November 05, 2017

Install SSL Certificate on WAMP

SSL was developed by NetScape for circumstances when a sensitive or private information is sent from a client to a server. Today we are going to install SSL on local WAMP server on a Windows Platform.

Install SSL Certificate on WAMP

What is SSL certificate? A brief overview

As mentioned above SSL(Secure Socket Layer) was developed by NetScape for a secure communication between a client and a server. Lets go through a brief overview of how SSL certificate works.

  • Whenever a client tries to establish a secure connection with a server (SSL enabled)  it sends all the encryption methods it can support.
  • The server will then choose the strongest encryption method both ends can support. Server will send back a certificate with a public encrypted key. This certificate should be signed by a known CA Certificate Authority to stand credible. 
  • The client then receives the certificate along with the public key and generates a new session key encrypted with the public key sent by server. If the client can not match the key sent by server it will use OCSP (Online Certificate Status Protocol) to validate the certificate.
  • After creating a new session key client sends this session key to server to establish a successful handshake.

How to setup SSL certificate on WAMP

In order to setup SSL on windows WAMP we will be following steps:

  1. Generate SSL private key and remove passphrase from it.
  2. Generate SSL certificate.
  3. Move the SSL key and certificate to desired location.
  4. Configure http-ssl.conf.
  5. Configure httpd.conf.

Step 1. Generate SSL Private Key

  • First step to do it is open command prompt and go to this location c:\wamp\bin\apache\apache2.4.9\bin and open openssl.exe.
  •  Create a key for our certificate using following command.
    genrsa -des3 -out domain.key 2048
  • After pressing enter key it will ask you enter a pass phrase you can type anything in here but you have to remember it.
  • Next lets remove pass phrase from our key to do that type the following command and press enter. 
    rsa -in domain.key -out domain.key

Step 2. Generate SSL Certificate

  • Now that we have removed pass phrase from our key its time to create our self-signed certificate and to do that type following command and press enter.
    req -new -x509 -nodes -sha1 -key domain.key -out domain.crt 
-days 365 -config C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
  • It will ask you enter information about certificate like country name, province, company name, comany unit and email address. 

Step 3. Move SSL key and SSL Certificate

  • You will see two files generated in c:\wamp\bin\apache\apache2.4.9\bin "domain.key" and "domain.crt" copy them and go to c:\wamp and create a folder "ssl" and paste these two files in this folder.
  • Now create another folder "logs" in same location we will store all our transaction logs in this folder.

Step 4. Configure http-ssl.conf

  • Now that we have created our certificate files and placed them in the right location its time to configure http-ssl. Go to location c:\wamp\bin\apache\apache2.4.9\conf and open http-ssl.conf.
  • Find these lines:
    SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
  • And replace with:
    SSLSessionCache "shmcb:C:/wamp/logs/ssl_scache(512000)"
  • Find these lines : 
    DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log"
  • And replace with: 
    DocumentRoot "C:/wamp/www"
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog "C:/wamp/logs/ssl_error.log"
TransferLog "C:/wamp/logs/ssl_access.log"
  • Next set our certificate find this line:
    SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
  • And Replace with:
    SSLCertificateFile "C:/wamp/ssl/domain.crt"
  • Next set our key file find this line:
    SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
  • And replace with:
    SSLCertificateKeyFile "C:/wamp/ssl/domain.key"
  • Next find this line:
    CustomLog "c:/Apache24/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  • And replace with:
    CustomLog "C:/wamp/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Step 5. Configure httpd.conf

  • Next step is to configure our http.conf go to this location c:\wamp\bin\apache\apache2.4.9\conf and open httpd.conf.
  • Find these lines and remove the comment "#" in the beginning of each line 
    #LoadModule ssl_module modules/mod_ssl.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#Include conf/extra/httpd-ssl.conf
  • All done! restart WAMP server and open the url https://localhost in browser
NOTE: So far it should be working, still if you face any issues go to this location c:\wamp\bin\apache\apache2.4.9\bin and copy "libeay32.dll" and "ssleay32.dll" and paste them to C:\Windows\System32
Home