Self ssl certification of the site

Continuation to previous post about enabling SSL, which is needed to use Google SMTP and other things. This post will help you in getting your site SSL certificate, so that Facebook API can be used, which now requires HTTPS protocol. Below are the steps to give your localhost a local SSL certificate.

  1. Open the DOS command window and change directory to bin directory of wamp apache directory by using the DOS command without quotes: “cd /d c:\” and then “cd wamp\bin\apache\apache2.2.8\bin”. apache2.2.8 should be changed to what apache folder your wamp server has. After done, the DOS prompt should look like:


  2. Create a server key with 1024 bits encryption. You should enter this command without quotes:

    “openssl genrsa -des3 -out server.key 1024″.

    It’ll ask you a pass phrase, just enter it.

  3. Remove the pass phrase from the RSA private key (while keeping a backup copy of the original file). Enter this command without quotes:

    “copy server.key”

    and then

    “openssl rsa -in -out server.key”.

    It’ll ask you the pass phrase, just type it.

    You’ll fill in the information after entering this command. The correct location of config file, openssl.cnf may need to be changed. In windows, you won’t see “.cnf” extension of the file openssl, but in DOS you’ll see the full name openssl.cnf.

  4. Create a self-signed Certificate (X509 structure) with the RSA key you just created. Enter the command without quotes:

    “openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.2.8\conf\openssl.cnf”.

  5. In the conf folder of apache2.2.8 folder, create two folders named as ssl.key and ssl.crt. Copy the server.key file to ssl.key folder and server.crt file to ssl.crt.

  6. In httpd.conf file, remove the comment ‘#’ at the line which says:

    LoadModule ssl_module modules/

  7. In httpd.conf, remove the comment ‘#’ at the line which says:
    Include conf/extra/httpd_ssl.confThen move that line after this block

    <IfModule ssl_module>…. </IfModule>

  8. Open the php.ini file located in apache2.2….\bin folder, remove the comment ‘;’ at the line which says:


  9. Edit the httpd_ssl.conf file in the folder name, extra.

    1. Find the line which says “SSLMutex ….” and change it to “SSLMutex default” without quotes.
    2. Find the line which says: <VirtualHost _default_:443>. Right after it, change the line which says “DocumentRoot …” to DocumentRoot “C:/wamp/www/” with quotes. Change the line “ErrorLog….” to Errorlog logs/sslerror_log. Change the line “TransferLog ….” to TransferLog logs/sslaccess_log.
    3. SSL crt file: Change the line “SSLCertificateFile ….” to SSLCertificateFile “conf/ssl.crt/server.crt”.
    4. SSL key file: Change the line “SSLCertificateKeyFile ….” to SSLCertificateKeyFile “conf/ssl.key/server.key”.
    5. Change the line which says <Directory “C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin”> or something similar to <Directory “C:/wamp/www/”> and add the following lines inside those <Directory … >…</Directory> tags:
      Options Indexes FollowSymLinks MultiViewsAllowOverride AllOrder allow,denyallow from all
    6. Make sure the line CustomLog
      “logs/ssl_request_log” is uncommented (remove the #). This step is suggested.

  10. In the previous DOS Command windows, enter httpd -t . If it displays Sysntax is OK, then go to Step 11. If not, then correct the wrong syntax and redo step 9.

  11. Restart the Apache server. This is most important step.

  12. If restart is successful, then open the browser and enter “https://localhost” without quotes.


  • Follow the above steps carefully and you’ll be done.
  • This will work for Linux too. Just use the path to www folder.
  • For original certification there are lot many organizations like Verisign.
  • For firefox go to options and add that certificate to your browser.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: