Set Up the Apache Web Server with Signed Certificates

If you are using a signed certificate for setting up Apache web server, you must perform the following tasks.

During the .csr file generation, provide the Apache web server public hostname, organization details, and the passphrase if the .key file is generated with the passphrase.

%AGILIANCE_HOME%\apache2\conf 

To generate the .key file:

Apache supports either passphrase or SSLFIPS ON, but not both at the same time.
  1. Download OpenSSL from https://slproweb.com/products/Win32OpenSSL.html.

  2. Run the downloaded .exe file and follow the installation instruction to complete the OpenSSL installation.
  3. After successful installation of OpenSSL, perform the following steps:
    If you are restricted from being able to modify your environment variables while using the command prompt, then navigate to the %OpenSSL_INSTALL_LOCATION%\bin folder to execute openssl.exe from the command line.
    1. Set the Environment Variable OPENSSL_CONF

    2. Add OpenSSL to the PATH Variable.
    3. To generate the .key and .csr files, run the commands below:

      openssl genrsa -out server.key 2048

      openssl genrsa –des3 -out server.key 2048

      openssl req -new -key server.key -out server.csr

To generate a certificate signing request:

Refer to How to Create Private Key, CSR and Certificates with OpenSSL for Apache.

The signed certificates and generated .key file should be placed in the C:\Server\apache2\conf folder.

If the .key file is generated with the passphrase: 

  1. Navigate to the %AGILIANCE_HOME%\apache2\conf\ folder and open the passphrase.bat file using a text editor.

  2. Enter the passphrase and save the file.
  3. Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file and change the SSLFIPS ON to SSLFIPS OFF.
  4. Restart the Apache Service.

To change the passphrase:

  1. Rename server.key to server.key.org.

  2. Run the command: openssl rsa -des3 -in server.key.org -out server.key
  3. Provide the new passphrase. 
  4. Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and enter the new passphrase in the passphrase.bat file.
  5. Restart the Apache Service.

To remove the passphrase:

  1. Rename server.key to server.key.org.

  2. Run the command: openssl rsa -in server.key.org -out server.key
  3. Restart the Apache Service.