Difference between revisions of "How to Configure Apache for HTTPS"
(Created page with "This page is currently just a stub.") |
(→Download and install the OpenSSL utility) |
||
(18 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | This | + | To secure your web server with SSL/TLS encryption, you need to obtain a digital certificate from a trusted certificate authority and enable the SSL/TLS cryptographic protocols on your server. |
+ | |||
+ | This article describes: | ||
+ | * how to generate a self-signed certificate, which can be used to test the configuration; | ||
+ | * how to enable SSL/TLS on the [http://www.wampserver.com/en/ WampServer 2.4] distribution of Apache and PHP. | ||
+ | |||
+ | == Generate a server key pair and a server certificate == | ||
+ | |||
+ | For deployment purposes you need to obtain an SSL certificate from a trusted certificate authority (e.g. [https://www.symantec.com/ssl-certificates Symantec] or [http://godaddy.com/ssl/ GoDaddy]. Those are pricey. | ||
+ | |||
+ | To test your server configuration, you can use a self-signed certificate. (The browser won't recognize it and will ask the users to proceed at their own risk.) | ||
+ | |||
+ | This section describes how to create a self-signed X.509 certificate using the [https://www.openssl.org/ OpenSSL] utility. | ||
+ | |||
+ | === Download and install the OpenSSL utility === | ||
+ | |||
+ | You can download a binary distribution of the utility by following the links on the [https://www.openssl.org/community/binaries.html OpenSSL Project site] (e.g. [http://slproweb.com/products/Win32OpenSSL.html OpenSSL for Windows]). | ||
+ | |||
+ | When you run the installer you'll be prompted to specify a destination folder for the installation. You can accept the default (<code>C:\OpenSSL</code>) or change it. | ||
+ | |||
+ | This article assumes you installed in the utility in the <code>C:\Applications\OpenSSL</code> folder. | ||
+ | |||
+ | === Generate a server key pair and a server certificate using the OpenSSL utility === | ||
+ | |||
+ | Open a command prompt window and run the following command: | ||
+ | |||
+ | C:\Applications\OpenSSL\bin\openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt | ||
+ | |||
+ | Here's what the options mean: | ||
+ | * <code>-x509</code> identifies that a certificate is required, rather than just a certificate request; | ||
+ | * <code>-days 365</code> sets the certificate to expire in a year; | ||
+ | * <code>-sha1</code> specifies that SHA1 encryption should be used; | ||
+ | * <code>rsa:1024</code> sets the key as 1024 bit RSA; | ||
+ | * <code>-nodes</code> specifies no passphrase; | ||
+ | * <code>-keyout</code> and <code>-out</code> specify where to store the key and certificate. | ||
+ | |||
+ | The utility will prompt you for the following information: | ||
+ | * Country Name; type the two-letter code of your country (e.g. '''CA'''); | ||
+ | * State or Province Name; type the name of your state or province (e.g. '''Ontario'''); | ||
+ | * Locality Name; type the name of your city (e.g. '''Toronto'''); | ||
+ | * Organization Name; type the name of your organization (e.g. '''Dot2Dot Communications Inc.'''); | ||
