Chapter 7 : Off-Topic configurations
<< Ch 6 : F.A.Q | Up | Ch 8 : Credits & Team >>
7.1 How do I setup an HTTPS/SSL connection on Windows+Apache Server?
The following assumes you are running AjaXplorer on a Windows based machine with Apache server. Adjust the parameters below according to your configuration, if necessary.
1. Open a Command Prompt (Start>Run>cmd.exe) and browse to your Apache /bin directory:
cd c:\apache2.2.8\bin
* Change « apache2.2.8″ above to match your current version/directory, if needed.
2. Create a server key with a 1024 bit encryption. Enter this command:
openssl genrsa -des3 -out server.key 1024
You will be asked for a pass phrase.
3. Remove the pass phrase from the RSA private key (backup the original file) and enter this command:
copy server.key server.key.org
Then, enter:
openssl rsa -in server.key.org -out server.key
Type the pass phrase again, when prompted.
4. Create a self-signed (X509) certificate with the RSA key you just made. Enter this command and follow on-screen prompts:
openssl req -new -x509 -nodes -days 365 -key server.key -out
server.crt -config C:\apache2.2.8\conf\openssl.cnf
* Change « apache2.2.8″ above to match your current version/directory, if needed.
** Change the path to « openssl.cnf », if needed.
5. Create two folders in the C:\apache2.2.8\conf directory.
/ssl.key
/ssl.crt
6. Copy the « server.key » file to the /ssl.key folder and the « server.crt » file to the /ssl.crt folder.
7. Open « httpd.conf » in your Apache /conf and make the following edits:
[FIND] – Line 119
#LoadModule ssl_module modules/mod_ssl.so
[REPLACE WITH]
LoadModule ssl_module modules/mod_ssl.so
[FIND] – Lines 478-488
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
[REPLACE WITH]
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include conf/extra/httpd-ssl.conf
8. Open php.ini in C:\apache2.2.8\bin.
* Change « apache2.2.8″ above to match your current version/directory, if needed.
[FIND] – Line 678
;extension=php_openssl.dll
[REPLACE WITH]
extension=php_openssl.dll
9. Open httpd_ssl.conf in your Apache /conf/extra directory.
[FIND] – Line 77
DocumentRoot C:/Program Files/Apache Software Foundation/Apache2.2/htdocs
[REPLACE WITH]
DocumentRoot C:/apache2.2.8/htdocs
* Change apache2.2.8 above to match your current version/directory, if needed.
[FIND] – Lines 80-81
ErrorLog C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log
TransferLog C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log
[REPLACE WITH]
ErrorLog logs/sslerror.log
TransferLog logs/sslaccess.log
[FIND] – Line 99
SSLCertificateFile C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt
[REPLACE WITH]
SSLCertificateFile conf/ssl.crt/server.crt
[FIND] – Line 107
SSLCertificateKeyFile C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key
[REPLACE WITH]
SSLCertificateKeyFile conf/ssl.key/server.key
[FIND] – Lines 193-195
<Directory C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
[REPLACE WITH]
<Directory C:/apache2.2.8/htdocs> * Change Apache2.2.8 above to match your current version/directory, if needed.
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
10. [FIND] – Line 228 (may be commented out)
CustomLog C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request.log \
[REPLACE WITH]
CustomLog logs/ssl_request.log \
11. In the previous Command Prompt, enter:
httpd -t
If it says Syntax is OK, proceed to step 11. If not, correct the syntax (previous steps) and repeat step 10.
12. Restart Apache server. Open a browser and enter [localhost] (without quotes). Be sure all referenced log files in the steps above are created in the respective directories.
13. Edit the your AjaXplorer config.php file in /server/conf.
[FIND] Line 102
$use_https=false;
[REPLACE WITH]
$use_https=true;
14. If behind a router, make sure port 443 is forwarded to your computer. Also, make sure any firewalls are configured to allow incoming connections from port 443.
15. Optional: If you want to allow world wide web access to your HTTPS secure server, open httpd_ssl.conf:
[FIND] – Line 78
ServerName localhost:443
[REPLACE WITH]
ServerName yourdomain.com:443
* Insert your FQDN (Fully Qualified Domain Name) above, or if you don’t have one, use your WAN IP (e.g. 12.34.567.890:443).
16. Optional: To direct all visits from http to https, create a file .htaccess in your /www folder with the following text:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) [url]https://[/url]%{HTTP_HOST}%{REQUEST_URI}
17. Optional: To avoid browser warnings about self-signed (your own Certificate Authority (CA)) SSL certificates, consider purchasing one from GoDaddy for around $29.