DeutschEspañolFrançaisItalianoNederlandsPortuguêsΕλληνικάРусскийالعربية中文(简体)中文(繁體)日本語한국어
 
Donate Bitcoins
Google
 
www smithii.com
 

How to generate OpenSSL keys for Apache for Windows

I recently downloaded http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.6-win32-x86-openssl-0.9.8e.msi from http://www.apache.org/dist/httpd/binaries/win32/, but found no easy way to generate the proper OpenSSL keys, to use the HTTPS protocol, so I wrote this little script:

@echo off

if not defined apache_dir set apache_dir=C:\Program Files\Apache Software Foundation\Apache2.2
if not defined apache_conf_dir set apache_conf_dir=%apache_dir%\conf
if not defined openssl_conf set openssl_conf=%apache_conf_dir%\openssl.cnf
if not defined openssl_opts set openssl_opts=-config "%openssl_conf%"
if not defined openssl set openssl=%apache_dir%\bin\openssl.exe

if not exist "%apache_dir%" (
	echo Directory not found: "%apache_dir%"
	goto :eof
)

if not exist "%apache_conf_dir%" (
	echo Directory not found: "%apache_conf_dir%"
	goto :eof
)

if not exist "%openssl_conf%" (
	echo File not found: "%openssl_conf%"
	goto :eof
)

if not exist "%openssl%" (
	echo File not found: "%openssl%"
	goto :eof
)

pushd "%apache_conf_dir%"

"%openssl%" req  %openssl_opts% -new -out server.csr || goto :eof
"%openssl%" rsa  -in privkey.pem -out server.key || goto :eof
"%openssl%" x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

popd

then I added the following to the end of my httpd.conf, and I was off an running:

LoadModule ssl_module modules/mod_ssl.so

<IfModule ssl_module>
	Listen 443
	NameVirtualHost *:443
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl
	SSLPassPhraseDialog  builtin
	SSLSessionCache        "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
	SSLSessionCacheTimeout  300
	SSLMutex  default

	SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
	SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

	BrowserMatch ".*MSIE.*" \
	         nokeepalive ssl-unclean-shutdown \
	         downgrade-1.0 force-response-1.0

	CustomLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log" \
	        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	<VirtualHost *:443>
		SSLEngine on
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
		    SSLOptions +StdEnvVars
		</FilesMatch>
	</VirtualHost>
</IfModule>
DeutschEspañolFrançaisItalianoNederlandsPortuguêsΕλληνικάРусскийالعربية中文(简体)中文(繁體)日本語한국어
 
Donate Bitcoins
Google
 
www smithii.com
 
Special thanks to Riester Rente Online for a generous donation!