Install Apache + SSL in windows (version 2.2.22)

• Download package and install it

1. download httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
2. install it at "C:\Apache2.2"

• Setup

     Edit  C:\Apache2.2\conf\httpd.conf

1. unmark # of LoadModule ssl_module modules/mod_ssl.so
2. unmark # of Include conf/extra/httpd-ssl.conf
3. save it

     Edit C:\Apache2.2\conf\extra\httpd-ssl.conf

1. let SSLMutex  to     "SSLMutex none"
2. ServerName your.server.com.tw:443    # if your server has host name
3. or  ServerName 192.168.1.125:443     # if your server IP is 192.168.1.125
4. SSLCertificateFile "C:/Apache2.2/conf/ssl/server.crt"
5. SSLCertificateKeyFile "C:/Apache2.2/conf/ssl/server.key"
6. save it

• Generate CA files

  A. setting and folder

    1. Edit "C:\Apache2.2\conf\openssl.cnf" with below command. To make sure "dir" setting

         "C:\Program Files\Windows NT\Accessories\wordpad.exe" C:\Apache2.2\conf\openssl.cnf

          [ CA_default ]

          dir = ./ssl       # Where everything is kept

    2. Create ssl folder in "C:\Apache2.2\bin".   Folder "C:\Apache2.2\bin\ssl" will be placed some files with regard to SSL/CA files.
    3. Create a empty file "index.txt" in in folder "C:\Apache2.2\bin\ssl"
    4. Create "serial" file in folder "C:\Apache2.2\bin\ssl", filling "01" in the file.
    5. Create a folder "newcerts" in "C:\Apache2.2\bin\ssl"

  B. Create "ca.crt" CA file
    6. In dos command windows, change working direction to "C:\Apache2.2\bin"
    7. hit "openssl genrsa -des3 -out ssl/ca.key 1024"     ,and provide a pass phrase, like "654321"
    8. hit "openssl req -config ../conf/openssl.cnf -new -key ssl/ca.key -out ssl/ca.csr"
    9. hit "openssl x509 -days 3650 -req -signkey ssl/ca.key -in ssl/ca.csr -out ssl/ca.crt"

  C. Create "server.crt" CA file
    9. hit "openssl genrsa -out ssl/server.key 1024"
    10. hit "openssl req -config ../conf/openssl.cnf -new -key ssl/server.key -out ssl/server.csr"
    11. hit "openssl ca -config ../conf/openssl.cnf -days 3650 -cert ssl/ca.crt -keyfile ssl/ca.key -in ssl/server.csr -out ssl/server.crt"

  D. Creating a client certificate pkcs12 file (.p12)
    12. openssl pkcs12 -export -name "Client Certificate" -in ssl\ca.crt -inkey ssl\ca.key -out ssl\ca.p12
    13. provide a import pass phrase that is using for import pkcs12 file on PC side.

E. copy ssl folder to ...
    14. There are 12 files and 1 folder in "C:\Apache2.2\bin\ssl".
    15. copy ssl folder to to "C:\Apache2.2\conf"

• Import pkcs12(.p12) file into web browser

1. copy ca.p12 to some PC that is using web browser, and click it. Windows will import it.
2. Windows will ask a import pass phrase for the pkcs12 file.

• Restart Apache server

1. Restart Apache server, try "https://192.168.1.125"

• Q&A

* get error message "no listening sockets available" when start apache server
    1. using "netstat -a -o" to find what program had hold TCP port, it will list what PID using what's port
    2. stop or kill someone process to release port that apache server using

• Reference

1. http://blog.roodo.com/myroodo/archives/4219557.html
2. http://ssl.wis.com.tw/guide/install_apache.asp
3. http://forum.slime.com.tw/thread211482.html