Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 1:54 PM Mario Brandt wrote: > Maybe this can be added to the wiki? > > Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46: > >> >> >> On Mon, May 6, 2024 at 2:55 AM General Email < >> general.email.12341...@gmail.com> wrote: >> >>> Hi, >>> >>> I have configured SSL and enabled HTTPS on Apache 2.4. It is working >>> fine. >>> >>> If the docs team is interested, then they can put my instructions on >>> the above topic in the documentation. >>> >>> The instructions are below: >>> >>> >>> -- >>> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 >>> Date: April, 2024 >>> -- >>> >>> >>> >>> VERY IMPORTANT: >>> >>> You should not follow this process for a production environment because >>> self-signed SSL certificate (that is being generated here) is a security >>> risk. >>> You should follow this process only for the local development >>> environment. >>> >>> >>> >>> - >>> Please follow the steps listed below: >>> - >>> >>> Step 1: Stop Apache web server if it is already running. >>> >>> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment >>> variable "Path". openssl.exe is in this folder. >>> >>> Step 3: Open the Windows command prompt and change directory to >>> "absolute_path_to_apache24_dir\conf". >>> >>> Step 4: On the command prompt, execute the following command: >>> >>> set >>> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf >>> >>> If "absolute_path_to_apache24_dir" contains spaces then enclose >>> the >>> path in quotes. >>> >>> Step 5: Check that the OPENSSL_CONF variable is set to correct directory >>> by >>> executing the following command on the command prompt: >>> >>> echo %OPENSSL_CONF% >>> >>> Step 6: On the command prompt, execute the following command >>> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): >>> >>> openssl genrsa -out cert.key 2048 >>> >>> Step 7: On the command prompt, execute the following command: >>> >>> openssl req -new -key cert.key -out cert.csr >>> >>> When you execute this command, you will be asked to give input >>> for >>> some fields. I had given input for only one field (and for other >>> fields, >>> I just hit "Enter" key): >>> >>> Common Name (e.g. server FQDN or YOUR name) []:localhost >>> >>> Step 8: On the command prompt, execute the following command: >>> >>> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out >>> cert.crt >>> >>> Step 9: Change a few lines in the >>> "absolute_path_to_apache24_dir\conf\httpd.conf" >>> file. I am listing the lines after the changes. I am not listing >>> the >>> original lines. You can search and change/replace the original >>> lines. >>> >>> The changed lines are: >>> >>> Define SRVROOT "absolute_path_to_apache24_dir" >>> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so >>> LoadModule ssl_module modules/mod_ssl.so >>> ServerName localhost:80 >>> Include conf/extra/httpd-ssl.conf >>> >>> Step 10: Change a few lines in the >>> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. >>> I am listing the lines after the changes. I am not listing the >>> original lines. You can search and change/replace the original >>> lines. >>> >>> The changed lines are: >>> >>> ServerName localhost:443 >>> ServerAdmin ad...@localhost.localdomain.com >>> SSLCertificateFile "${SRVROOT}/conf/cert.crt" >>> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" >>> >>> Step 11 (Last Step): Now, you can start Apache web server and test. >>> >>> Since the security certificate that was generated here is >>> self-signed, >>> the browser may show you a warning that the >>> connection/certificate, >>> etc. is not trusted. But since this is your local development >>> environment, you can ignore this warning and accept the risk and >>> go ahead with the testing/development, etc. >>> >>> I do the same (ignore the warning and accept the risk). >>> >>> End >>> >>> - >>> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: docs-h...@httpd.apache.org >>> >>> >> I don't think those belong in the official httpd documentation, but I >> wouldn't be opposed to adding the recipe in the httpd wiki. >> > Mario, That was my train
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
Maybe this can be added to the wiki? Frank Gingras schrieb am Mo., 6. Mai 2024, 15:46: > > > On Mon, May 6, 2024 at 2:55 AM General Email < > general.email.12341...