+ | * Organizational Unit Name; type the name of your group (e.g. '''R&D''') or leave blank; | ||
+ | * Common Name; type the fully qualified domain name of your server (e.g. '''www.mydomain.com'''); | ||
+ | * Email Address; type a contact email address or leave blank. | ||
+ | |||
+ | The command will create two files in the current folder: | ||
+ | |||
+ | * <code>server.key</code>, which looks like this: | ||
+ | |||
+ | <nowiki> | ||
+ | -----BEGIN RSA PRIVATE KEY----- | ||
+ | MIICXAIBAAKBgQCwynryFeytEkPF6RuQJr6Q7NhmLr4mamQaxvBT7+cBwMb8RiHW | ||
+ | erKuvHn2f96A7hKwhkgyWOl+pTnS7LH8xkRZmCmx5B31U1MiUvctZ3nNrti1Khjf | ||
+ | KeWuP31QMEQjpkpzHkCCz3V7VQpXKm52UbTTMlI8Cuw/XvzNwDJEa4RAHQIDAQAB | ||
+ | AoGAMm/BvZkFqaahUTAc3fY/vcbkQdqqAvmtT3pcDAZQSE7ANi6n7rGYkoNQ5EM8 | ||
+ | rlm9WUEmDb8R9kCbC5LdgHjr/I4f0m1fIl5J1fMVfE0ZbwQ4w8ruus4YXJxgNkE8 | ||
+ | QloYG0sFMbpcxfu/HYHmj90P88SBSf1NxVQBm6ntEYjtDb0CQQDabL9X7SSvA3KW | ||
+ | mqwhmTZufvl1z705N8xWuXKOkRXFe6OGWQMZk9A5LwmqRU//pIWHRdxljNwpvcd5 | ||
+ | ehBNxJ9nAkEAzzQ2EvengVNIwlM67dBStriea857oBlseeqzkEav+SxkA2hRJmHS | ||
+ | NMZZtrV4Ci7aR3Oh1r/W2p6V9AJ2fsol2wJBAJOYWm/SyjANF1hXaitF+bcOzAjk | ||
+ | +It6ffS4WYWm2lxY4LX+3g5hiJmrhE9viNBJXwV6mqRwW7FFEU6vweabD88CQHK6 | ||
+ | tjZKarVxKBhxfW+wqhwCnbWT32AGs8nN6x84BLgznC1G1agrAfm22nYQhSceSj7G | ||
+ | CBagopbquJ0jv/j0dYECQEFVZKbsn88Wgb7GsTH91eD5qK90GQRORYa3sO48bg+U | ||
+ | 2PVo+yiu9ZwcfIGdyKdzE1CFUHCQPcGAyeFL+6I3NFE= | ||
+ | -----END RSA PRIVATE KEY-----</nowiki> | ||
+ | |||
+ | * <code>server.crt</code>, which looks like this: | ||
+ | |||
+ | <nowiki> | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDaTCCAtKgAwIBAgIJAM66A3JulEG3MA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD | ||
+ | VQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEkMCIG | ||
+ | A1UEChMbRG90MkRvdCBDb21tdW5pY2F0aW9ucyBJbmMuMQwwCgYDVQQLFANSJkQx | ||
+ | GTAXBgNVBAMTEHd3dy5teWRvbWFpbi5jb20wHhcNMTQwODIwMTU1OTI5WhcNMTUw | ||
+ | ODIwMTU1OTI5WjCBgDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAO | ||
+ | BgNVBAcTB1Rvcm9udG8xJDAiBgNVBAoTG0RvdDJEb3QgQ29tbXVuaWNhdGlvbnMg | ||
+ | SW5jLjEMMAoGA1UECxQDUiZEMRkwFwYDVQQDExB3d3cubXlkb21haW4uY29tMIGf | ||
+ | MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwynryFeytEkPF6RuQJr6Q7NhmLr4m | ||
+ | amQaxvBT7+cBwMb8RiHWerKuvHn2f96A7hKwhkgyWOl+pTnS7LH8xkRZmCmx5B31 | ||
+ | U1MiUvctZ3nNrti1KhjfKeWuP31QMEQjpkpzHkCCz3V7VQpXKm52UbTTMlI8Cuw/ | ||
+ | XvzNwDJEa4RAHQIDAQABo4HoMIHlMB0GA1UdDgQWBBRVQjEX6Q1vH9YU1OnDEy1J | ||
+ | DEYplTCBtQYDVR0jBIGtMIGqgBRVQjEX6Q1vH9YU1OnDEy1JDEYplaGBhqSBgzCB | ||
+ | gDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9u | ||
+ | dG8xJDAiBgNVBAoTG0RvdDJEb3QgQ29tbXVuaWNhdGlvbnMgSW5jLjEMMAoGA1UE | ||
+ | CxQDUiZEMRkwFwYDVQQDExB3d3cubXlkb21haW4uY29tggkAzroDcm6UQbcwDAYD | ||
+ | VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYCKJHtZQF7BYeORTnC8yLtzhe | ||
+ | hFg5dM9nrCrf7enCB+w4XwBZilNOdVOMSe0mgDARnRS9SIPND4FRxIFOQw9pnJso | ||
+ | Wa+tZSi9ITU8qo/mbBwqWgU/rSLJidBBMJjhLsFf9wychCLYBUJfJEQNI5645VXh | ||
+ | zlCY+3Xpwx+7JOYSzg== | ||
+ | -----END CERTIFICATE-----</nowiki> | ||
+ | |||
+ | == Copy the key and certificate files to the server == | ||
+ | |||
+ | * Locate the WampServer program folder: click the WampServer tray icon, select '''www directory''', and click the '''Up''' button in the Windows Explorer window. | ||
