• info@bizmate.biz

Enable SSL virtual host in apache2 xampp

Enable SSL virtual host in apache2 xampp

SSL set up on Apache needs a ssl enabled virtual host configuration with  matching certificate and private key.

In more details let’s say we are looking to configure, for testing purposes, a local domain with SSL encryption. For the purpose of the exercise we are going to run mydomain as the custom domain where we are going to run our SSL enabled virtual host. Lets look at the configuration in apache. Specifically in XAMPP the configuration for virtual hosts can be made under xampp/apache/conf/extra/http-vhosts.conf .

Some of the steps below are not essential for SSL configuration but overall they can help you create a custom configuration for you local development project

    1. STEP 1 : Add our custom domain to the hosts configuration
      in the hosts configuration (Windows C:\Windows\System32\drivers\etc\hosts or /etc/hosts in linux – this might change depending on distros) add a new domain to map the loopback 127.0.0.1 ip address. This will allow your browser to request the mydomain site to the machine running on your loopback address, thus your local host.127.0.0.1       mydomain

      Please add this line to the hosts file using an administrator/root account and make sure the changes are saved correctly

      At this point if you are already running XAMPP with the default configuration visiting  http://mydomain/ should redirect you to  http://mydomain/xampp/ the main XAMPP control page

    2. STEP 2 : add standard virtual domain configuration in apache for “mydomain”
      Under xampp\apache\conf\extra open the file httpd-vhosts.conf and lets add a new virtual host configuration. Note, I have created another mydomain folder under htdocs in the XAMPP folder and it is being used as the document root in our configuration
NameVirtualHost mydomain
<VirtualHost mydomain:80>
  DocumentRoot C:\xampp\htdocs\mydomain
  ServerName mydomain
  <Directory C:\xampp\htdocs\mydomain>
     AllowOverride All
     Allow from All
  </Directory>
</VirtualHost>

After restarting apache  visit http://mydomain/ again. You should see an empty index page displayed by default by apache indexing service. Lets put an hello world index.htm HTML page for testing purposes in the mydomain folder

  1. STEP 3 – Create certificates, in our case self signed. For production you might need a certificate signed by an authority to make sure it will be compatible with all browsers in the market
    1. Generate primary key –  openssl genrsa -des3 -out mydomain.key 1024 – it will ask to enter a password for the key
    2. Generate a CSR (Certificate Signing Request) –  openssl req -new -key mydomain.key -out mydomain.csr – This steps requests a few pieaces of information, the most important being the Common Name where the fully qualified value of your domain name needs to be included. In this example we are using “mydomain” as the value
    3. Remove passphrase from private key (to avoid the need to enter the password everytime apache is started) –
      cp mydomain.key mydomain.key.old
      openssl rsa -in mydomain.key.old -out mydomain.key

      Now mydomain.key is free of passwords.
    4. Generate self-signed certificate – openssl x509 -req -in mydomain.csr -signkey mydomain.key -out mydomain.crt (if you want to limit the validity of this certificate you can use for instance -days 365 to make it valid for 365 days)
  2. STEP 4 – Enable Mod SSL in apache – in xamp/apache/conf/httpd.conf enable/uncomment the mod_ssl module
    Search and uncomment this line
    LoadModule ssl_module modules/mod_ssl.so
  3. STEP 5 – Install and test certificate in a virtual host configuration
    In step 2 we created a virtual host for our mydomain service on port 80. Now we have created certificates and we are ready to include a new virtual host to allow our domain to run on SSL enabled mode. After the virtual host configuration created in step 2 we add another virtual host mapping to enable the service on port 443 (default for SSL) as follows:

     <VirtualHost mydomain:443> 
      DocumentRoot C:\xampp\htdocs\mydomain 
     ServerName mydomain 
      <Directory C:\xampp\htdocs\mydomain> 
       AllowOverride All 
       Allow from All 
      </Directory> 
     SSLEngine on 
     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 
     SSLCertificateFile "conf/ssl.crt/mydomain.crt" 
     SSLCertificateKeyFile "conf/ssl.key/mydomain.key" 
     <FilesMatch "\.(cgi|shtml|pl|asp|php)$"> 
     SSLOptions +StdEnvVars 
     </FilesMatch>
     <Directory "C:/xampp/cgi-bin">
     SSLOptions +StdEnvVars
     </Directory>
     BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 
    </VirtualHost>

After including the above in our apache configuration the full directives/configuration statements included for the mydomain virtual host should look like this

NameVirtualHost mydomain
<VirtualHost mydomain:80>
  DocumentRoot C:\xampp\htdocs\mydomain
  ServerName mydomain
  <Directory C:\xampp\htdocs\mydomain>
     AllowOverride All
     Allow from All
  </Directory>
</VirtualHost>
<VirtualHost mydomain:443>
  DocumentRoot C:\xampp\htdocs\mydomain
  ServerName mydomain
  <Directory C:\xampp\htdocs\mydomain>
     AllowOverride All
     Allow from All
  </Directory>
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile "conf/ssl.crt/mydomain.crt"
  SSLCertificateKeyFile "conf/ssl.key/mydomain.key"
  <FilesMatch "\.(cgi|shtml|pl|asp|php)$">
  	SSLOptions +StdEnvVars   
  </FilesMatch>
  <Directory "C:/xampp/cgi-bin">
  	SSLOptions +StdEnvVars
  </Directory>
   BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

Now dont forget to restart and test both http://mydomain and https://mydomain.

When accessing the HTTPS version of the site the browser will show an alert security because the certificate we are using for testing purposes is “self-signed”. For a production service/domain/site you need to request the certificate from an SSL authority like Verisign.

The above is provided with no guarantee whatsoever, so please use at your own responsibility. For further comments or help you can try to contact me using he contact us link on the menu of the Bizmate.biz site.

Also for further details on creation of SSL certificates you can take a look at
http://www.akadia.com/services/ssh_test_certificate.html

Bizmate