@gmail.com> wrote: > >> Hi, >> >> I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine. >> >> If the docs team is interested, then they can put my instructions on >> the above topic in the documentation. >> >> The instructions are below: >> >> >> -- >> Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 >> Date: April, 2024 >> -- >> >> >> >> VERY IMPORTANT: >> >> You should not follow this process for a production environment because >> self-signed SSL certificate (that is being generated here) is a security >> risk. >> You should follow this process only for the local development environment. >> >> >> >> - >> Please follow the steps listed below: >> - >> >> Step 1: Stop Apache web server if it is already running. >> >> Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment >> variable "Path". openssl.exe is in this folder. >> >> Step 3: Open the Windows command prompt and change directory to >> "absolute_path_to_apache24_dir\conf". >> >> Step 4: On the command prompt, execute the following command: >> >> set >> OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf >> >> If "absolute_path_to_apache24_dir" contains spaces then enclose >> the >> path in quotes. >> >> Step 5: Check that the OPENSSL_CONF variable is set to correct directory >> by >> executing the following command on the command prompt: >> >> echo %OPENSSL_CONF% >> >> Step 6: On the command prompt, execute the following command >> (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): >> >> openssl genrsa -out cert.key 2048 >> >> Step 7: On the command prompt, execute the following command: >> >> openssl req -new -key cert.key -out cert.csr >> >> When you execute this command, you will be asked to give input for >> some fields. I had given input for only one field (and for other >> fields, >> I just hit "Enter" key): >> >> Common Name (e.g. server FQDN or YOUR name) []:localhost >> >> Step 8: On the command prompt, execute the following command: >> >> openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out >> cert.crt >> >> Step 9: Change a few lines in the >> "absolute_path_to_apache24_dir\conf\httpd.conf" >> file. I am listing the lines after the changes. I am not listing >> the >> original lines. You can search and change/replace the original >> lines. >> >> The changed lines are: >> >> Define SRVROOT "absolute_path_to_apache24_dir" >> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so >> LoadModule ssl_module modules/mod_ssl.so >> ServerName localhost:80 >> Include conf/extra/httpd-ssl.conf >> >> Step 10: Change a few lines in the >> "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. >> I am listing the lines after the changes. I am not listing the >> original lines. You can search and change/replace the original >> lines. >> >> The changed lines are: >> >> ServerName localhost:443 >> ServerAdmin ad...@localhost.localdomain.com >> SSLCertificateFile "${SRVROOT}/conf/cert.crt" >> SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" >> >> Step 11 (Last Step): Now, you can start Apache web server and test. >> >> Since the security certificate that was generated here is >> self-signed, >> the browser may show you a warning that the >> connection/certificate, >> etc. is not trusted. But since this is your local development >> environment, you can ignore this warning and accept the risk and >> go ahead with the testing/development, etc. >> >> I do the same (ignore the warning and accept the risk). >> >> End >> >> - >> To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org >> For additional commands, e-mail: docs-h...@httpd.apache.org >> >> > I don't think those belong in the official httpd documentation, but I > wouldn't be opposed to adding the recipe in the httpd wiki. >
Re: Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
On Mon, May 6, 2024 at 2:55 AM General Email < general.email.12341...@gmail.com> wrote: > Hi, > > I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine. > > If the docs team is interested, then they can put my instructions on > the above topic in the documentation. > > The instructions are below: > > > -- > Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 > Date: April, 2024 > -- > > > > VERY IMPORTANT: > > You should not follow this process for a production environment because > self-signed SSL certificate (that is being generated here) is a security > risk. > You should follow this process only for the local development environment. > > > > - > Please follow the steps listed below: > - > > Step 1: Stop Apache web server if it is already running. > > Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment > variable "Path". openssl.exe is in this folder. > > Step 3: Open the Windows command prompt and change directory to > "absolute_path_to_apache24_dir\conf". > > Step 4: On the command prompt, execute the following command: > > set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf > > If "absolute_path_to_apache24_dir" contains spaces then enclose the > path in quotes. > > Step 5: Check that the OPENSSL_CONF variable is set to correct directory by > executing the following command on the command prompt: > > echo %OPENSSL_CONF% > > Step 6: On the command prompt, execute the following command > (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): > > openssl genrsa -out cert.key 2048 > > Step 7: On the command prompt, execute the following command: > > openssl req -new -key cert.key -out cert.csr > > When you execute this command, you will be asked to give input for > some fields. I had given input for only one field (and for other > fields, > I just hit "Enter" key): > > Common Name (e.g. server