+ | * Navigate down to the Apache configuration folder: <code>bin\apache\Apache2.x.x\conf</code> (replace <code>Apache2.x.x</code> with your Apache version). | ||
+ | * Create a sub-folder for the server key file (e.g. <code>ssl-key</code>) and copy the <code>server.key</code> file into it. | ||
+ | * Create a sub-folder for the server certificate file (e.g. <code>ssl-crt</code>) and copy the <code>server.crt</code> file into it. | ||
+ | |||
+ | '''''Note''': take steps to prevent unauthorized access to your key file.'' | ||
+ | |||
+ | == Configure Apache == | ||
+ | |||
+ | === Edit the Apache configuration file === | ||
+ | |||
+ | Edit the <code>httpd.conf</code> file, located in the <code>bin\apache\Apache2.x.x\conf</code> sub-folder of your WampServer program folder: | ||
+ | |||
+ | * Uncomment the following line: | ||
+ | |||
+ | LoadModule ssl_module modules/mod_ssl.so | ||
+ | |||
+ | * Uncomment the following line: | ||
+ | |||
+ | LoadModule socache_shmcb_module modules/mod_socache_shmcb.so | ||
+ | |||
+ | * Uncomment the following line: | ||
+ | |||
+ | Include conf/extra/httpd-ssl.conf | ||
+ | |||
+ | === Edit the Apache SSL configuration file === | ||
+ | |||
+ | This section assumes your WampServer is installed in <code>C:\Applications\wamp</code>; substitute your WampServer program folder path in the values below. | ||
+ | |||
+ | Edit the <code>httpd_ssl.conf</code> file, located in the <code>bin\apache\Apache2.x.x\conf\extra</code> sub-folder of your WampServer program folder (replace <code>Apache2.x.x</code> with your Apache version): | ||
+ | |||
+ | * Edit the <code>DocumentRoot</code> setting: | ||
+ | |||
+ | DocumentRoot "C:/Applications/wamp/www" | ||
+ | |||
+ | * Edit the <code>ServerName</code> setting: | ||
+ | |||
+ | ServerName www.mydomain.com:443 | ||
+ | |||
+ | * Edit the <code>ErrorLog</code> setting: | ||
+ | |||
+ | ErrorLog "C:/Applications/wamp/logs/apache_ssl_error.log" | ||
+ | |||
+ | * Edit the <code>TransferLog</code> setting: | ||
+ | |||
+ | TransferLog "C:/Applications/wamp/logs/ssl_access.log" | ||
+ | |||
+ | * Edit the <code>SSLCertificateFile</code> setting: | ||
+ | |||
+ | SSLCertificateFile "conf/ssl-crt/server.crt" | ||
+ | |||
+ | * Edit the <code>SSLCertificateKeyFile</code> setting: | ||
+ | |||
+ | SSLCertificateKeyFile "conf/ssl-key/server.key" | ||
+ | |||
+ | * Edit the access options for the document root directory: | ||
+ | |||
+ | <Directory "C:/Applications/wamp/www"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | Require all denied | ||
+ | </Directory> | ||
+ | |||
+ | * Edit the access options for the application directory | ||
+ | |||
+ | <Directory "C:/Applications/wamp/www/ad-manager"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | |||
+ | * Edit the <code>CustomLog</code> setting: | ||
+ | |||
+ | CustomLog "C:/Applications/wamp/logs/ssl_request.log" \ | ||
+ | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | ||
+ | |||
+ | == Configure PHP == | ||
+ | |||
+ | Edit the <code>php.ini</code> file: click the WampServer tray icon and select '''PHP''' -> '''php.ini'''. | ||
+ | |||
+ | * Uncomment the following line: | ||
