How to create and add custom SSL certificate to WAMP Server
How to create and add custom SSL certificate to WAMP Server
What is an SSL Certificate?
SSL (Secure Socket Layer) Certificate is a digital certificate that establishes a secure, encrypted connection between a browser and the server, and which also provides authentication for a websiteby verifying its identity.
SSL Certificates are what enable websites to move from HTTP (Hypertext Transfer Protocol) to HTTPS (HTTP Secure).
Requirements
This process and all the commands we will use, can only be successful if you have OpenSSL installed. If you haven’t installed it, you need to download ‘OpenSSL’ for Windows or alternatively download and install WAMP Server, which comes with OpenSSL as part of the package.
Note: The openssl commands used here, in some Windows machines may not work. If the command doesn’t work for you, you need to execute ‘OpenSSL’ as an executable;
You can execute openssl commands in two simple methods;
./openssl *command* (PowerShell – PS)
openssl *command* (Command Prompt – CMD)
I will be using only Powershell in all commands, but you can also use Command Prompt if you prefer it over PS, to avoid confusion and for consistency as well as to ease understanding the whole process.
The SSL creation process
Step 1: Navigation to Apache bin directory
Navigate to ‘C:\Server64WAMP\bin\apache\apache2.4.39\bin\’ (Your installation location and as well as directory name may have a different name depending on whether you changed the default name. However, only the first part should be different. The part starting from *\bin\* should follow the same order as here)
Step2: Generating a private key
./openssl genrsa -aes256 -out private.key 2048
Note: Enter a pass phrase of your choice. Also note that you can’t see the pass phrase as you enter it.
Note: The pass must be at least 4 characters and a maximum of 1023 characters. If shorter an exception resembling the following will be thrown:
Note: The “Verifying”pass phrase must of course match the one you entered first. If the two don’t match, an exception resembling the following will be thrown:
Step 3: Backing up the pass phrase
copy private.key privatebackup.key
Step 4: Removing the pass phrase from the private key
./openssl rsa -in private.key -out private.key
Note: After running the command you’ll be required to enter the pass phrase you set earlier. And again like in the previous scenario, you won’t be able to view your pass phrase as you enter it.
Note: If the pass phrase is wrong, an exception resembling the following will be thrown:
Note: If you enter a pass phrasse shorter than the set pass phrase, an exception resembling the following will be thrown:
Note: If you enter a pass phrasse shorter than the set pass phrase, followed by a wrong pass phrase, an exception resembling the following will be thrown:
Step 5: Creating a certificate to certify connections for encrypted traffic
Note: In this step, the most important field is FQDN, where you enter your desired domain name
./openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config C:\Server64WAMP\bin\apache\apache2.4.39\conf\openssl.cnf
Step 6: Copying the SSL Key and Certificate file
Create a directory/folder “key“at: “C:\Server64WAMP\bin\apache\apache2.4.39\conf\key” and copy “private.key” and “certificate.crt” to “key” folder
Step 7: Editting httpd.conf
Find the following lines of code and uncomment the ‘Load…’ && ‘Include…’ lines in “C:\Server64WAMP\bin\apache\apache2.4.27\conf\httpd.conf”
#Dynamic Shared Object (DSO) Support
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
On finishing, they should appear in the httpd.conf should look like;
# Dynamic Shared Object (DSO) Support
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Step 8: Editting httpd-ssl.conf
Find the following file: “C:\Server64WAMP\bin\apache\apache2.4.39\conf\extra\httpd-ssl.conf“
Add the lines of lines that are italicized inside the “<VirtualHost _default_:443></VirtualHost> ” tags
<VirtualHost _default_:443>
DocumentRoot “C:/Server64WAMP/www”
ServerName internet.inc:443
ServerAdmin admin@internet.inc
ErrorLog “C:\Server64WAMP/bin/apache/apache2.4.39/logs/error.log”
TransferLog “C:\Server64WAMP/bin/apache/apache2.4.39/logs/access.log”
SSLCertificateFile “C:\Server64WAMP/bin/apache/apache2.4.39/conf/key/certificate.crt”
SSLCertificateKeyFile “C:\Server64WAMP/bin/apache/apache2.4.39/conf/key/private.key”
</VirtualHost>
Aternatively, if you are sure that you have installed WAMP Server well, you do not have to write the entire paths. Replacing the common path, which is in my case ‘C:/Server64WAMP/bin/apache/apache2.4.39/‘ with ‘${SRVROOT}‘ for all the above cases, is not only easier but also more effective.
What ${SRVROOT} does is that it automatically selects the correct path and uses it as part of the code, eliminating simple code bugs, like misspelling and omissions.
I’d personally recommend this, because full paths increase the probability of making errors, unless you copy the file path directly and then paste it as-is. The above lines of code will now look like;
<VirtualHost _default_:443>
DocumentRoot “C:/Server64WAMP/www”
ServerName internet.inc:443
ServerAdmin admin@internet.inc
ErrorLog “${SRVROOT}/logs/error.log”
TransferLog “${SRVROOT}/logs/access.log”
SSLCertificateFile “${SRVROOT}/conf/key/certificate.crt”
SSLCertificateKeyFile “${SRVROOT}/conf/key/private.key”
</VirtualHost>
Step 9: Creating a pkcs12 file
Next we create a pkcs12 file to solve the issue;
‘This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested‘
.\openssl pkcs12 -export -in certificate.crt -inkey private.key -out certificate.p12
Note: The ‘Export Passsword’ doesn’t have to be similar to the pass phrase you used earlier, but for simplicity, you could use the same.
Note: If the ‘Verifying’ password doesn’t match the first password, an exception resembling the following will be thrown:
Note: It is not advisable to create your own SSL Certificates, especially with live websites! Instead of creating your own SSL certificate, I would advise you to use Free SSL Certificates that are recognized worldwide, and with which you will be stress-free when running a live website. One that I am 100% sure about is Let’s Encrypt SSL certificate. Learn more about Let’s Encrypt!
How to create and add custom SSL certificate to WAMP Server
Hacking | thetqweb