.