+ | |||
+ | extension=php_openssl.dll | ||
+ | |||
+ | == Test the configuration and restart the Apache service == | ||
+ | |||
+ | To test the Apache configuration run the following command line (replace <code>Apache2.x.x</code> with your Apache version): | ||
+ | |||
+ | C:\Applications\wamp\bin\apache\Apache2.x.x\bin\httpd -t | ||
+ | |||
+ | Resolve the configuration issues, if any, and restart the Apache service. | ||
+ | |||
+ | === Configure Windows Firewall === | ||
+ | |||
+ | Enable inbound connections to TCP port 443. | ||
+ | |||
+ | == External Links == | ||
+ | |||
+ | [http://forum.wampserver.com/read.php?2,32986,page=1 Wamp2 HTTPS and SSL Setup Step-by-Step guide] | ||
+ | |||
+ | [http://www.onlamp.com/2008/03/04/step-by-step-configuring-ssl-under-apache.html Step-by-step: Configuring SSL Under Apache] | ||
+ | |||
+ | [http://httpd.apache.org/docs/current/ssl/ Apache SSL/TLS Encryption] | ||
+ | |||
+ | [http://en.wikipedia.org/wiki/HTTP_Secure Wikipedia: HTTPS] | ||
+ | |||
+ | [http://en.wikipedia.org/wiki/Transport_Layer_Security Wikipedia: Transport Layer Security] | ||
+ | |||
+ | [https://www.openssl.org/ OpenSSL Project] | ||
+ | |||
+ | [https://www.symantec.com/ssl-certificates Symantec SSL Certificates] | ||
+ | |||
+ | [http://godaddy.com/ssl/ GoDaddy SSL Certificates] |
Latest revision as of 12:13, 10 December 2015
To secure your web server with SSL/TLS encryption, you need to obtain a digital certificate from a trusted certificate authority and enable the SSL/TLS cryptographic protocols on your server.
This article describes:
- how to generate a self-signed certificate, which can be used to test the configuration;
- how to enable SSL/TLS on the WampServer 2.4 distribution of Apache and PHP.
Contents |
Generate a server key pair and a server certificate
For deployment purposes you need to obtain an SSL certificate from a trusted certificate authority (e.g. Symantec or GoDaddy. Those are pricey.
To test your server configuration, you can use a self-signed certificate. (The browser won't recognize it and will ask the users to proceed at their own risk.)
This section describes how to create a self-signed X.509 certificate using the OpenSSL utility.
Download and install the OpenSSL utility
You can download a binary distribution of the utility by following the links on the OpenSSL Project site (e.g. OpenSSL for Windows).
When you run the installer you'll be prompted to specify a destination folder for the installation. You can accept the default (C:\OpenSSL
) or change it.
This article assumes you installed in the utility in the C:\Applications\OpenSSL
folder.
Generate a server key pair and a server certificate using the OpenSSL utility
Open a command prompt window and run the following command:
C:\Applications\OpenSSL\bin\openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt
Here's what the options mean:
-
-x509
identifies that a certificate is required, rather than just a certificate request; -
-days 365
sets the certificate to expire in a year; -
-sha1
specifies that SHA1 encryption should be used; -
rsa:1024
sets the key as 1024 bit RSA; -
-nodes
specifies no passphrase; -
-keyout
and-out
specify where to store the key and certificate.
