Monday, 25 November 2013

Making a website https using Apache(httpd) and tomcat on Windows Server

Getting SSL certificate from Seller:

1.       Hit command openssl on windows command prompt at windows server

2.       If no openssl command recognized install openssl first.

3.       After installation goto https://www.digicert.com/easy-csr/openssl.htm

4.       Fill the form and generate the command , copy and paste the command in server                 command prompt and execute it

5.       This will generate websitename.csr and websitename.key

6.       Upload the websitename.csr while purchasing the ssl certificate

7.       Seller will give server.crt and bundle.crt (maybe with different names)


8.       Keep the websitename.key which will be needed by apache webserver.

Configuring Apache for SSL :

    1.     Install apache of latest version with openssl .Check if extracted apache folder has               mod_ssl and mod_rewrite .

2.    Setup procedure for Apache with ssl :

 a.    Seller will give bundle.crt and server.crt as we discuss earlier, store this in                      apache/conf folder .Put websitename.key also in apache/conf folder.Rename                websitename.key to server.key

b.     Edit httpd.conf file located  in conf folder of apache
        i.   Delete # sign in front of LoadModule ssl_module  modules/mod_ssl.so
        ii.  Delete #sign in front of    Include conf/extra/httpd-ssl.conf

c.       Edit httpd_ssl.conf located in conf/extra folder of apache

      i.  Modify following section according to your need

<VirtualHost _default_:443>
  ServerAdmin some@email.com
  DocumentRoot "Your Root folder location"
  ServerName www.domain.com:443
  ServerAlias domain.com:443
  ErrorLog "logs/anyFile-error.log"
  CustomLog "logs/anyFile-access.log" common
  SSLEngine on
  SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.cert"
 SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"
 </VirtualHost> 

      ii.  Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.

 3.   Edit settings in windows advance firewall setting

i.      Modify ApacheWebserver port to any option or add 443 with 80 in inbound rules table

ii.    Or you can add exception in windows firewall for TCP port 443

   4.  Restart the apache webserver .

   5.  You may  get an error while starting the apache webserver, Read the Details from Error      Log or can see the error in event viewer . 

            a.   If the error is   Error: 185073780 error:0B080074:x509 certificate                                                     routines:X509_check_private_key:key values mismatch

          view the certificate modulus using the following command:
          openssl x509 -noout -text -in certfile -modulus

          view the key using the following command:
         openssl rsa -noout -text -in keyfile –modulus

                  If modulus are different reissue the request to get server.crt.

              b. Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf
                    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module                             not included in the server configuration 

                  Uncoment the following line from httpd.conf by removing # sign and save it. 

                  LoadModule ssl_module modules/mod_ssl.so  .  

              c.  Syntax error on line 76 of  SSLSessionCache: 'shmcb' session cache not supported                        (known names: ). Maybe you need to load the appropriate socache module                                    (mod_socache_shmcb?).

                   Uncoment the following line from httpd.conf by removing # sign and save it. 

         LoadModule socache_shmcb_module modules/mod_socache_shmcb.so                 
              d. Apache may stop responding on http but respond on https or Apache hangs & needs                     restarting regularly due to commodo filter .  Just add following lines 
                       
                    AcceptFilter http none
          AcceptFilter https none

                  For more details please visit this Link

   6.   Hope this will help .


Configuring ApacheWebServer with SSL to redirect to tomcat :

1.       Add following statement to httpd.conf and save .

JkExtractSSL On 
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID 
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT

2.       Add following statement to httpd_ssl.conf and save it.

 JkMountCopy On
 JkMount /* ajp13

3.       Restart the Server , if still not working you should add Listen 443 line in httpd.conf after     Listen 80

Configuring ApacheWebServer with SSL to redirect request from http to https :

       
a.       Uncomment the line LoadModule rewrite_module modules/mod_rewrite.so by removing # sign before it in httpd.conf.

b.      Add following statements in httpd.conf for every page to redirect to https automatically

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*)
https://%{HTTP_HOST}%{REQUEST_URI}

c.       Add following statements in httpd.conf for single page to redirect to https automatically

RewriteEngine On
RewriteRule ^apache-redirect-http-to-https\.html$ https://www.yoursite.com/apache-redirect-http-to-https.html [R=301,L]




No comments:

Post a comment