1) Create SSL Certificate and Key
1a) Open the DOS command window and change directory to bin directory of wamp apache directory by using the DOS command without quotes: "cd /d c:\" and then "cd wamp\bin\apache\apache2.2.8\bin". apache2.2.8 should be changed to what apache folder your wamp server has.
After done, the DOS prompt should look like: C:\wamp\bin\apache\apache2.2.8\bin>
1b) Create a server private key with 1024 bits encryption. You should enter this command without quotes:
"openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr".
You will now be asked to enter details to be entered into your CSR. What you are about to enter
is what is called a Distinguished Name or a DN. For some fields there will be a default value, If you
enter '.', the field will be left blank. Use the name of the webserver as Common Name (CN). If the
domain name (Common Name) is mydomain.com append the domain to the hostname (use the
fully qualified domain name).
Depending on a specific certifying authority (CA) you might have to enter the details as specified by
them. Normally, the CA authority will provide specific instructions for you.
C. Now all you have to do is sending this Certificate Signing Request (CSR) to a Certifying Authority
(CA) to be signed. A trusted CA means all major web browsers recognize it without giving you a
warning when you install your CA-signed SSL certificate on your webserver. Once the CSR has been
signed, you will have a REAL Certificate, which can be used by Apache. You can have a CSR signed
by a commercial CA (fees are required). Then they will send you the signed certificate which you
can store in a server.crt file
D. Once, your CSR certificate has been signed and returned to you, you can view the details by using
this command: openssl x509 -noout -text -in server.crt
2) Copy the server.key and server.crt files.
2a) In the conf folder of apache2.2.8 folder, create two folders named as ssl.key and ssl.crt
2b) copy the server.key file to ssl.key folder and server.crt file to ssl.crt
3) Edit the httpd.conf file
3a) In httpd.conf file, remove the comment '#' at the line which says: LoadModule ssl_module
3b) In httpd.conf, remove the comment '#' at the line which says: Include
Then move that line after this block <IfModule ssl_module>.... </IfModule>
4) Edit the httpd_ssl.conf file in the folder name, extra
4a) Find the line which says "SSLMutex ...." and change it to "SSLMutex default" without quotes
4b) Find the line which says: <VirtualHost _default_:443>. Right after it, change the line which says "DocumentRoot ..." to DocumentRoot "C:/wamp/www/" with quotes. Change the line "ErrorLog...." to Errorlog logs/sslerror_log. Change the line "TransferLog ...." to TransferLog logs/sslaccess_log
4c) SSL crt file: Change the line "SSLCertificateFile ...." to SSLCertificateFile "conf/ssl.crt/server.crt"
4d) SSL key file: Change the line "SSLCertificateKeyFile ...." to SSLCertificateKeyFile "conf/ssl.key/server.key"
4e) Change the line which says <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin"> or something similar to <Directory "C:/wamp/www/"> and add the following lines inside those <Directory ... >...</Directory> tags:
Options Indexes FollowSymLinks MultiViews
allow from all
4f) Make sure the line CustomLog "logs/ssl_request_log" \
is uncommented (remove the #).
5) Restart the Apache server
7) if restart is successful, then open the browser and enter "[localhost"]; without quotes.
8) If you want to allow world wide web access to your HTTPS secure server, then in the httpd_ssl.conf file, change the line which says 'ServerName localhost:443' to 'ServerName www.yourwebsitename.com:443' without quotes. yourwebsitename is your registered internet domain name. If you don't have it, then just use your WAN IP address. For example 'ServerName 18.104.22.168:443'. Make sure these setups are correct to allow outside access to secured www server.
8.a The DocumentRoot you modified in step 4b points to the correct website folder on your
8.b If your computer's connected to the router, setup the router to allow port 443 forwarding to your
8.c If your computer has a firewall enabled or behind a network firewall, set up the firewall to allow
incoming port 443 connection.