The utility will prompt you for the following information:
- Country Name; type the two-letter code of your country (e.g. CA);
- State or Province Name; type the name of your state or province (e.g. Ontario);
- Locality Name; type the name of your city (e.g. Toronto);
- Organization Name; type the name of your organization (e.g. Dot2Dot Communications Inc.);
- Organizational Unit Name; type the name of your group (e.g. R&D) or leave blank;
- Common Name; type the fully qualified domain name of your server (e.g. www.mydomain.com);
- Email Address; type a contact email address or leave blank.
The command will create two files in the current folder:
-
server.key
, which looks like this:
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCwynryFeytEkPF6RuQJr6Q7NhmLr4mamQaxvBT7+cBwMb8RiHW erKuvHn2f96A7hKwhkgyWOl+pTnS7LH8xkRZmCmx5B31U1MiUvctZ3nNrti1Khjf KeWuP31QMEQjpkpzHkCCz3V7VQpXKm52UbTTMlI8Cuw/XvzNwDJEa4RAHQIDAQAB AoGAMm/BvZkFqaahUTAc3fY/vcbkQdqqAvmtT3pcDAZQSE7ANi6n7rGYkoNQ5EM8 rlm9WUEmDb8R9kCbC5LdgHjr/I4f0m1fIl5J1fMVfE0ZbwQ4w8ruus4YXJxgNkE8 QloYG0sFMbpcxfu/HYHmj90P88SBSf1NxVQBm6ntEYjtDb0CQQDabL9X7SSvA3KW mqwhmTZufvl1z705N8xWuXKOkRXFe6OGWQMZk9A5LwmqRU//pIWHRdxljNwpvcd5 ehBNxJ9nAkEAzzQ2EvengVNIwlM67dBStriea857oBlseeqzkEav+SxkA2hRJmHS NMZZtrV4Ci7aR3Oh1r/W2p6V9AJ2fsol2wJBAJOYWm/SyjANF1hXaitF+bcOzAjk +It6ffS4WYWm2lxY4LX+3g5hiJmrhE9viNBJXwV6mqRwW7FFEU6vweabD88CQHK6 tjZKarVxKBhxfW+wqhwCnbWT32AGs8nN6x84BLgznC1G1agrAfm22nYQhSceSj7G CBagopbquJ0jv/j0dYECQEFVZKbsn88Wgb7GsTH91eD5qK90GQRORYa3sO48bg+U 2PVo+yiu9ZwcfIGdyKdzE1CFUHCQPcGAyeFL+6I3NFE= -----END RSA PRIVATE KEY-----
-
server.crt
, which looks like this:
-----BEGIN CERTIFICATE----- MIIDaTCCAtKgAwIBAgIJAM66A3JulEG3MA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD VQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEkMCIG A1UEChMbRG90MkRvdCBDb21tdW5pY2F0aW9ucyBJbmMuMQwwCgYDVQQLFANSJkQx GTAXBgNVBAMTEHd3dy5teWRvbWFpbi5jb20wHhcNMTQwODIwMTU1OTI5WhcNMTUw ODIwMTU1OTI5WjCBgDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAO BgNVBAcTB1Rvcm9udG8xJDAiBgNVBAoTG0RvdDJEb3QgQ29tbXVuaWNhdGlvbnMg SW5jLjEMMAoGA1UECxQDUiZEMRkwFwYDVQQDExB3d3cubXlkb21haW4uY29tMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwynryFeytEkPF6RuQJr6Q7NhmLr4m amQaxvBT7+cBwMb8RiHWerKuvHn2f96A7hKwhkgyWOl+pTnS7LH8xkRZmCmx5B31 U1MiUvctZ3nNrti1KhjfKeWuP31QMEQjpkpzHkCCz3V7VQpXKm52UbTTMlI8Cuw/ XvzNwDJEa4RAHQIDAQABo4HoMIHlMB0GA1UdDgQWBBRVQjEX6Q1vH9YU1OnDEy1J DEYplTCBtQYDVR0jBIGtMIGqgBRVQjEX6Q1vH9YU1OnDEy1JDEYplaGBhqSBgzCB gDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9u dG8xJDAiBgNVBAoTG0RvdDJEb3QgQ29tbXVuaWNhdGlvbnMgSW5jLjEMMAoGA1UE CxQDUiZEMRkwFwYDVQQDExB3d3cubXlkb21haW4uY29tggkAzroDcm6UQbcwDAYD VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYCKJHtZQF7BYeORTnC8yLtzhe hFg5dM9nrCrf7enCB+w4XwBZilNOdVOMSe0mgDARnRS9SIPND4FRxIFOQw9pnJso Wa+tZSi9ITU8qo/mbBwqWgU/rSLJidBBMJjhLsFf9wychCLYBUJfJEQNI5645VXh zlCY+3Xpwx+7JOYSzg== -----END CERTIFICATE-----
Copy the key and certificate files to the server
- Locate the WampServer program folder: click the WampServer tray icon, select www directory, and click the Up button in the Windows Explorer window.
