Add SSL certificate and enable https

Scenario

You have installed Apache Web Server and it works on port 80. Now you like to add a certificate so the service also works on port 443 and also maybe disable access on port 80. This is a generic use case, however I will use a Windows server in the use case to explain setup.

Prerequisite

• Apache Web Server installed. Installation folder is C:\Apache24

Create a certificate to use for https communication

Different kinds of certificate types are supported. In this scenario I will use a *.pem file. Either you create a self-signed certificate or purchase a real certificate. Note. You can also create a real certificate (trusted by the browsers) by using e.g. https://www.win-acme.com/. In this scenario you can in your DNS point to your test server and make it work in a real live scenario.

Take the certificate files and put them in a folder. I have created a folder called \certificates, see full file path, C:\Apache24\conf\extra\certificates

Enable HTTPD-SSL configuration

You enable httpd-ssl configuration by including the configuration file in httpd.conf file. That file will include configuration for https (443).

1. Open file httpd.conf C:\Apache24\conf

2. Locate following lines and remove comment for httpd-ssl.conf. Correct configuration should look like follows: # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf

3. Save file httpd.conf

Add references to your certificate

1. Open the file httpd-ssl.conf (located in /conf/extra/ folder)

2. Find line SSLCertificateFile and add your certificate. Remove # to enable the configuration line.

   1. For example used with my certificate SSLCertificateFile “C:\Apache24\conf\extra\certificates\dev.fortifiedid.se-crt.pem”

3. Find line SSLCertificateKeyFile and add your key file. Remove # to enable the configuration line.

   1. For example used with my key file. Remove # to enable the configuration line. SSLCertificateKeyFile “C:\Apache24\conf\extra\certificates\dev.fortifiedid.se-key.pem”

4. Find line SSLCertificateChainFile and add your chain file. Remove # to enable the configuration line. This parameter is optional. Should NOT be used if no intermediate CA certificate is used or if your certificate is self-signed.

   1. For example used with my chain file. Remove # to enable the configuration line. SSLCertificateChainFile “C:\Apache24\conf\extra\certificates\dev.fortifiedid.se-chain-only.pem”

5. Save httpd-ssl.conf

Add mandatory modules for https

1. Open the file httpd.conf (located in /conf/extra/ folder)

2. Find and enable following modules. You enable by removing the # character.

   1. LoadModule proxy_module modules/mod_proxy.so

   2. LoadModule proxy_connect_module modules/mod_proxy_connect.so

   3. LoadModule proxy_http_module modules/mod_proxy_http.so

   4. LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

   5. LoadModule ssl_module modules/mod_ssl.so

3. Save httpd-ssl.conf

Enable https protocol

1. Open the file httpd-ssl.conf (located in /conf/extra/ folder)

2. Locate Listen 443

3. Remove # infront of listen, result should look like: Listen 443

4. Save httpd-ssl.conf

5. Start Apache HTTP server

6. HTTPS is now enabled

Verify https

1. Open a browser

2. Browse to for https://localhost/

3. You should be prompted with: It works!

4. If this will not work you might need to check local firewall on windows server.

Disable http (optional)

1. Open the file httpd.conf (located in /conf/ folder)

2. Locate Listen 80

3. Put a # infront of listen, result should look like: #Listen 80

4. Save httpd.conf

5. Restart Apache HTTP server

6. HTTP is now disabled