If you are using a signed certificate for setting up Apache web server, you must perform the following tasks.
%AGILIANCE_HOME%\apache2\conf
To generate the .key file:
Download OpenSSL from https://slproweb.com/products/Win32OpenSSL.html.
- Run the downloaded .exe file and follow the installation instruction to complete the OpenSSL installation.
- After successful installation of OpenSSL, perform the following steps:
If you are restricted from being able to modify your environment variables while using the command prompt, then navigate to the %OpenSSL_INSTALL_LOCATION%\bin folder to execute openssl.exe from the command line. Set the Environment Variable
OPENSSL_CONF
- Add OpenSSL to the PATH Variable.
- To generate the .key and .csr files, run the commands below:
openssl genrsa -out server.key 2048
openssl genrsa –des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
To generate a certificate signing request:
Refer to How to Create Private Key, CSR and Certificates with OpenSSL for Apache.
The signed certificates and generated .key file should be placed in the C:\Server\apache2\conf folder.
If the .key file is generated with the passphrase:
Navigate to the %AGILIANCE_HOME%\apache2\conf\ folder and open the passphrase.bat file using a text editor.
- Enter the passphrase and save the file.
- Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file and change the SSLFIPS ON to SSLFIPS OFF.
Restart the Apache Service.
To change the passphrase:
Rename server.key to server.key.org.
- Run the command:
openssl rsa -des3 -in server.key.org -out server.key
- Provide the new passphrase.
- Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and enter the new passphrase in the passphrase.bat file.
- Restart the Apache Service.
To remove the passphrase:
Rename server.key to server.key.org.
- Run the command:
openssl rsa -in server.key.org -out server.key
- Restart the Apache Service.