SSL set up on Apache needs a ssl enabled virtual host configuration with matching certificate and private key.
In more details let’s say we are looking to configure, for testing purposes, a local domain with SSL encryption. For the purpose of the exercise we are going to run mydomain as the custom domain where we are going to run our SSL enabled virtual host. Lets look at the configuration in apache. Specifically in XAMPP the configuration for virtual hosts can be made under xampp/apache/conf/extra/http-vhosts.conf .
Some of the steps below are not essential for SSL configuration but overall they can help you create a custom configuration for you local development project
Please add this line to the hosts file using an administrator/root account and make sure the changes are saved correctly
At this point if you are already running XAMPP with the default configuration visiting http://mydomain/ should redirect you to http://mydomain/xampp/ the main XAMPP control page
NameVirtualHost mydomain <VirtualHost mydomain:80> DocumentRoot C:\xampp\htdocs\mydomain ServerName mydomain <Directory C:\xampp\htdocs\mydomain> AllowOverride All Allow from All </Directory> </VirtualHost>
After restarting apache visit http://mydomain/ again. You should see an empty index page displayed by default by apache indexing service. Lets put an hello world index.htm HTML page for testing purposes in the mydomain folder
<VirtualHost mydomain:443> DocumentRoot C:\xampp\htdocs\mydomain ServerName mydomain <Directory C:\xampp\htdocs\mydomain> AllowOverride All Allow from All </Directory> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "conf/ssl.crt/mydomain.crt" SSLCertificateKeyFile "conf/ssl.key/mydomain.key" <FilesMatch "\.(cgi|shtml|pl|asp|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "C:/xampp/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
After including the above in our apache configuration the full directives/configuration statements included for the mydomain virtual host should look like this
NameVirtualHost mydomain <VirtualHost mydomain:80> DocumentRoot C:\xampp\htdocs\mydomain ServerName mydomain <Directory C:\xampp\htdocs\mydomain> AllowOverride All Allow from All </Directory> </VirtualHost> <VirtualHost mydomain:443> DocumentRoot C:\xampp\htdocs\mydomain ServerName mydomain <Directory C:\xampp\htdocs\mydomain> AllowOverride All Allow from All </Directory> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "conf/ssl.crt/mydomain.crt" SSLCertificateKeyFile "conf/ssl.key/mydomain.key" <FilesMatch "\.(cgi|shtml|pl|asp|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "C:/xampp/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
Now dont forget to restart and test both http://mydomain and https://mydomain.
When accessing the HTTPS version of the site the browser will show an alert security because the certificate we are using for testing purposes is “self-signed”. For a production service/domain/site you need to request the certificate from an SSL authority like Verisign.
The above is provided with no guarantee whatsoever, so please use at your own responsibility. For further comments or help you can try to contact me using he contact us link on the menu of the Bizmate.biz site.
Also for further details on creation of SSL certificates you can take a look at
http://www.akadia.com/services/ssh_test_certificate.html
