Difference between revisions of "How to Configure a Web Ad Manager Server"

From Dot2DotCommunications
Jump to: navigation, search
(Configure Windows Firewall)
(Configure the Web Ad Manager COM+ application)
 
(44 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
* the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application.
 
* the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application.
  
To configure a Web Ad Manager server we need to make sure all of these elements are installed and configured.  
+
Please note that the Web Ad Manager Server components cannot be installed on a machine that has IIS currently installed on it, as this is incompatible with the server components used.
  
 
== Install Ad Manager ==
 
== Install Ad Manager ==
  
* Install Ad Manager (including any add-ins) as if you're setting up another client workstation.
+
Install Ad Manager (including any add-ins) as if you're setting up another client workstation.
 
+
* You will also need to create a Role in Ad Manager called "Ad Manager Web User".  Any users that need to access the data must be assigned to this role.
+
  
 
== Install and configure the Ad Manager Web Host service ==
 
== Install and configure the Ad Manager Web Host service ==
  
The Ad Manager Web Host service provides a process context in which the web application will load Ad Manager's business logic ActiveX components.
+
=== Set up a Windows user account for the Web Host service ===
  
=== Set up a user account for the Web Host service ===
+
The Web Host service needs to run as a Windows user who:
 
+
The Web Host service needs to run as a user who:
+
 
* can run Ad Manager if logged on interactively;
 
* can run Ad Manager if logged on interactively;
* belongs to the local machine's '''Administrators''' group.
+
* belongs to the local machine's "Administrators" group.
  
Ideally, you'll designate a user account specifically for the Web Host service. It can be a local machine or a domain account.
+
1. Pick or create a user account; make sure the account belongs to the local "Administrators" group.
  
==== Steps ====
+
2. Log on as that user, run Ad Manager and import the Ad Manager serial number and license into the user profile.
  
* Pick or create a user account.
+
3. Make sure you can access all Ad Manager databases that will be exposed through the web application.
 
+
* Make sure the account belongs to the local '''Administrators''' group.
+
 
+
* Log on as the user, run Ad Manager and import the Ad Manager serial number and license into the user profile.
+
 
+
* If you're using Windows authentication to access the Ad Manager databases in SQL Server, grant the user account access to all database that will be exposed through the web application.
+
  
 
=== Install and register the Web Host service ===
 
=== Install and register the Web Host service ===
  
The Web Host is an out-of-process ActiveX server packaged as a Windows service.
+
1. Run the Ad Manager Web Host installer (<code>Amwh.msi</code>); install for "Everyone".
  
Its installer will place the executable on the drive but it will not register it as a service; you'll need to do that manually.
+
2. Register the service: run cmd.exe as an administrator and execute the following commands:
  
When the service is registered, it will be configured to run as the '''Local System''' account; you'll need to change that manually.
+
<pre>
 +
cd "C:\Program Files (x86)\Dot2Dot\Ad Manager Web Host"
 +
cpwh.exe -service
 +
</pre>
  
There's no need to change the service startup type from '''Manual''' to '''Automatic''' - the service will be started when needed.
+
3. Use the "Services" management console to configure the "Dot2Dot Ad Manager Web Host Service" to log on as the user account you configured earler.
  
==== Steps to Install ====
+
4. Test the configuration by starting and stopping the service.
  
* Run the Ad Manager Web Host installer (<code>Amwh.msi</code>).
+
=== Configure the Web Ad Manager COM+ application ===
  
* Install the program for '''Everyone''', not '''Just me'''.
+
This step is required if you're installing the 64-bit version of WampServer. It will make the required Ad Manager components, which are 32-bit, accessible to the web application.
  
* Register the service: select the '''Register Service''' shortcut in '''Start''' -> '''All Programs''' -> '''Dot2Dot Ad Manager Web Host'''.
+
1. Launch the "Component Services" management console.
  
* Configure the Ad Manager Web Host service to run as the designated user:
+
2. Create a COM+ server application called "Web Ad Manager", running as "Local Service".
** Open the '''Services''' management console;
+
** Right-click on the "Dot2Dot Ad Manager Web Host Service" and select '''Properties''';
+
** Go to the '''Log On''' tab;
+
** Select '''This account''' in the '''Log on as''' options;
+
** Enter the account name in the form <code>domain\user</code> if it's a domain account or <code>.\user</code> if it's a local machine account;
+
** Enter and confirm the password;
+
** Click '''OK'''.
+
  
==== Steps to Remove an Older Version ====
+
3. Import the "Cpwh.DateTime" coponent from the 32-bit registry into the application.
  
* Stop the Apache web service.
+
=== Configure the Web Host database connections ===
  
* Unregister the Web Host service: select the '''Unregister Service''' shortcut in '''Start''' -> '''All Programs''' -> '''Dot2Dot Ad Manager Web Host'''.
+
Select the "Configure" shortcut in "Start : All Programs : Dot2Dot Ad Manager Web Host" and add a connection for each database that will be exposed through the web application.
  
