Preface:
============
I had to work on a bunch of Apache on Win32 hosts. Typically, this is against my religion, however, I did it anyway.

While doing it, I went looking for some info on simply redirecting all traffic over HTTPS. I found all the info but some was in different places. I took a base tutorial and made some changes to it so that it had more clarity and also explained how to redirect traffic over HTTPS. Since this is not an original work, all references are cited.

This is tutorial only discusses how to get HTTPS setup with Apache for Win32. It's nothing more.

Enjoy.

APACHE for Win32 with SSL support v 1.3
_
Original document found at:
http://www.thompsonbd.com/tutorials/apachessl.php
Version 1.2 (Up from 1.1 thanks to Mike Young)
Version 1.3 (TheHorse13)
_
_
1. Assumptions
This tutorial assumes that you already have Apache2 installed and working on a Windows server. I have Apache 2.0.52 installed on Windows Server 2000.
_This guide also assumes that you have a standard SSL cert. If you have a supercert, you’ll need to add additional lines to your virtual host in httpd.conf and ssl.conf to deal with the intermediate cert. For more information on what a SuperCert is, please see SGC SuperCert - 256-bit ssl encryption from thawte
_
TIP: Backup your existing httpd.conf file before you begin. If you run into issues, at least you can revert back to the original.
_
2. Needed Files
These are not necessarily the most up-to-date, but they worked for my install so I have included them here. You will need to download both Apache_2.0.55-Openssl_0.9.8a-Win32.zip and Openssl-0.9.8a-Win32.zip
Unzip both of these files to seperate folders.
_
Links:
======
http://brandleadershipmarketing.com/...9.8a-Win32.zip
http://brandleadershipmarketing.com/...9.8a-Win32.zip
_
3. Setting Up OpenSSL
Copy the files ssleay32.dll and libeay32.dll from the OpenSSL folder to WINNT\System32. Double check that you make sure you copied the dll's and not the lib's. Both of these DLL files will be located in the unzipped Openssl-0.9.8a-Win32 folder.
_
Copy mod_ssl.so from the unzipped Apache 2.0.55-Openssl 0.9.8a-Win32\modules folder into the \modules folder of your production Apache server’s path.
_
You also need to download openssl.cnf into the same folder where you unzipped Openssl-0.9.8a-Win32. Windows will remove the .cnf and will make this file look like a dialup icon. Just ignore it. Just make sure you have the file in the right place.
Download ssl.conf and place it in the Apache2/conf directory.
_
Links:
======
http://www.thompsonbd.com/tutorials/files/openssl.cnf
http://www.thompsonbd.com/tutorials/files/ssl.conf
_
4. Creating a test certificate
Open a command prompt. Navigate to where you unzipped Openssl-0.9.8a-Win32.
_
openssl req -config openssl.cnf -new -out my-server.csr
_
You can replace my-server.csr with whatever you want aslong as the extention is .csr. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server (e.g. www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn't match.
_
openssl rsa -in privkey.pem -out my-server.key
_
This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
_
openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
_
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.
_
TIP: Sometimes certs will have the suffix crt or cer. If this is the case, you can either rename the certificate file with the .cert suffix to match the lines in this guide or you can change the conf files to reflect whichever certificate suffix came with the certificate file. For example, if Windows sees the suffix cert, it won’t assign the nifty certificate icon to it. It only sees crt and cer as certificate suffixes and will only assign the icon to these suffixes.
_
Create a directory in the Apache folder name Apache2/conf/ssl and move my-server.key and my-server.cert into it.
_
5. Configuring Apache and mod_ssl
Open the httpd.conf file and locate the LoadModule directives.
Add:
LoadModule ssl_module modules/mod_ssl.so
_
After </IfModule> add
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
In the VirtualHost directives add
<VirtualHost www.my-domain.com:443>
SSLEngine On
SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key
</VirtualHost>
_
TIP: To redirect all traffic to the console to the SSL automatically (otherwise, you will get pages served up on both http and https), add these lines beneath </VirtualHost>
RewriteEngine On
RewriteRule (.*) https://%{SERVER_NAME}/ [R]
_
Then be sure to uncomment the following module:
LoadModule rewrite_module modules/mod_rewrite.so

Open the ssl.conf file and set the correct ServerName (www.my-domain.com) and DocumentRoot. You will place the location of the secure material in the " " after DocumentRoot. So if your secure webpages are on your D: drive, in the folder called secure, the line should look like
DocumentRoot "D:/secure"

Provided that you haven’t made any typos, you should now be able to restart Apache and get SSL pages served up without issue. You can also remove both the zip files and the folders where you extracted Apache_2.0.55-Openssl_0.9.8a-Win32.zip and Openssl_0.9.8a-Win32.zip once you're sure that everything is working the way you want. However, I recommend keeping the Openssl directory in the event you need to cut certs and such in the future. As for the Apache zip, all we did was pillage the mod_ssl.so file compiled for Win32 so that download is of no use.