Apache plus https, set up a secure web site

Another limitation on home ISPs, besides the dynamic IP address, the http default port 80 is blocked.

Using some open port test tools check against my home external IP address, and found out 443, the default https port is still open. So I decide to use the https protocol instead.

This web site is built on top of apache web server, in windows environment. To have apache provide https connections, the apache with ssl support version should be downloaded, and installed first.

  • create the site SSL certificate

After installation, at /bin  directory of apache, there should be a openssl.exe module.  Besides, there is a openssl.conf under /conf folders.

There are three steps to create the certificate.

  1. create the new key
    openssl req –config openssl.conf –new –out ./ssl/best2jj.csr –keyout ./ssl/best2jj.pem
  2. remove the passphrase from the key(for safety)
    openssl rsa -in ./ssl/best2jj.pem -out ./ssl/best2jj.key
  3. Convert request into signed certificate
    openssl x509 -in ./ssl/best2jj.csr -out ./ssl/best2jj.cert -req -signkey ./ssl/best2jj.key -days 365
  • install or configure the certificate

modify the http.conf files, change the setting as below,

  1. enable ssl modules
    as uncomment this line, LoadModule ssl_module modules/mod_ssl.so
  2. enable ssl configurations
    as uncomment this line, Include conf/extra/httpd-ssl.conf
  3. add these lines at the end of the http.conf
    SSLMutex default
    SSLRandomSeed startup builtin
    SSLSessionCache none
  4. at httpd-ssl.conf, point to the correct certificate and certificatekey files
    SSLCertificateFile “the directory to your cert file just now created/best2jj.cert”
    SSLCertificateKeyFile “the directory to your key file just now created/best2jj.key”

Restart the server, and test using https://yourServerAddress.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s