Saturday, November 4, 2017

Install SSL Certificate on WAMP

SSL was developed by NetScape for circumstances when a sensitive or private information is sent from a client to a server. Today we are going to see how we can install it on local WAMP server using Windows Platform.

Install SSL Certificate on WAMP

What is SSL certificate? A brief overview

As mentioned above SSL was developed by NetScape for a secure communication between a client and a server. Lets go through a brief overview of how SSL certificate works.
  • Whenever a client tries to establish a secure connection with a server (SSL enabled)  it sends all the encryption methods it can support.
  • The server will then choose the strongest encryption method both ends can support. Server will send back a certificate with a public encrypted key. This certificate should be signed by a known CA Certificate Authority to stand credible. 
  • The client then receives the certificate along with the public key and generates a new session key encrypted with the public key sent by server. If the client can not match the key sent by server it will use OCSP (Online Certificate Status Protocol) to validate the certificate.
  • After creating a new session key client sends this session key to server to establish a successful handshake.

How to setup SSL certificate on WAMP 

  • First step to do it is open commnad prompt and go to this location c:\wamp\bin\apache\apache2.4.9\bin and open openssl.exe.
  •  Create a key for our certificate using following command.
    genrsa -des3 -out domain.key 2048
  • After pressing enter key it will ask you enter a pass phrase you can type anything in here but you have to remember it.
  • Next lets remove pass phrase from our key to do that type the following command and press enter.
    rsa -in domain.key -out domain.key
  • Now that we have removed pass phrase from our key its time to create our self-signed certificate and to do that type following command and press enter.
    req -new -x509 -nodes -sha1 -key domain.key -out domain.crt 
    -days 365 -config C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
  • It will ask you enter information about certificate like country name, province, company name, comany unit and email address. 
  • You will see two files generated in c:\wamp\bin\apache\apache2.4.9\bin "domain.key" and "domain.crt" copy them and go to c:\wamp\bin\apache\apache2.4.9\conf and create a folder "ssl" and paste these two files in this folder.
  • Now create another folder "logs" in same location we will store all our transaction logs in this folder.
  • Now that we have created our certificate files and placed them in the right location its time to configure http-ssl. Go to this location c:\wamp\bin\apache\apache2.4.9\conf and open http-ssl.conf.
  • Find these lines:
    SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
  • And replace with:
    SSLSessionCache "shmcb:C:/wamp/bin/Apache/apache2.4.9/conf/logs/ssl_scache(512000)"
  • Find these lines :
    DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
    ServerName localhost:443
    ServerAdmin [email protected]
    ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log"
    TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log"
  • And replace with:
    DocumentRoot "C:/wamp/www"
    ServerName localhost:443
    ServerAdmin [email protected]
    ErrorLog "C:/wamp/bin/Apache/apache2.4.9/conf/logs/ssl_error.log"
    TransferLog "C:/wamp/bin/Apache/apache2.4.9/conf/ssl/logs/ssl_access.log"
  • Next set our certificate find this line:
    SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
  • And Replace with:
    SSLCertificateFile "C:/wamp/bin/Apache/apache2.4.9/conf/ssl/domain.crt"
  • Next set our key file find this line:
    SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
  • And replace with:
    SSLCertificateKeyFile "C:/wamp/bin/Apache/apache2.4.9/conf/ssl/domain.key"
  • Next find this line:
    CustomLog "c:/Apache24/logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  • And replace with:
    CustomLog "C:/wamp/bin/apache/apache2.4.9/conf/logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
  • The final step is to configure our http.conf go to this location c:\wamp\bin\apache\apache2.4.9\conf and open httpd.conf.
  • Find these lines and uncomment them
    #LoadModule ssl_module modules/mod_ssl.so
    #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    #Include conf/extra/httpd-ssl.conf
  • All done! restart WAMP server and open the url https://localhost in browser
NOTE: So far it should work at this point if you face any issues go to this location c:\wamp\bin\apache\apache2.4.9\bin and copy "libeay32.dll" and "ssleay32.dll" and paste them to C:\Windows\System32