How to generate OpenSSL keys for Apache for Windows
Submitted by ross on Wed, 10/31/2007 - 20:09.
I recently downloaded http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.6-win32-x86-openssl-0.9.8e.msi from http://www.apache.org/dist/httpd/binaries/win32/, but found no easy way to generate the proper OpenSSL keys, to use the HTTPS protocol, so I wrote this little script:
@echo off if not defined apache_dir set apache_dir=C:\Program Files\Apache Software Foundation\Apache2.2 if not defined apache_conf_dir set apache_conf_dir=%apache_dir%\conf if not defined openssl_conf set openssl_conf=%apache_conf_dir%\openssl.cnf if not defined openssl_opts set openssl_opts=-config "%openssl_conf%" if not defined openssl set openssl=%apache_dir%\bin\openssl.exe if not exist "%apache_dir%" ( echo Directory not found: "%apache_dir%" goto :eof ) if not exist "%apache_conf_dir%" ( echo Directory not found: "%apache_conf_dir%" goto :eof ) if not exist "%openssl_conf%" ( echo File not found: "%openssl_conf%" goto :eof ) if not exist "%openssl%" ( echo File not found: "%openssl%" goto :eof ) pushd "%apache_conf_dir%" "%openssl%" req %openssl_opts% -new -out server.csr || goto :eof "%openssl%" rsa -in privkey.pem -out server.key || goto :eof "%openssl%" x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 popd
then I added the following to the end of my httpd.conf, and I was off an running:
LoadModule ssl_module modules/mod_ssl.so
<IfModule ssl_module>
Listen 443
NameVirtualHost *:443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex default
SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<VirtualHost *:443>
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
</IfModule>
»
- ross's blog
- Login or register to post comments