Friday, May 21, 2010

How to configure https for Apache2.2 and consume PHP web services over https

Step 1.

Create a Certificate Authority, CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Now we have a certificate authority certificate to sign the certificate for the server.

Step 2.

Generate a key for the server.

openssl genrsa -des3 -out server.key 4096

Generate a certificate signing request

openssl req -new -key server.key -out server.csr

Optional step : remove the passphrase from the key

Rename server.key to server.key.bac.

openssl rsa -in server.key.bac -out server.key

Step3.

Sign the generated key with certificate authority

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Now we have the necessary keys and certificates to configure Apache2.2 server to enable https

Step4.

copy the generated keys, certificates to a directory named keys under the conf directory.

Uncomment ssl module and ssl configuration file in httpd.conf.

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Step 5.

configure https in httpd-ssl.conf file located in conf/extra directory. Use the default settings and specify the following Files to match your local settings.

SLCertificateFile "F:/Apache2.2/conf/keys/server.crt"

SSLCertificateKeyFile "F:/Apache2.2/conf/keys/server.key"

SSLCACertificateFile "F:/Apache2.2/conf/keys/ca.crt"

#SSLVerifyClient require

SSLVerifyDepth 1

SSLVerifyClient and SSLVerifyDepth options would only be required, if you want the client to authenticate to the server using a certificate and a passphrase.

Now you have successfully configured https for your server.

When connecting to the server, you can obtain the servers certificate by using openssl.

openssl s_client –connect localhost:443 > scert.pem

Now open the scert.pem and remove the unnecessary. Only the content within the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- needed for the certificate. You certificate would look like

-----BEGIN CERTIFICATE-----

-----END CRETIFICATE-----

Step 6.

Now we can connect to a service deployed in Apache server using https and consume it.

$client = new WSClient(array(“to”=>”https://localhost/webservices/service1.php”,

                                                “CACert”=>”cert.pem”));

$response = $client->request($input);

Much more detailed discussion on implementing https alone with Axis2/C is available here.