Navigation:

Frequently Asked Questions >> SSL Set-up on Apache for HTTPS

SSL Set-up on Apache for HTTPS

Setting up SSL should be undertaken by a competent IT Administrator or personnel with equivalent technical skills.

If you are unsure and require help with this task, please contact our Technical Support team who can assist at our normal hourly rate.

Note: IMC cannot interact with a signing authority on your organisation’s behalf; you must handle obtaining certificate files yourselves.
All paths shown assume the default path was used during installation; if non-default path was used, the user will need to alter paths to suit their particular installation.
Backup each configuration file, before making changes.

 

1.Set Windows Environment Variable OPENSSL_CONF to:

 

         C:\Program Files (x86)\The IMC Group Ltd\Apache24\conf\openssl.cnf

 

2.Open a Command prompt in Administrator mode, go to the following directory:

 

         C:\Program Files (x86)\The IMC Group Ltd\Apache24\bin

 

3.Type the following Command, replacing yourdomain with the domain name you are securing:

 

         openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

 
For example, if your domain name is synergyserver.com, you would type synergyserver.key and synergyserver.csr.

 

4.Enter the requested information:

Common Name:The fully-qualified domain name, or URL, you are securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example:*.coolexample.com.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
Organization Unit: If applicable, enter the DBA (doing business as) name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered. [https://www.iso.org/obp/ui/#search]

5.Send CSR text to a signing authority and they will send you back CRT files.

6.You can find more information about CRT files by double clicking them i.e. if your Signing Authority does not specify which file is which.

Look under the General tab:

If it is issued to yourdomain and issued by the Signing Authority, then it is an SSL Certificate File.

If it is issued to and by the Signing Authority then it is a SSL CA Certificate File. Its file size is generally bigger than SSL Certificate File.

7.Copy .CRT and .KEY files to the CONF folder.

8.Read related comments in httpd.conf & httpd-ssl.conf files when following changes are made,  httpd.conf file resides in CONF folder & httpd-ssl.conf in EXTRA folder.

9.Uncomment the following  in httpd.conf i.e. by removing ‘#’

LoadModule rewrite_module modules/mod_rewrite.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

10.In httpd-ssl.conf find and replace existing commands with the following:

For example:

Find

SSLSessionCache        "shmcb:c:/Apache24/logs/ssl_scache(512000)"

And replace with the following 2 lines which is basically a path change.

SSLSessionCache        "shmcb:c:/Program Files (x86)/The IMC Group Ltd/Apache24/logs/ssl_scache(512000)"

Now repeat the process for the following commands:

 

DocumentRoot "c:/Program Files (x86)/The IMC Group Ltd/Apache24/htdocs"

ServerName www.example.com:443   [Change as per requirement]

ServerAdmin admin@example.com   [Change as per requirement]

 

ErrorLog "c:/Program Files (x86)/The IMC Group Ltd/Apache24/logs/error.log" [Comment this out for better performance]

 

#TransferLog "c:/Apache24/logs/access.log" [Comment out]

 

SSLCertificateFile "C:/Program Files (x86)/The IMC Group Ltd/Apache24/conf/server.crt"

[Signing authority will provide this file under a different name, Change file name accordingly]

 

SSLCertificateKeyFile "C:/Program Files (x86)/The IMC Group Ltd/Apache24/conf/synergyserver.key"

[File generated in step-2]

 

SSLCertificateChainFile "C:/Program Files (x86)/The IMC Group Ltd/Apache24/conf/server-ca.crt"

[Signing authority might provide this file under a different name, Change file name accordingly. Use SSL Certificate file name if this file is not provided OR comment the line by putting ‘#’ in front of it.]

 

SSLCACertificatePath "C:/Program Files (x86)/The IMC Group Ltd/Apache24/conf"

SSLCACertificateFile "C:/Program Files (x86)/The IMC Group Ltd/Apache24/conf/ca-bundle.crt" [Signing authority will provide this file under a different name, Change file name accordingly.]

 

<Directory "c:/Program Files (x86)/The IMC Group Ltd/Apache24/cgi-bin">

 

#CustomLog "c:/Apache24/logs/ssl_request.log" \ [Comment out]

 

<VirtualHost *:80>

   RewriteEngine On

   RewriteCond %{HTTPS} off

         RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</VirtualHost> [Append at the end of file]

 

11.After saving changes restart Apache service.