Apache2 SSL on Windows
By Neil C. Obremski (Last Updated August 30th, 2006)
I’m running Apache 2.0.x on Windows for Subversion and I needed to get SSL working so I could access my repository securely (e.g. with a “https” URL). This turned out to be a bit more difficult than I thought it would be. The Apache2 installer for Windows does not come with SSL, because that requires OpenSSL which is a completely different package. You can get a version containing it, but you won’t get a fancy installer.
So … this tutorial will show you how to manually install Apache2 with SSL support. I will show you how to create a self-signed certificate which is secure, but will cause web browsers to issue a warning, because it won’t be from/signed-by a trusted Certificate Authority such as GeoTrust or Verisign.
A word of warning: this is for Apache 2.0.x which I generally like to refer to as simply Apache2. I don’t know if these same instructions will work for Apache 2.2.x or higher.
1. Install OpenSSL
OpenSSL is free, but the main site only distributes source code. They have a binary distributions page, but it only links to an installer made by Shining Light Productions. I haven’t tried that, because I don’t want any more crap in Add/Remove Programs.
Instead, I download the latest
Unzip the file somewhere on your computer and copy all the
For a basic sanity check, open a command prompt and go to the directory where you unzipped OpenSSL. Run
You’ll also need an
2. Create Self-Signed Certificate
Several files related to your your SSL certificate will be created in this section, so choose a common base name to use. In my examples I use “
Open up a command prompt and go to the directory where you unzipped OpenSSL and run the following command to create a new certificate request:
You’ll be prompted to answer many questions, which ones depend on your
Now it’s time to create a non-password protected key for Apache2 by executing the following:
The only thing you’ll be asked is the password you had used. Your resulting
Before we go on, delete the
Finally, run the following command to create an X.509 certificate, e.g. the kind of certificate that SSL likes to munch:
Congratulations, you’ve created a self-signed certificate! Keep the
3. Install Apache2 w/ mod_ssl.so
You can skip this section if you already have Apache2 installed with
Back to hunter to download the latest Apache2 binary distribution for Windows with SSL, which is presently
Create a folder for this such as
If you want to have Apache2 listen on a different port than 80 (the default), change the Listen and ServerName directives in
Open a command prompt, get to the
Anytime you wish to start Apache2, you can go to the same directory and run
3. Enable SSL in Apache2
Also, while you’re in
<IfModule mod_ssl.c> Include conf/ssl.conf </IfModule>
Create a directory under
If IIS is installed, it will listen on port 443 (default for HTTPS) and drop any connections made to it. Apache2 doesn’t appear to report a problem when it can’t listen for SSL, so you might just see that weird dropped connection behavior. I recommend using a port besides 443 if you’re running Apache2 side-by-side with IIS.
Restart the Apache2 service and voila! You got Apache2 running with SSL on Windows!
- Hunter (OpenSSL and Apache binaries).
- Apache 2 + SSL + Windows (thombsonbd.com).
- Apache HTTP Server Project.
- Apache+SSL WIN32 HOWTO (openssl.cnf).