Apache Friends Support Forum

Hi all.

I am very urgent of this actually.

I have already setup XAMPP 1.4.14 under winxp and want to have SSL support in my website.

However, I am lost on a lot of docs on openSSL and don't know what is the starting point of creating a CA, public/private key and do encryption and login right away...

I pledge for all you kind support on all openssl stuff...

Actually my questions are:
- how to setup openssl once download and extract XAMPP?
- what is the steps/processes and probably command on creating own CA, keys etc...
- how to make use of all this in client-server encryption process? Do I need to send them a public key? or can they just use the key once user surfs my web, using IE or firefox?

Again, any support will be very very very much appreciated!!!!! I have already search the forum but seems no idea....

Thank you in advance for all your HELP!!!!!!!!

Hi,

I have to say that I am not the absolute specialist and I have just set up my own XAMPP 1.4.14 (tried Linux and Windows) to have I private little Wiki using Mediawiki with encrypted communication between browser and server (hence - SSL). I am using a self certified certificate.

My steps to success:
1) Look on http://www.openssl.org/docs/HOWTO/. You will find "certificates.txt" and "keys.txt"

2) Open "keys.txt" and you will find how to create your RSA private key which you will need to create a certificate (remove the -des3 option as described to avoid having to provide a password every 2 secs):

openssl genrsa -out privkey.pem 2048

Rename the generated privkey.pem to mykey.key and move it to [XAMPPDIR]\apache\conf\ssl.key\

3) Now open "certificates.txt" and create a (self-)certificate according to the instructions:

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

You will need to provide some information which is not really important in a self certificate but if somebody accesses your site later on they will be able to see it, so don't be rude... The "Name" bit is probably best set to your domain name such as www.test.org

Rename the generated cacert.pem to mycert.crt and move it to [XAMPPDIR]\apache\conf\ssl.crt\

4) In XAMPP SSL is already enabled so you do not need to edit httpd.conf. edit [XAMPDIR]\apache\conf\ssl.conf.

Change

SSLCertificateFile "C:/Program Files/xampp/apache/conf/ssl.crt/server.crt"

to ...mycert.crt
and

SSLCertificateKeyFile "C:/Program Files/xampp/apache/conf/ssl.key/server.key"

to ...mykey.key

5) Restart XAMPP (either use Link in start menu or if installed as service restart service)

6) In your Browser try https://myserver and it should warn you about some "dodgy" certificate namely: yours.

7) Be aware that this is only a way of trying out SSL and I am not an expert so I might have missed important security issues... But it's fun!!

Ulf

Thanks for your reply.

Very thanks for your information and it's very helpful.

I am already setup my SSL in apache, using your method, and it works perfectly.

Actually, what I do is to use CA key to encrypt information transaction.

and now I am dig into another issue that, instead of using CA, I would like to use another key which is for server only (Pls think in a way that CA and Server are different instance.)

Anyway, thanks for your information.

OpenSSL> req -new -x509 -key privkey.pem -out cacert.pem -days 1095
Unable to load config info from /usr/local/ssl/openssl.cnf
error in req

anyone can help me??? plzzz..

Your command line in the quote above looks like it is being issued in Linux installation, is that correct?

rightly,i installed in windows..

and after i follow your instruction, i got this

OpenSSL> openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
openssl:Error: 'openssl' is an invalid command.

nway,thanx 4 ur reply

and for addition, why i dont have "apache\conf\extra folder "?
p/s: i installed XAMPP 1.4.15

why i dont have "apache\conf\extra folder "?

Your XAMPP version is to old...

OpenSSL> openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
openssl:Error: 'openssl' is an invalid command.

You must enter this command at the Windows command prompt (cmd.exe) and not starting "openssl.exe" with a doubleclick and then using this command.

ok..i got it..tq very much...very old??