Create a self-signed Apache SSL Certificate

To Create a self-signed Apache SSL Certificate using OpenSSL:

Open the command prompt and cd to your Apache installations “bin” directory. Usually it would be:

cd “C:\Program Files (x86)\Apache Software Foundation\Apache2.4\bin”

Next, we need to setup the Windows environment variable OPENSSL_CONF to point to the openssl.cnf files location. It is usually located in “C:\Program Files (x86)\Apache Software Foundation\Apache2.4\conf\openssl.cnf” directory.

So we can set it up by the following command or through the GUI interface:

set OPENSSL_CONF=C:\Program Files (x86)\Apache Software Foundation\Apache2.4\conf\openssl.cnf

All files generated from the following commands will reside in “C:\Program Files (x86)\Apache Software Foundation\Apache2.4\bin” folder.

Now that we have the environment variable set we need to create a new OpenSSL certificate request using the following command:

openssl req -new -out server.csr

Where “server” is the domain name for your server.

It will ask you some questions and you can safely ignore them and just answer the following questions:
PEM pass phrase: Password associated with the private key you’re generating (anything of your choice).
Common Name: The fully-qualified domain name associated with this certificate (i.e.

Now we need to remove the passphrase from the private key. The file “server.key” created from the following command should be only readable by the apache server and the administrator. You should also delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

openssl rsa -in privkey.pem -out server.key

Now we need to set up an expiry date, it could be any time of your choice, we use 365 days below:

openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 365

We have the Self-signed SSL certificates ready now. Now We need to MOVE the “server.cert” and “server.key” file to the

“C:\Program Files\Apache Software Foundation\Apache2.2\conf” location, or to whatever directory you chose if you place to user httpd-vhosts.conf.

Configuring Apache to run SSL/HTTPS server using httpd.conf:

Now that we have the Self-signed SSL certificate ready, all we need is to configure Apache to start the SSL server.

First we modify the “C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf” file.

Open up conf\httpd.conf in a text editor and look for the line:

LoadModule ssl_module modules/ and remove any pound sign (#) characters preceding it.

Include conf/extra/httpd-ssl.conf and remove any pound sign (#) characters preceding it.

Now we need to modify the “C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-ssl.conf”. Let all the default options as it is but make sure to modify the following section according to your need:

<VirtualHost _default_:443>
DocumentRoot “Your Root folder location”
ErrorLog “logs/anyFile-error.log”
CustomLog “logs/anyFile-access.log” common
SSLEngine on

SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.cert”

SSLCertificateKeyFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key”

Make sure that “SSLCertificateFile” and “SSLCertificateKeyFile” are properly located.

For better organizing you can also put the whole <VirtualHost></VirtualHost> section in the “C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-vhosts.conf” along with your other Virtual Host settings there but you need to uncomment “Include conf/extra/httpd-vhosts.conf” in your conf\httpd.conf file to use that.

Opening SSL/HTTPS port on Windows:

Now we need to open an exception in Windows Firewall for TCP port 443. You can do that by going to “Windows Firewall” settings in Control Panel and adding a port in the exception section.

Now Restart the server and everything should work fine.