How do I generate an SSL Cert...

Problems with the Windows version of XAMPP, questions, comments, and anything related.

How do I generate an SSL Cert...

Postby ierick7 » 10. January 2012 19:45

I'm using xampp for my development environment for work. I need to generate a SSL cert since we now force SSL login for security reasons. I have been trying to find the solution online, but haven't had any luck yet.

I'm new to this whole generate certs, so I need some on a beginner level. any help would be appreciated.

Thanks.
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby Sharley » 10. January 2012 22:22

First you are using an XAMPP version that has many issues that have been recorded here:
viewtopic.php?f=16&t=44327
Not sure now if SSL certificate generation was an issue but you might want to read through and check for yourself.

Here are a couple of links that may help you get a handle on generating an SSL certificate.
http://slacksite.com/apache/certificate.php
http://www.instantssl.com/ssl-certifica ... d_ssl.html

From the links above you may need the openssl.exe file found in the \xampp\apache\bin folder.
Double click on openssl.exe
Then at the OpenSSL> prompt type help (invalid command but will return a list of commands and switches).

When you reach the point of typing the certificate command do not add openssl as the first word in the examples from the links.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How do I generate an SSL Cert...

Postby ierick7 » 12. January 2012 20:17

I've upgraded to 1.7.7 on windows 7. When opening the openssl.exe, I get "WARNING: can't open config file: openssl.cnf" Any idea how to fix this. I have searched high low online and still have not found a solution.
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby ierick7 » 12. January 2012 20:58

c:/openssl-1.0.0e/ssl/openssl.cnf is the path its asking for. Can't seem to find where to edit the path location in xampp.
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby Sharley » 12. January 2012 21:41

When you double click on the openssl.exe file it only 'warns' about not finding the openssl.cnf file but then presents you with the openssl> command prompt anyway, where you can still type your commands to generate keys and certificates without the need of the configuration file...

...but if you like, you can work around this 'warning' by creating a folder path C:\openssl-1.0.0e\ssl

In \xampp\apache\bin folder you will see what looks like a shortcut to openssl
This is the openssl.cnf file and if you open your text editor then drag this openssl (Shortcut, SpeedDial, Symbolic Link) file into a new blank open page, it will reveal the openssl.cnf file.

Next save this file from the File menu in the text editor into the path on C you just created so you end up with C:\openssl-1.0.0e\ssl\openssl.cnf as expected by the (hard coded) openssl.exe file.

Now you can double click on openssl.exe in the apache\bin folder and you should see the openssl> prompt again minus the 'warning' where you can type your commands where the configurations in the cnf file will be used
(in your case I don't see an advantage to use the cnf file as you will (can) override the cnf in your commands from the links I first provided anyway, but the choice is yours).

Best wishes. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How do I generate an SSL Cert...

Postby ierick7 » 12. January 2012 22:26

Thanks again.

I keep getting another error in the oppenssl.exe in regards to passphrase and the like... unable to write "random state". Any ideas?
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby Sharley » 12. January 2012 22:34

When you type your passphrase (password) the word or phrase is not displayed on the screen as you type as it would normally be, but it is being seen by openssl.

After typing the password hit enter and you will be asked to confirm the passphrase where you type it in again and once again it will not be shown, hit enter and you should be OK to proceed.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How do I generate an SSL Cert...

Postby ierick7 » 12. January 2012 22:41

my bad it happens after the openssl genrsa -des3 -out server.key 1024 before I enter the passphrases.
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby Sharley » 12. January 2012 22:51

After double clicking on openssl.exe you don't actually type openssl at the start of any of the commands just type the command like so:
genrsa -des3 -out server.key 1024

You would type the full command including openssl if you had opened a dos command console in the apache\bin folder where the openssl part is the command to start openssl.exe file - which you have already done.

Recap to my first reply above and you will see:
Sharley wrote:When you reach the point of typing the certificate command do not add openssl as the first word in the examples from the links.
:)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How do I generate an SSL Cert...

Postby ierick7 » 12. January 2012 23:04

I knew that much, I haven't been typing any of the oppenssl, just like you have typed.
ierick7
 
Posts: 7
Joined: 10. January 2012 19:41
Operating System: Win 7

Re: How do I generate an SSL Cert...

Postby hackattack142 » 12. January 2012 23:12

To maybe simplify this issue, XAMPP provides a script to generate SSL certificates.

Open a command prompt and go to the "/xampp/apache" directory. Run the "makecert.bat" file and complete all the prompts.

If it completes successfully, it should generate your certificate (server.crt) in "/xampp/apache/conf/ssl.crt" and the corresponding private key (server.key) in "/xampp/apache/conf/ssl.key".

