How to create and add custom SSL certificate to WAMP Server

How to create and add custom SSL certificate to WAMP Server

What is an SSL Certificate?

SSL (Secure Socket Layer) Certificate is a digital certificate that establishes a secure, encrypted connection between a browser and the server, and which also provides authentication for a websiteby verifying its identity.

SSL Certificates are what enable websites to move from HTTP (Hypertext Transfer Protocol) to HTTPS (HTTP Secure).

 

Requirements

This process and all the commands we will use, can only be successful if you have OpenSSL installed. If you haven’t installed it, you need to download ‘OpenSSL’ for Windows or alternatively download and install WAMP Server, which comes with OpenSSL as part of the package.

Note: The openssl commands used here, in some Windows machines may not work. If the command doesn’t work for you, you need to execute ‘OpenSSL’ as an executable;
You can execute openssl commands in two simple methods;

./openssl *command* (PowerShellPS)
openssl *command* (Command PromptCMD)

 

I will be using only Powershell in all commands, but you can also use Command Prompt if you prefer it over PS, to avoid confusion and for consistency as well as to ease understanding the whole process.

 

The SSL creation process

Step 1: Navigation to Apache bin directory

Navigate to ‘C:\Server64WAMP\bin\apache\apache2.4.39\bin\’ (Your installation location and as well as directory name may have a different name depending on whether you changed the default name. However, only the first part should be different. The part starting from *\bin\* should follow the same order as here)

SSL_Certificate_Process1

 

Step2: Generating a private key

./openssl genrsa -aes256 -out private.key 2048

SSL_Certificate_Process2

Note: Enter a pass phrase of your choice. Also note that you can’t see the pass phrase as you enter it.

Note: The pass must be at least 4 characters and a maximum of 1023 characters. If shorter an exception resembling the following will be thrown:

SSL_Certificate_Process2_err1

Note: The “Verifying”pass phrase must of course match the one you entered first. If the two don’t match, an exception resembling the following will be thrown:

SSL_Certificate_Process2_err2

 

Step 3: Backing up the pass phrase

copy private.key privatebackup.key

SSL_Certificate_Process3

 

Step 4: Removing the pass phrase from the private key

./openssl rsa -in private.key -out private.key

SSL_Certificate_Process4

Note: After running the command you’ll be required to enter the pass phrase you set earlier. And again like in the previous scenario, you won’t be able to view your pass phrase as you enter it.

Note: If the pass phrase is wrong, an exception resembling the following will be thrown:

SSL_Certificate_Process4_err1

Note: If you enter a pass phrasse shorter than the set pass phrase, an exception resembling the following will be thrown:

SSL_Certificate_Process4_err2

Note: If you enter a pass phrasse shorter than the set pass phrase, followed by a wrong pass phrase, an exception resembling the following will be thrown:

SSL_Certificate_Process4_err3

 

Step 5: Creating a certificate to certify connections for encrypted traffic

Note: In this step, the most important field is FQDN, where you enter your desired domain name

./openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config C:\Server64WAMP\bin\apache\apache2.4.39\conf\openssl.cnf

SSL_Certificate_Process5

 

Step 6: Copying the SSL Key and Certificate file

Create a directory/folder “key“at: “C:\Server64WAMP\bin\apache\apache2.4.39\conf\key” and copy “private.key” and “certificate.crt” to “key” folder

 

Step 7: Editting httpd.conf

Find the following lines of code and uncomment the ‘Load…’ && ‘Include…’ lines in “C:\Server64WAMP\bin\apache\apache2.4.27\conf\httpd.conf”

#Dynamic Shared Object (DSO) Support
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

On finishing, they should appear in the httpd.conf should look like;

# Dynamic Shared Object (DSO) Support
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

 

Step 8: Editting httpd-ssl.conf

Find the following file: C:\Server64WAMP\bin\apache\apache2.4.39\conf\extra\httpd-ssl.conf

Add the lines of lines that are italicized inside the <VirtualHost _default_:443></VirtualHost> ” tags

<VirtualHost _default_:443>

DocumentRoot “C:/Server64WAMP/www”
ServerName internet.inc:443
ServerAdmin admin@internet.inc
ErrorLog “C:\Server64WAMP/bin/apache/apache2.4.39/logs/error.log”
TransferLog “C:\Server64WAMP/bin/apache/apache2.4.39/logs/access.log”
SSLCertificateFile “C:\Server64WAMP/bin/apache/apache2.4.39/conf/key/certificate.crt”
SSLCertificateKeyFile “C:\Server64WAMP/bin/apache/apache2.4.39/conf/key/private.key”

</VirtualHost>

 

Aternatively, if you are sure that you have installed WAMP Server well, you do not have to write the entire paths. Replacing the common path, which is in my case ‘C:/Server64WAMP/bin/apache/apache2.4.39/‘ with ‘${SRVROOT}‘ for all the above cases, is not only easier but also more effective.

What ${SRVROOT} does is that it automatically selects the correct path and uses it as part of the code, eliminating simple code bugs, like misspelling and omissions.

I’d personally recommend this, because full paths increase the probability of making errors, unless you copy the file path directly and then paste it as-is. The above lines of code will now look like;

<VirtualHost _default_:443>

DocumentRoot “C:/Server64WAMP/www”
ServerName internet.inc:443
ServerAdmin admin@internet.inc
ErrorLog “${SRVROOT}/logs/error.log”
TransferLog “${SRVROOT}/logs/access.log”
SSLCertificateFile “${SRVROOT}/conf/key/certificate.crt”
SSLCertificateKeyFile “${SRVROOT}/conf/key/private.key”

</VirtualHost>

 

Step 9: Creating a pkcs12 file

Next we create a pkcs12 file to solve the issue;

This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested

.\openssl pkcs12 -export -in certificate.crt -inkey private.key -out certificate.p12

SSL_Certificate_Process9

Note: The ‘Export Passsword’ doesn’t have to be similar to the pass phrase you used earlier, but for simplicity, you could use the same.

Note: If the ‘Verifying’ password doesn’t match the first password, an exception resembling the following will be thrown:

SSL_Certificate_Process9_err1

 

Note: It is not advisable to create your own SSL Certificates, especially with live websites! Instead of creating your own SSL certificate, I would advise you to use Free SSL Certificates that are recognized worldwide, and with which you will be stress-free when running a live website. One that I am 100% sure about is Let’s Encrypt SSL certificate. Learn more about Let’s Encrypt!

 

Consider buying thetqweb.com a coffee [buymeacoffee.com/thetqweb.com] if this information was helpful. Even the least is most significant! This site is supported by generous donations such as yours! Click on the floating Purple Coffee Cup on the bottom-right side, or click on the “Buy me a Coffee” tab on the site! Thank You in Advance!

 

How to create and add custom SSL certificate to WAMP Server
Hacking | thetqweb