Securing Your Web Server: Harnessing the Power of Apache on Windows with SSL

by arun danielin Webserveron Posted on

Introduction

Apache is one of the most popular web servers available today. Originally designed for use on Unix-based systems, Apache can now be installed on a variety of platforms, including Windows. While many users may assume that Apache is only suitable for Linux or Unix environments, there maybe reasons and benefits to installing Apache on a Windows machine.

In this blog post, we’ll explore how to run Apache on a Windows system. Whether you’re a developer, a system administrator, or simply looking to host a website on your Windows PC, understanding the steps of Apache installation and configuration on a Windows Server can help you make an informed decision about whether it’s the right choice for your needs. So, let’s dive in and take a closer look at Apache on Windows.

Workflow

Download and Extract Apache

Please note all commands are done in PowerShell.

  • Download Apache
    • start-bitstransfer https://www.apachelounge.com/download/VS17/binaries/httpd-2.4.56-win64-VS17.zip
  • Extract zip file
    • expand-archive httpd-2.4.56-win64-VS17.zip
  • Copy Apache directory to your desired location
    • copy-item -path ".\httpd-2.4.56-win64-VS17\Apache24" -Destination "C:\Apache24" -recurse

Install and Run Apache on Port 80

  • Move to the bin directory of Apache
    • cd c:\apache24\bin
  • Install Apache as a service with your desired service name (e.g. arunapache)
    • .\httpd.exe -k install -n "arunapache"
  • Confirm service has been created
    • get-service arunapache
  • From another machine, confirm you can browse to the IP address of the server hosting Apache. You should see the ‘It works’ page

Configure and Run Apache on Port 443

Please note I will not go into how to obtain a pfx file, nor installation of OpenSSL.

Export Files from PFX

  • Create a key to use to export only the private key. In the example below i have a pfx file called arunssl.pfx and i am exporting the private key (myexport.key). You will be asked for the password for the pfx file and then you will be asked to create your own passphrase (twice) for the myexport.key file
    • openssl pkcs12 -in arunssl.pfx -cacerts -out myexport.key
  • Using the export key (myexport.key), you will export the decrypted private key (server.key). You will be asked to input your passphrase you stated when exporting the myexport.key
    • openssl rsa -in myexport.key -out server.key
  • Export only the certificate file (server.crt) from the pfx file (arunssl.pfx). You will be asked for the password for the pfx file
    • openssl pkcs12 -in arun.pfx -clcerts -nokeys -out server.crt
  • Export the chain of certificates under one file (server-ca.crt) from the pfx file (arunssl.pfx) without including the private key. You will be asked for the password for the pfx file
    • openssl pkcs12 -in arunssl.pfx -chain -nokeys -out server-ca.crt

Copy Files to Apache Root

  • Copy the three files created (server.key, server.crt, and server-ca.crt) to the Apache Server root directory (C:\Apache24)
    • copy server.key, server.crt, server-ca.crt c:\Apache24\

Configure Apache for HTTPS

  • Open httpd.conf from the conf directory
    • notepad C:\Apache24\conf\httpd.conf
  • Find and uncomment the following lines (remove the hash mark, #)
    • LoadModule ssl_module modules/mod_ssl.so
    • Include conf/extra/httpd-ssl.conf
  • If you named any of the exported files to anything else, you will have to modify the httpd-ssl.conf file located in C:\Apache24\conf\extra\httpd-ssl.conf file. The lines you will have to modify are:
    • SSLCertificateFile – this is the location of your server crt file
    • SSLCertificateKeyFile – this is the location of your private key
    • SSLCertificateChainFile – this is the location of your chain certificate file
  • Restart the Apache service (e.g. arunapache)
    • restart-service arunapache
  • From another machine, confirm you can browse to the IP address of the server hosting Apache on https port. You should see the ‘It works’ page along with the page showing the certificate being used.

Conclusion

In this blog post, we’ll explored how to run Apache on a Windows system. Although made for Unix/Linux in the past, Apache has grown leaps and bounds in popularity where no longer is it limited to those operating systems. As you can see, the steps to run a webserver is straightforward and to have it secure via SSL, the steps are not at all rocket science.

In conclusion, installing Apache on Windows can bring numerous benefits to web developers and website administrators alike. By leveraging Apache’s robust and versatile server capabilities, users can enjoy faster page load times, improved website security, and greater flexibility in configuring their web server environment. Additionally, Apache’s compatibility with a wide range of web development technologies makes it an ideal choice for those who require a powerful and customizable web server platform. So, whether you’re running a small personal website or managing a large-scale enterprise application, installing Apache on Windows is a smart choice that can help you optimize your web infrastructure and achieve your online goals more effectively.

Leave a Comment

Your email address will not be published. Required fields are marked *