fyndler: SSL is already enabled, the problem is your certificate either does not match the name of your server, the certificate has expired, or the certificate is not signed my a trusted authority. To fix the servername and expiry only, you can run "makecert.bat" in the apache folder.
to install a certificate from a trusted authority, you will need to wait untill someone helps me with my problem below:
to the benevolent technical savy users and staff:I've been trying to implement a commercial certificate (Thawte) on my xampp 1.6.0a installation.
I have no problems with implementing the built-in (self signed) SSL Certificate. However when I go through the motions to create a commercial SSL Certificate, I am subsequently unable to start my apache service.
the steps I use are as follows:
Part 1:
1) open dos prompt, navigate to apache/bin
2) run the command "openssl genrsa -des3 -out my.domain.com.key 1024"
3) create a PEM
I've now created my Key file (I think this step is OK)
Part 2:
1) still in the same working directory, run the command:
"openssl req -config \apache\bin\openssl.cnf -new -key my.domain.com.key -out my.domain.com.csr"
2) enter PEM
3) enter in requested details -> country, state, city, company name, domain name etc
I've now created my csr file (I think this step is OK)
Part 3:
1) Open Thawte website, request free 21 day trial certificate, enter my details for their marketing
2) Open my.domain.com.csr with a text editor (in this case notepad)
3) Copy contents of my.domain.com.csr (everything including "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" and everything in between)
4) Thawte generates a certificate which looks like
-----BEGIN CERTIFICATE-----
MIIDJTCCAo6gAwIBAgIQbRK8UxzssfdyTuJ+Bd2GajANBgkqhkiG9w0BAQUFADCB
.
.
pA/S/xYkOnLFyAyudFT6gTJenlG8kPC1VXjImFKAEL3wW2Q5ZSZ2STo=
-----END CERTIFICATE-----
I copy and paste this into a text file which I rename my.domain.com.crt (I think this step is OK)
Part 4 - Updating the Apache Config
this is where I think I'm making mistakes.
1) I copy my.domain.com.crt into xampp\apache\conf\ssl.crt
2) I copy my.domain.com.key into xampp\apache\conf\ssl.key
3) I rename my.domain.com.csr to server.csr and copy it into xampp\apache\conf\ssl.csr
4) I update xampp\apache\conf\extra\httpd-ssl.conf
I change SSLCertificateFile conf/ssl.crt/server.crt to SSLCertificateFile conf/ssl.crt/my.domain.com.crt
and change SSLCertificateKeyFile conf/ssl.key/server.key to SSLCertificateKeyFile conf/ssl.key/my.domain.com.key
5) stop apache
6) start apache (apache unable to start)
Part 4 (alternative) I've also tried:
1) I rename my.domain.com.crt to server.crt and copy into xampp\apache\conf\ssl.crt
2) I rename my.domain.com.key to server.key and copy into xampp\apache\conf\ssl.key
3) I rename my.domain.com.csr to server.csr and copy it into xampp\apache\conf\ssl.csr
4) (don't touch xampp\apache\conf\extra\httpd-ssl.conf)
5) stop apache
6) start apache (apache unable to start)
I think I'm missing something when I update the apache configuration.
one line I think could be a problem is:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
but I'm not sure... or it could be somewhere else
(for all I know, I could be creating the .key file wrongly!)
when i revert back to the original .key and .crt files (and original httpd-ssl.conf), apache can start without a problem
if I use the makecert.bat to generate a self signed SSL certificate, apache also starts without a problem
it's only when I try to create my own certificates (signed by thawte) that I have this problem.
any comments/suggestions would be greatly appreciated!