Installing Apache 2.2 with SSL/TLS on Windows - Apache Lounge

Installing Apache 2.2 with SSL/TLS on Windows

Installing Apache 2.2 with SSL/TLS on Windows

Published by the Open Source Software Lab at Microsoft. December 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software Lab. Most current version will be maintained at .

.

Abstract: Often SSL or TLS is required to secure data from web applications. Sometimes this is just prudent to

prevent confidential or sensitive data from being confiscated. Sometimes this is required by regulations like HIPAA1 or industry bodies, such as the Payment Card Industry. This guide will show how to install

Apache with SSL on Windows.

1 Health Insurance Portability and Accountability Act in the USA



Page i

Installing Apache 2.2 with SSL/TLS on Windows

Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results from the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. Unless otherwise noted, the companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

? 2007 Microsoft Corporation. This work is licensed under the Microsoft Public License. The Microsoft Public License is available here.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Windows, Windows XP, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.



Page ii

Installing Apache 2.2 with SSL/TLS on Windows

Table of Contents

1 Introduction.......................................................................................................................................5 1.1.1 Introduction to SSL and TLS.......................................................................................5

1.2 Obtaining Apache with SSL ...............................................................................................5 1.2.1 ...........................................................................................................................................6 1.2.2 Installing the Software.................................................................................................6 1.2.3 Downloading and Installing the Prerequisites .............................................................6 1.2.4 Installing over an existing Apache installation ............................................................6 1.2.5 Manually installing from Scratch ................................................................................7

1.3 Generating the Certificate ...................................................................................................7 1.3.1 Generating the Certificate Signing Request.................................................................7 1.3.2 Self-signing the Certificate ..........................................................................................9

1.4 Installing the Certificate......................................................................................................9 1.4.1 Editing the httpd.conf and related files. ..................................................................... 10

1.5 Sample httpd-ssl.conf ....................................................................................................... 10 1.6 Final Thoughts .................................................................................................................. 15 1.7 About the Author .............................................................................................................. 15



Page iii

Installing Apache 2.2 with SSL/TLS on Windows

1 Introduction

1.1.1 Introduction to SSL and TLS

SSL stands for Secure Socket Layer and is an encryption framework which can be used on individual network connections. In addition to securing data against eavesdropping, it also allows one to authenticate a network connection on one or both sides using a public key infrastructure based on the OSI X.509 standard2.

X.509 uses a centralized hierarchy with at most a few trusted entities at its core. These trusted entities issue files which are used to distribute public keys and certify that the bearer of the file is who or what he or she claims to be. The certificates are digitally signed by the certifying entity (called a "certificate authority" or CA) to prevent forgery or alteration, and the client can validate the digital signature against the public key kept on file for the certificate authority and decide whether to trust the certified service. Certificate authorities therefore function sort of like a notary public, validating that parties to a transaction really are who they say they are.

In this tutorial, I cover the generation of a self-signed certificate. Such a certificate does provide protection against eavesdropping, but it does not provide the same level of trust as obtaining one through a trusted and respected certificate authority, especially if the site is to be accessible to the public. In essence, a self-signed certificate tells the user that nobody else is vouching for your identity, while with a purchased certificate, someone else is vouching for your identity.

Transport Layer Security (TLS) is simply the latest version of SSL, and is standardized by the IETF.

1.2 Obtaining Apache with SSL Binary packages of Apache with SSL for Windows can be obtained from but unlike the official Apache packages do not come with a Windows installer package. Instead, one simply has a zip file which contains the files and instructions for their installation. Although the installation process is covered in this paper, it is worth reading the "Notice" and "Read Me First" files in the downloaded zip file before continuing, especially if installing a version earlier than 2.2.4.

2 Also refer to RFC 2459

Page 5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download