- Navigate down to the Apache configuration folder:
bin\apache\Apache2.x.x\conf
(replaceApache2.x.x
with your Apache version). - Create a sub-folder for the server key file (e.g.
ssl-key
) and copy theserver.key
file into it. - Create a sub-folder for the server certificate file (e.g.
ssl-crt
) and copy theserver.crt
file into it.
Note: take steps to prevent unauthorized access to your key file.
Configure Apache
Edit the Apache configuration file
Edit the httpd.conf
file, located in the bin\apache\Apache2.x.x\conf
sub-folder of your WampServer program folder:
- Uncomment the following line:
LoadModule ssl_module modules/mod_ssl.so
- Uncomment the following line:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- Uncomment the following line:
Include conf/extra/httpd-ssl.conf
Edit the Apache SSL configuration file
This section assumes your WampServer is installed in C:\Applications\wamp
; substitute your WampServer program folder path in the values below.
Edit the httpd_ssl.conf
file, located in the bin\apache\Apache2.x.x\conf\extra
sub-folder of your WampServer program folder (replace Apache2.x.x
with your Apache version):
- Edit the
DocumentRoot
setting:
DocumentRoot "C:/Applications/wamp/www"
- Edit the
ServerName
setting:
ServerName www.mydomain.com:443
- Edit the
ErrorLog
setting:
ErrorLog "C:/Applications/wamp/logs/apache_ssl_error.log"
- Edit the
TransferLog
setting:
TransferLog "C:/Applications/wamp/logs/ssl_access.log"
- Edit the
SSLCertificateFile
setting:
SSLCertificateFile "conf/ssl-crt/server.crt"
- Edit the
SSLCertificateKeyFile
setting:
SSLCertificateKeyFile "conf/ssl-key/server.key"
- Edit the access options for the document root directory:
<Directory "C:/Applications/wamp/www"> SSLOptions +StdEnvVars Options FollowSymLinks AllowOverride None Require all denied </Directory>
- Edit the access options for the application directory
<Directory "C:/Applications/wamp/www/ad-manager"> SSLOptions +StdEnvVars Options FollowSymLinks AllowOverride All Require all granted </Directory>
- Edit the
CustomLog
setting:
CustomLog "C:/Applications/wamp/logs/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Configure PHP
Edit the php.ini
file: click the WampServer tray icon and select PHP -> php.ini.
- Uncomment the following line:
extension=php_openssl.dll
Test the configuration and restart the Apache service
To test the Apache configuration run the following command line (replace Apache2.x.x
with your Apache version):
C:\Applications\wamp\bin\apache\Apache2.x.x\bin\httpd -t
Resolve the configuration issues, if any, and restart the Apache service.
Configure Windows Firewall
Enable inbound connections to TCP port 443.
External Links
Wamp2 HTTPS and SSL Setup Step-by-Step guide
Step-by-step: Configuring SSL Under Apache