opencodez

Create SSL Certificate and install in Xampp

HTTPS, itxs a secure HTTP protocol. With the web becoming part of a day to day life people expect almost all application and services should be web enabled and it will happen soon. As huge transactions are done on the web we need some kind of security that will prevent data theft, data sniffing. Secure HTTP plays a very crucial role in protecting the web. Below we will see how we can get SSL Certificate for Xampp.

When we develop any web base application it is always better to provide support for https. Generally it happens that we develop our application with HTTP protocol in mind and when security comes in app may fail to act as expected. So add SSL certificate in the development phase itself.

There might be the case that you wonxt be able to buy the SSL certificate in development phase, in this scenario its always advised to generate and install Self Signed SSL Certificate and later when you decide to move to production you can buy an authentic certificate from companies like VeriSign Inc.

Here we will see how we can generate SSL certificate using Open SSL and install it on Xampp server for Windows.

If while running any of below commands you get any error regarding openssl.cnf then set the correct file with below command

set OPENSSL_CONF=c:/softwares/openssl-0.9.8h-1-bin/share/openssl.cnf

1. Generate a Private Key
Command: openssl genrsa -des3 -out server.key 1024
Screen:

C:\certsxopenssl genrsa -des3 -out server.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
........................................................++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

2. Generate Certificate Signing Request
Command: openssl req -new -key server.key -out server.csr
Screen:

C:\certsxopenssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:ST
Locality Name (eg, city) []:PU
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OC
Organizational Unit Name (eg, section) []:BL
Common Name (eg, YOUR name) []:opencodez
Email Address []:admin@opencodez.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Here the command might need a config parameter. This is not required but its needed when openssl couldnt find the configration file.

3. Sign the Certificate
Command: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Screen:

C:\certsxopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=ST/L=PU/O=OC/OU=BL/CN=opencodez/emailAddress=admin@opencodez.com
Getting Private key
Enter pass phrase for server.key:

3. Install and Configure the Certificate
After this, you will have server.key and server.crt files that you need to copy to some directory that can be easily accessed by apache. Copy both files to say crypt directory and configure the SSL Conf for website or app. Following shows the basic SSL configuration.

    DocumentRoot "path/to/ssltest.com"
    ServerName ssltest.com
    ServerAlias www.ssltest.com
    ServerAdmin you@ssltest.com

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW
    :+SSLv2:+EXP:+eNULL

    SSLCertificateFile "path/to/server.crt"

    SSLCertificateKeyFile "path/to/server.key"

    xfilesmatch ".(cgi|shtml|phtml|php|php5|php4|php3?)$"=""x
       SSLOptions +StdEnvVars

    xdirectory "path="" to="" cgi-bin"=""x
       SSLOptions +StdEnvVars

    SetEnvIf User-Agent ".*MSIE.*" 
        nokeepalive ssl-unclean-shutdown 
        downgrade-1.0 force-response-1.0

4. Restart the apache server and access the application/site with HTTPS.

Conclusion

In this article, we have seen how you can get self-signed SSL Certificate for Xampp and use it for your local application testing.