banner



Home  ›  How To Set Up Apache With Ssl Https On Localhost

How To Set Up Apache With Ssl Https On Localhost

Written By Monday, April 11, 2022 Add Comment Edit

Running Apache on Windows 10 hither. I couldn't get Chrome to trust the document made in the elevation answer past Simon. What I concluded upwards doing was using PowerShell to generate a cocky signed certificate.

Step 1 - Generate Self-Signed certificate

In PowerShell
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My" 1

Stride 2 - Configure and Export Certificate

Type Certificate into the Windows search bar, click the Manage Computer Certificates command panel detail that is suggested.

From the Certificate Management program that comes up (certlm), you lot should now come across a localhost key under Personal >> Certificates.

I copied this certificate into Trusted Root Certification Authorities. I'll exist honest in that I'm not sure if that'south necessary.

Selecting the newly copied document, double click on it (the localhost document). From the Document modal, click the Details tab, then the Re-create to File... button.

This will bring upwardly and Export Magician, I chose to export the private cardinal, click side by side. I also chose to Export all extended properties (again, I'm not certain if that was necessary). I chose to use a simple password (pass) and the default encryption. Cull a binder to export to and name the file. You can e'er move and rename the file if necessary. For simplicity'southward sake let's copy it to your conf folder under your Apache installation (In my case: C:\apache\conf) and name the file myCert (the resulting file will exist a .pfx file)

Step 3 - Convert .pfx file for use with Apache

From here I basically followed the tutorial here, but I'll add together instructions hither (tweaked for our settings) in example that site goes down.

Open your Command Prompt in the /apache/conf/ folder
Run the post-obit commands: Note: This assumes yous have openssl.exe in the bin folder in the apache root folder (this should be standard/default) 

          ..\bin\openssl pkcs12 -in myCert.pfx -nocerts -out privateKey.pem

This will prompt you for a password, enter what you lot input for Step 2 when you exported the .pfx file. In my case, this is pass. I entered the same countersign for the PEM phrase and again to verify. This volition create a new file called privateKey.pem in your conf folder.

Then, run 

          ..\bin\openssl rsa -in privateKey.pem -out individual.pem

Over again you will be prompted for a password (Enter pass phrase for privateKey.pem:), utilise the password you set for privateKey.pem. (In my case, pass)
You should see a message that says writing RSA key and a new file chosen individual.pem in your conf/ binder. This will be your SSLCertificateKeyFile.

At present to generate the corresponding Server Certificate. Run: 

          ..\bin\openssl pkcs12 -in myCert.pfx -clcerts -nokeys -out EntrustCert.pem

This will prompt you for a password, enter what y'all input for Footstep 2 when y'all exported the .pfx file. Enter it and you will now have a file called EntrustCert.pem in your conf folder. This is your SSLCertificateFile

Step 4 - Configure httpd.conf

Utilize the new files created as you server'southward key and certificate. Be sure to change your document root to where your files are!

          ServerName localhost:80 Protocols h2 h2c http/1.1 <Directory />     Options FollowSymLinks     AllowOverride All </Directory>  <VirtualHost _default_:443>   ServerName localhost:443   DocumentRoot ${SRVROOT}/htdocs/MYSITE   SSLEngine on   SSLCertificateFile "${SRVROOT}/conf/EntrustCert.pem"   SSLCertificateKeyFile "${SRVROOT}/conf/private.pem" </VirtualHost>

Likewise in httpd.conf:

  • Make certain LoadModule ssl_module modules/mod_ssl.so is uncommented (no # in front)
  • Uncomment LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  • Uncomment LoadModule http2_module modules/mod_http2.so
  • Uncomment Include conf/actress/httpd-ssl.conf (NOTE: Ensure that's where the file is!)

I also have roll and open ssl libraries included:

          # load curl and open ssl libraries LoadFile "C:\php\libeay32.dll" LoadFile "C:\php\ssleay32.dll" LoadFile "C:\php\libssh2.dll"

These modules shouldn't exist necessary, but I'll note that I have them enabled:
LoadModule rewrite_module modules/mod_rewrite.and then
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so

Step 5 - Config httpd-ssl.conf

In the extra/ folder in the conf/ folder you should see a file called httpd-ssl.conf.

5a. Alter the DocumentRoot - Alter the DocumentRoot from the default to the directory where your files are.

5b. Modify the ServerName - Alter the ServerName from the default (something like www.instance.com:443) to localhost:443

5c. Change the SSLCertificateFile
Change the SSLCertificateFile from the default (${SRVROOT}/conf/server.crt) to ${SRVROOT}/conf/EntrustCert.pem

5c. Change the SSLCertificateKeyFile
Modify the SSLCertificateKeyFile from the default (${SRVROOT}/conf/server.key) to ${SRVROOT}/conf/individual.pem

All together, in the <VirtualHost _default_:443> tag.

          #   Full general setup for the virtual host DocumentRoot "${SRVROOT}/htdocs/MYSITE" ServerName localhost:443 ServerAdmin admin@case.com ErrorLog "${SRVROOT}/logs/error.log" TransferLog "${SRVROOT}/logs/access.log"  #   SSL Engine Switch: #   Enable/Disable SSL for this virtual host. SSLEngine on  #   Server Certificate: #   Bespeak SSLCertificateFile at a PEM encoded certificate.  If #   the certificate is encrypted, then you volition exist prompted for a #   laissez passer phrase.  Annotation that a kill -HUP will prompt once again.  Keep #   in mind that if you lot take both an RSA and a DSA certificate you #   can configure both in parallel (to also allow the use of DSA #   ciphers, etc.) #   Some ECC aught suites (http://world wide web.ietf.org/rfc/rfc4492.txt) #   require an ECC certificate which tin also be configured in #   parallel. SSLCertificateFile "${SRVROOT}/conf/EntrustCert.pem" #SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt" #SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"  #   Server Individual Key: #   If the primal is not combined with the certificate, use this #   directive to betoken at the cardinal file.  Go along in listen that if #   you've both a RSA and a DSA private key you can configure #   both in parallel (to also allow the use of DSA ciphers, etc.) #   ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile "${SRVROOT}/conf/private.pem" #SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.fundamental" #SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.primal"

Restart Apache

Later making these changes you should be able to restart Apache and navigate to https://localhost without a security alarm and a petty padlock!

Secured localhost

I hope this helps someone! 😊

Sources:
i.) Auri Rahimzadeh's answer on creating a self-signed certificate
2.) Entrust Datacard - How practise I convert a .pfx to be used with an Apache server?

How To Set Up Apache With Ssl Https On Localhost,

Source: https://stackoverflow.com/questions/4221874/how-do-i-allow-https-for-apache-on-localhost

Posted by: blossstrable.blogspot.com

0 Response to "How To Set Up Apache With Ssl Https On Localhost"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel