How to Configure SSL Certificate in Apache Web Server for Windows


configure ssl certificate in apache web server for windows

SSL/TLS certificates encrypt all data transferred between your web server and users’ browsers. It not only makes your website more secure but also improves its credibility. Here’s how to configure SSL certificate in Apache Web Server for Windows.

 

How to Configure SSL Certificate in Apache Web Server for Windows

Here are the steps to configure SSL certificate in Apache Web Server for Windows. Before we proceed, please ensure you have installed Apache Web Server on Windows.

 

1. Download SSL Certificate

When you purchase SSL certificates from trusted Certificate Authorities like Comodo, GeoTrust, etc. you will receive the SSL certificate (e.g your_domain.crt) and intermediate certificate (e.g CertificateAuthority.crt) via email, after you place the order. Copy these files to the location where you intend to store all certificates and keys. For example, if you have installed Apache in default location, you can copy these files to the conf folder


C:/Program Files/Apache Software Foundation/Apache2.2/conf/

 

2. Create a Certificate Signing Request

Next, create a certificate signing request (CSR) using OpenSSL software. You can download and install it from here. Once you have installed OpenSSL, run the following command in DOS:


openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr

 

This will create the private key file (server.key) and CSR (server.csr) used to order your SSL certificate and encrypt the data. Copy the files to same location where you have downloaded SSL certificate and intermediate key files in step 1.


C:/Program Files/Apache Software Foundation/Apache2.2/conf/

 

While creating CSR file, you will be required to enter a set of information about your website

Enter the requested information

  • Common Name – Fully qualified domain name or URL that you need to secure. If you need a Wildcard certificate add an asterisk(*) to the left of common name. For example, *.example.com
  • Organization – The legal name of the organization that is requesting the certificate. E.g Alpha Distilleries Pvt. Ltd.
  • Organization Unit – Enter the name of your business that is commonly used. E.g Alpha Distilleries
  • City or Locality – Full name of the city or locality where your organization is located
  • State or Province – Full name of the State or Province where your organization is located
  • Country – Two-letter ISO format country code of the country where your organization is located. Here’s the list of ISO codes for countries.
  • Passphrase – Optional passphrase to secure access to your certificate. You can leave it as blank

 

Once the CSR file is generated, open it in a text editor, copy all its contents (—–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags) and paste it on your Certificate Provider’s order form to complete authenticate the order.

 

3. Install mod_SSL

mod_ssl is the Apache module that manages SSL configuration and encryption

Open up conf\httpd.conf in a text editor and uncomment the line by removing ‘#’ character at the beginning of the line


LoadModule ssl_module modules/mod_ssl.so

 

Also uncomment the following line to include SSL config file in Apache


Include conf/extra/httpd-ssl.conf

 

4. Configure the Certificates

The SSL configuration is stored in httpd-ssl.conf file in a text editor. If you have installed Apache in default location, you will find it at


C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-ssl.conf

 

Modify the <VirtualHost> block as per your needs. Update the email address of admin, your root folder location, and domain name. Also, update the locations of Certificate file (SSLCertificateFile) and key file (


<VirtualHost _default_:443>
 ServerAdmin some@email.com
 DocumentRoot "Your Root folder location"
 ServerName www.domain.com:443
 ServerAlias domain.com:443
 ErrorLog "logs/anyFile-error.log"
 CustomLog "logs/anyFile-access.log" common
 SSLEngine on
SSLCertificateFile /path/to/your_domain.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/CertificateAuthority.crt
</VirtualHost>

 

4. Update the Firewall

Add exception to Windows Firewall for port 443, by going to Control Panel->Windows Firewall and adding port 443 in exception.

 

5. Restart Apache Server

Restart Apache Server to apply the changes.

Open a web browser and go to https://your_domain.com. You will see a green lock in the address bar, indicating that your website is secured.

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!