After these are generated, you can verify the Apache SSL settings in "/xampp/apache/conf/extra/httpd-ssl.conf" but it should have the above directories already configured.

You will most likely still get certificate warnings when you go to your page via https because this is a self-signed certificate but I assume that is what you wanted.

Note that XAMPP comes with an existing server.crt and server.key file so make sure you check the modification dates after running the script or delete the old ones first.
XAMPP Control Panel Developer
Latest CP: viewtopic.php?f=16&t=48932
hackattack142
 
Posts: 701
Joined: 20. May 2011 23:29
Operating System: Windows 7 Ultimate SP1 64-Bit

Re: How do I generate an SSL Cert...

Postby Sharley » 12. January 2012 23:17

ierick7 wrote:I knew that much, I haven't been typing any of the oppenssl, just like you have typed.
But you typed the command here including openssl at the start of the command
ierick7 wrote:my bad it happens after the openssl genrsa -des3 -out server.key 1024 before I enter the passphrases.
How would you want me to reply to that post? :shock:

If, as I assumed from reading your first post, you want a real Certificate Authority (CA) verified SSL certificate for your company server, which will not give invalid certificate warnings. not a self signed certificate generated by the makecert.bat file that will give invalid certificate warnings for your company, much like the default SSL certificate already included in XAMPP, then try and follow this short how to:
Type your command
OpenSSL> genrsa -des3 -out server.key 1024 <-- you can specify a location to save the server.key file eg. C:\server.key
Click enter

Returns
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..++++++
.................++++++
e is 65537 (0x10001) <--This informative part may appear different on your screen but the end line should be
Enter pass phrase for server.key:

Type your password which will not be reflected on screen
Click enter

Returns
Verifying - Enter pass phrase for server.key:
Type your password again which will not be reflected on screen
Click enter

Returns to the OpenSSL> prompt but saves the file server.key in the apache\bin folder by default or the path location you specified.

Just copy and paste this where required at the certificate issuing site and wait for the email to arrive with the rest of your certificates.

The server.key file should look similar to this from the openssl command you posted with a password I provided, so don't use this example it won't work:
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,EF8495243B385070

rHr6YzlP02aNEnYs+Klf7WVh2oqNSSLe8N3/Z6Iv9PFZYMVYVjMLI1dmWy9O5Kbj
ZXqqdo9maXSOoDfc9ReDGVQVBh6cRWHBH+p0ieeK5IkB9/to+3lJsNzfetJqWlAl
U1ADV1dmAJqsoOoN6XGpAvNT9ZuXhlWpmlBGXe71Py7Hg6q0OFWnf9F+4JW/wFGO
uL11juv7L/K6Kqt1/8y4/eY8a1TyLxfMIP7oO5t+H1+a09APx/EPAf7F3RIRk0BD
SCqbbNYXwqZKnZ4P3XcVS0fxkiQ7KwurF3FpTKMUyAjhEDhu4W8F3I9ObsD8alr1
xDk0wXnv4Zd2+cENQfZ8wgAyCL3fpATAPz/MAy3E9SUyOoAhqhGH36Fj0d9K0CXT
wwwEp9y5TuLYWn9EGzI3HTKMFH4X1Pn4BMBhlyRUOjzjRH+PRigqQWLBx83RKnEw
0dgaWQaOHiMuzIh7Uu421iy8K+PGASfON2lPc7qEMgZn/2VaPtmvRZ4HxxvmwaTP
SB2vGI6uJ7nhRCMc20w9RlR1q4Ckr8jn9xcq+WvqDX/85x00j7Q/GmQ6r019IffH
yACzlQDRlTPaeWkWwYikPHb+AVqSQ/PR5bjEfzOZnSD1ff2RkqGzFL3eB2ZA26Dq
FfuBE0osO36oLNoB005JmCG9dv8FrnSQmMRmK6qg84IlP9pOOHeglH6HYoN6Cy7x
etmrH2bKEAwNlJL7m4tkRIALWMVjp1NbOdshSBslQTwGLTndNdlnJbDj7qXFmyJF
JvP54W/pW6wwW0Efk69W09ytB22kSYQSU2PqZ7WgKiWoxdYHG4PZ1w==
-----END RSA PRIVATE KEY-----


Keep them all together in one place initially so you know where they all are.
Then transfer the individual certs to their required locations for use. This information will be provided or you can follow the localhost locations examples in xampp.
If you still think that a self signed certificate generated by the makecert.bat file is the way to go then make sure you make a backup copy of all the ssl folders in the apache\conf folder as, without warning, they will be overwritten.
Good luck. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 115 guests