Ssl – Install SSL certificate on Apache Windows Server 2012 R2

apache-2.4sslwindows-server-2012-r2

I am a developer. Our server admins have given me 3 files. .cer, .pfx and .p7b and told me to install SSL in Apache Server. I have Wamp with Apache version 2.4.9. I have search and found something. I open httpd.conf file and search for DocumentRoot. After DocumentRoot I have added,

DocumentRoot "c:/wamp/www/"

SSLEngine on

SSLCertificateFile C:/Path/MyCer.cer

SSLCertificateKeyFile C:/Path/MyPfx.pfx

SSLCACertificateFile C:/Path/MyP7b.p7b

Now when I restart the apache. I am unable to navigate the server even on http. When I comment the above lines, my sites works on http.

Best Answer

Although this is not exactly a "question", and you do not specify what is inside your files, you're doing at least one thing wrong: a pfx file (assuming this is not a naming error) cannot be used directly as a "key" in Apache. Without knowing the contents of the cer and the p7b file, let's assume that the pfx has all the info we need and that you have the pfx password (you do, right?), and start from there.

Grab and install OpenSSL for Windows (Suggestion: https://indy.fulgan.com/SSL/ has precompiled binaries if you're not willing to build from sources in http://www.openssl.org/)
Extract the different files required for Apache from the pfx (you'll be prompted for the pfx password when required):

a. Extract the SSL Certificate Private Key (Encrypted) from the pfx

C:\Path> openssl pkcs12 -in MyPfx.pfx -nocerts -nodes -out MyEncKey.key

b. Remove the encryption from the SSL Certificate Private Key

C:\Path> openssl rsa -in MyEncKey.key -out MyKey.key

c. Extract SSL Certificate from the pfx

C:\Path> openssl pkcs12 -in MyPfx.pfx -clcerts -nokeys -out MyCert.cer

d. Extract the (possibly empty) CA Certificate Chain from the pfx

C:\Path> openssl pkcs12 -in MyPfx.pfx -nodes -nokeys -cacerts -out MyCAs.crt
Rebuild your httpd.conf using these lines instead of yours (note: ONLY INCLUDE THE SSLCACertificateFile line if the MyCAs.crt is not empty; you can check it with any text editor)

  SSLCertificateFile C:/Path/MyCert.cer
  SSLCertificateKeyFile C:/Path/MyKey.key
  SSLCACertificateFile C:/Path/MyCAs.crt

Related Solutions

Ssl – Apache 2.2.14: SSLCARevocation location

I think you have already found the answer but I may help someone else. I have had the same error because I generated my crl with this parameter : "crl_hours 1". 1 hour after the crl creation, the error appears.

If you didn't use this parameter, check the "default_crl_days" of your "openssl.conf" and compare it to the date of last update of the crl.

Ssl – Apache SSL Installation

If it's barking that 'SSLCertificateFile' is a invalid directive, then you don't have mod_ssl loaded. You need a line somewhere in your config that looks similar to this:

LoadModule ssl_module   libexec/apache22/mod_ssl.so

(That particular line is from a FreeBSD box, so it's unlikely to work without minor modification)

You should usually put the SSL information in the vhost's directive; but a very simple site could go something like this:

ServerName example.com

Listen 80
Listen 443

LoadModule ssl_module   libexec/apache22/mod_ssl.so
LoadModule the other modules go in here...

User www
Group www

DocumentRoot /path/to/site

SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/chain

<VirtualHost *:443>
    SSLEngine on
</VirtualHost>

This is what the config for my person site looks like (plus some security, logging, and other junk like that).

Best Answer

Related Solutions

Ssl – Apache 2.2.14: SSLCARevocation location

Ssl – Apache SSL Installation

Related Topic