Configuring SSL on an Apache Server

Perform the procedure below to configue SSL on an Apache server.

1. Browse to the conf folder which is created during the installation of Apache Server. In a typical installation, you can find the conf folder in the following location: C:\Apache24\conf
2. Copy the openssl file and paste it in the bin folder. In a typical installation, you can find the bin folder in the following location: C:\Apache24\bin.
3. Open the Command Prompt and navigate to the Apache server home bin directory.
   
4. Type the following line as shown in the image below: openssl req -config openssl.cnf -new –out I4VServer.csr -keyout I4VServer.pem
   
5. Enter the PEM pass phrase and Common Name while skipping the other prompts.
   • PEM pass phrase: Make note/remember the password you enter. This password will be used for the private key (I4VServer.pem), which would be generated later.
   • Common Name: The fully-qualified domain name for the certificate. In the following image, LQTINPD046 is used, which means that certificate must be used on https://LQTINPD046:8443/

   
   After the PEM pass phrase and Common Name are entered, the files I4VServer.csr and I4VServer.pem will be generated in the Apache server home bin directory (typically found in C:\Apache24\bin).
6. Enter the following line in the command prompt:openssl rsa -in I4VServer.pem –out I4VServer.key
7. When prompted for the password, enter the password used for PEM pass phrase.
   The file I4VServer.key will be created in the Apache server home bin directory (typically found in C:\Apache24\bin.
8. Enter the following line in the command prompt to create a x.509 certificate: openssl x509 –in I4VServer.csr -out I4VServer.cert -req -signkey I4VServer.key -days 365
   The file I4VServer.cert will be created in the Apache server home bin directory (typically found in C:\Apache24\bin).
9. Browse to the bin folder found in the Apache server home directory (typically found in C:\Apache24\bin) and open the file httpd.conf using a Notepad or a text editor.
10. Uncomment the following line by removing # found at the beginning of the line. Refer to the following image:
    LoadModule ssl_module modules/mod_ssl.so
    
11. Uncomment the line by removing # found at the beginning of the line if it is commented. Refer to the following image:
    Include conf/extra/httpd-ssl.conf
    
12. Save and close the file.
13. Create a folder under conf folder and name it is as ssl so that it looks like C:\Apache24\conf\ssl
14. Copy the files I4VServer.key and I4VServer.cert files found in the bin folder (typically found in C:\Apache24\bin) and paste them in the ssl folder that was created in the previous step.
15. Rename the file I4VServer.cert to I4VServer.crt.
16. Browse to the extra folder found in the Apache server home directory (typically found in C:\Apache24\conf\extra) and open the file httpd-ssl.conf using Notepad or a text editor.
17. Delete the lines including and between <IfDefine SSL> and </IfDefine>.
18. Provide details for DocumentRoot, ServerName, and ServerAdmin as required. Refer to the following image:
    
19. Enter 8443 as the port number. Refer to the following image:
    
20. Edit the port number for VirtualHost _default_:443 to VirtualHost _default_:8443
    
21. Add the following lines under <VirtualHost _default_:8443>. Refer to the following image:

    JkMount /I4V loadbalancer
    JkMount /I4V/* load balancer

    
22. Uncomment the following line by removing # found at the beginning of the line. Refer to the following image.
    SSLCertificateFile "c:/Apache24/conf/ssl/I4VServer.crt"
    
23. Uncomment the following line by removing # found at the beginning of the line. Refer to the following image.
    SSLCertificateKeyFile "c:/Apache24/conf/ssl/I4VServer.key"
    
24. Save and close the file.
25. Start Internet Explorer, go to Tools > Internet Options > Content.
26. Click Certificates > Trusted Root Certification authorities > Import.
    The Certificate Import Wizard appears.
27. Click Next
28. Using the Browse button, select the I4VServer.crt file. Refer to the following image:
    
29. Click Next.
30. Select the option Automatically select the certificate store based on the type of certificate and click Next.
31. Click Finish.
32. In the Security Warning message that appears, click Yes and click OK in the subsequent message window.
33. Open the Tomcat instance Server.xml file using Notepad or a text editor.
34. Provide the name of the Tomcat instance for the attribute jvmRoute as shown in the following line.
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatA">
35. For each Tomcat instance you have, add the following lines and provide the Tomcat instance name value for the jvmRoute attribute:

    <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatA">
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatB">
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatC">
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatD">

36. Save and close the file.
37. Open a new txt file and add the following lines:

    # Start setup file
    # workers.tomcat_home=C:\\Program Files\\Apache Group\\TomcatA
    workers.java_home=$JAVA_HOME
    ps=\\
    worker.list=TomcatA ,loadbalancer
    worker.TomcatA.port=8009 worker.TomcatA.host=LQTINPD046 worker.TomcatA.type=ajp13 worker.TomcatA.lbfactor=1
    worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=TomcatA worker.loadbalancer.sticky_session=false

38. Make change as required for each attribute such as the port, host, type, etc.
39. Add the above lines for each instance of the Tomcat you have. Refer to the example below.

    
    # Start setup file
    #
    workers.tomcat_home=C:\\Program Files\\Apache Group\\TomcatB
    workers.java_home=$JAVA_HOME
    ps=\\
    worker.list=TomcatB ,loadbalancer
    worker.TomcatB.port=xxxx worker.TomcatB.host=xxxxxxxx worker.TomcatB.type=xxxx worker.TomcatB.lbfactor=x
    worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=TomcatB worker.loadbalancer.sticky_session=false
    # Start setup file
    #
    workers.tomcat_home=C:\\Program Files\\Apache Group\\TomcatC workers.java_home=$JAVA_HOME
    ps=\\
    worker.list=TomcatC ,loadbalancer
    worker.TomcatC.port=xxxx worker.TomcatC.host=xxxxxxxx worker.TomcatC.type=xxxx worker.TomcatC.lbfactor=x
    worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=TomcatC
    worker.loadbalancer.sticky_session=false

40. Make change as required for each attribute such as the port, host, type, etc.
41. Save the file with the name workers and with the extension properties such that the file is known as workers.properties. Save the file in the conf folder which is typically found in C:\Program Files\Apache Group\Apache2\conf\.
42. Open the httpd.conf file and add the following lines.

    LoadModule jk_module modules/mod_jk-1.2.30-httpd-2.0.53.so
    JkWorkersFile “C:\Apache24\conf\workers.properties"

43. Save and close the file.
    Note: As Apache Server is running in HTTPS mode, there is no need to configure all Tomcat instances in HTTPS mode.
44. Restart the Apache and Tomcat instances.