Create a Certificate Authority, CA.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Now we have a certificate authority certificate to sign the certificate for the server.
Generate a key for the server.
openssl genrsa -des3 -out server.key 4096
Generate a certificate signing request
openssl req -new -key server.key -out server.csr
Optional step : remove the passphrase from the key
Rename server.key to server.key.bac.
openssl rsa -in server.key.bac -out server.key
Sign the generated key with certificate authority
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Now we have the necessary keys and certificates to configure Apache2.2 server to enable https
copy the generated keys, certificates to a directory named keys under the conf directory.
Uncomment ssl module and ssl configuration file in httpd.conf.
LoadModule ssl_module modules/mod_ssl.so
configure https in httpd-ssl.conf file located in conf/extra directory. Use the default settings and specify the following Files to match your local settings.
SSLVerifyClient and SSLVerifyDepth options would only be required, if you want the client to authenticate to the server using a certificate and a passphrase.
Now you have successfully configured https for your server.
When connecting to the server, you can obtain the servers certificate by using openssl.
openssl s_client –connect localhost:443 > scert.pem
Now open the scert.pem and remove the unnecessary. Only the content within the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- needed for the certificate. You certificate would look like
Now we can connect to a service deployed in Apache server using https and consume it.
$client = new WSClient(array(“to”=>”https://localhost/webservices/service1.php”,
$response = $client->request($input);
Much more detailed discussion on implementing https alone with Axis2/C is available here.