FQDN or YOUR name) []:localhost > > Step 8: On the command prompt, execute the following command: > > openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out > cert.crt > > Step 9: Change a few lines in the > "absolute_path_to_apache24_dir\conf\httpd.conf" > file. I am listing the lines after the changes. I am not listing > the > original lines. You can search and change/replace the original > lines. > > The changed lines are: > > Define SRVROOT "absolute_path_to_apache24_dir" > LoadModule socache_shmcb_module modules/mod_socache_shmcb.so > LoadModule ssl_module modules/mod_ssl.so > ServerName localhost:80 > Include conf/extra/httpd-ssl.conf > > Step 10: Change a few lines in the > "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. > I am listing the lines after the changes. I am not listing the > original lines. You can search and change/replace the original > lines. > > The changed lines are: > > ServerName localhost:443 > ServerAdmin ad...@localhost.localdomain.com > SSLCertificateFile "${SRVROOT}/conf/cert.crt" > SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" > > Step 11 (Last Step): Now, you can start Apache web server and test. > > Since the security certificate that was generated here is > self-signed, > the browser may show you a warning that the > connection/certificate, > etc. is not trusted. But since this is your local development > environment, you can ignore this warning and accept the risk and > go ahead with the testing/development, etc. > > I do the same (ignore the warning and accept the risk). > > End > > - > To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org > For additional commands, e-mail: docs-h...@httpd.apache.org > > I don't think those belong in the official httpd documentation, but I wouldn't be opposed to adding the recipe in the httpd wiki.
Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
Hi, I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine. If the docs team is interested, then they can put my instructions on the above topic in the documentation. The instructions are below: -- Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10 Date: April, 2024 -- VERY IMPORTANT: You should not follow this process for a production environment because self-signed SSL certificate (that is being generated here) is a security risk. You should follow this process only for the local development environment. - Please follow the steps listed below: - Step 1: Stop Apache web server if it is already running. Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment variable "Path". openssl.exe is in this folder. Step 3: Open the Windows command prompt and change directory to "absolute_path_to_apache24_dir\conf". Step 4: On the command prompt, execute the following command: set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf If "absolute_path_to_apache24_dir" contains spaces then enclose the path in quotes. Step 5: Check that the OPENSSL_CONF variable is set to correct directory by executing the following command on the command prompt: echo %OPENSSL_CONF% Step 6: On the command prompt, execute the following command (openssl.exe is in "absolute_path_to_apache24_dir\bin" folder): openssl genrsa -out cert.key 2048 Step 7: On the command prompt, execute the following command: openssl req -new -key cert.key -out cert.csr When you execute this command, you will be asked to give input for some fields. I had given input for only one field (and for other fields, I just hit "Enter" key): Common Name (e.g. server FQDN or YOUR name) []:localhost Step 8: On the command prompt, execute the following command: openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.crt Step 9: Change a few lines in the "absolute_path_to_apache24_dir\conf\httpd.conf" file. I am listing the lines after the changes. I am not listing the original lines. You can search and change/replace the original lines. The changed lines are: Define SRVROOT "absolute_path_to_apache24_dir" LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so ServerName localhost:80 Include conf/extra/httpd-ssl.conf Step 10: Change a few lines in the "absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file. I am listing the lines after the changes. I am not listing the original lines. You can search and change/replace the original lines. The changed lines are: ServerName localhost:443 ServerAdmin ad...@localhost.localdomain.com SSLCertificateFile "${SRVROOT}/conf/cert.crt" SSLCertificateKeyFile "${SRVROOT}/conf/cert.key" Step 11 (Last Step): Now, you can start Apache web server and test. Since the security certificate that was generated here is self-signed, the browser may show you a warning that the connection/certificate, etc. is not trusted. But since this is your local development environment, you can ignore this warning and accept the risk and go ahead with the testing/development, etc. I do the same (ignore the warning and accept the risk). End - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org