* Uninstall '''Dot2Dot Ad Manager Web Host''' from the '''Programs''' control panel.
+
== Set Up the Web Server ==
 
+
=== Configure the database connections for the Web Host service ===
+
 
+
The web application can expose the data in one or more Ad Manager databases. The Web Host service needs to know how to connect to those databases.
+
 
+
Each database connection is identified by a unique name. When sharing Ad Manager items online, the connection name will be part of the generated URL.
+
If there's only one Ad Manager database you can leave the connection name blank.
+
 
+
==== Steps ====
+
 
+
* Run the Ad Manager Web Host configuration utility: select the '''Configure''' shortcut in '''Start''' -> '''All Programs''' -> '''Dot2Dot Ad Manager Web Host'''.
+
 
+
* Go to the '''Ad Manager Connections''' tab.
+
 
+
* Add an entry for each Ad Manager database that will be accessible through the web application:
+
** click the '''New''' button;
+
** enter a unique name for the connection;
+
** enter the SQL Server name or IP address;
+
** enter the SQL Server database name;
+
** enter the SQL Server user id and password; if those are left blank, the Web Host service will use Windows authentication to connect to SQL Server;
+
** click '''Test...''' to verify the connection;
+
** click '''OK''' to save the connection.
+
 
+
* Click '''Apply''' to save the changes or '''OK''' to save the changes and close the configuration utility.
+
 
+
== Install and configure the Apache HTTP Server and the PHP preprocessor ==
+
 
+
The web application requires an [http://httpd.apache.org/ Apache HTTP Server] (2.4.x or later) with a [http://www.php.net/ PHP preprocessor] (5.4.x or later).
+
 
+
Although it's possible to download and install Apache and PHP individually, we use a distribution called [http://www.wampserver.com/en/ WampServer]
+
which bundles Apache and PHP (plus MySQL, which is not required by Ad Manager) along with some convenient configuration and administration tools.
+
  
 
=== Install WampServer ===
 
=== Install WampServer ===
  
==== Steps ====
+
Follow the instructions at the [http://www.wampserver.com/en/ WampServer download page]. The latest Microsoft Visual C++ Redistributable components are a pre-requisite.
 
+
* Go to the [http://www.wampserver.com/en/ WampServer download page].
+
 
+
* Locate the following download: WAMPSERVER (32 BITS & PHP 5.4) 2.4. '''''Note:''' the 64-bit version doesn't seem to include the COM/.NET extension for PHP.''
+
 
+
* Click the download button; you'll get a message which contains the following:
+
** a link to the WampServer download;
+
** a warning that WampServer requires the Microsoft Visual C++ 2010 SP1 Redistributable Package;
+
** links to the 32-bit and the 64-bit installers of that package.
+
 
+
* Open the WampServer download link in a new tab and let the browser download the WampServer installer. (''Warning'': it's a SourceForge download - tread carefully).
+
 
+
* Open the appropriate Visual C++ link and download the installer. Alternatively, you can use these links:
+
** [http://www.microsoft.com/en-ca/download/details.aspx?id=8328 Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)]
+
** [http://www.microsoft.com/en-us/download/details.aspx?id=13523 Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)]
+
 
+
* Run the Microsoft Visual C++ 2010 SP1 Redistributable Package installer.
+
 
+
* Run the WampServer installer. The default installation folder is <code>C:\wamp</code>; you can change that, but don't bury it too deep so the web application file paths don't get too long.
+
 
+
* Run WampServer. A green '''W''' icon should appear in the taskbar notification area ("tray").
+
 
+
=== Configure Apache ===
+
 
+
==== Steps ====
+
  
* Verify that port 80 is not used by another service:
+
=== Allow incoming connections to the web server port ===
:* Click the WampServer tray icon and select '''Apache''' -> '''Service''' -> '''Test Port 80''';
+
:* You should see the following message (in a command prompt window):
+
  
Your port 80 is actually used by :
+
Use the "Windows Firewall with Advanced Security" management console to allow the incoming connections.
Server: Apache/2.4.4 (Win32) PHP/5.4.16
+
Press Enter to exit...
+
  
:* If port 80 is used by another service you'll have to resolve the conflict.
+
=== Select the appropriate PHP version ===
  
* Edit the Apache configuration file (<code>httpd.conf</code>)
+
The highest PHP version the Ad Manager web applications are compatible with is 7.3.x.
:* Open the file:  click the WampServer tray icon and select '''Apache''' -> '''httpd.conf''';
+
:* Allow access to the Apache server from IP addresses other than localhost:
+
::* Locate the following text:
+
  
#  onlineoffline tag - don't remove
+
=== Tweak the PHP configuration ===
    Order Deny,Allow
+
    Deny from all
+
    Allow from 127.0.0.1
+
    Allow from ::1
+
    Allow from localhost
+
  
::* Change it to:
+
Edit the "php.ini" file.
  
#  onlineoffline tag - don't remove
+
1. Disable the script execution timeout:
    Order Allow,Deny
+
    Allow from all
+
  
:* Enable the Apache "rewrite" module:
+
<pre>
::* Locate and uncomment (remove the <code>#</code> symbol in front of it) the following line:
+
max_execution_time = 0
 +
</pre>
  
LoadModule rewrite_module modules/mod_rewrite.so
+
2. Remove the memory limit:
  
:* Save the file
+
<pre>
:* Restart the Apache service: click the WampServer tray icon and select '''Apache''' -> '''Service''' -> '''Restart Service''';
+
memory_limit = -1
 +
</pre>
  
* Configure the Apache service to start automatically:
+
=== Create the Ad Manager web applications ===
:* Open the '''Services''' management console;
+
:* Right-click on the "wampapache" service and select '''Properties''';
+
:* In the '''General''' tab set the '''Startup type''' to '''Automatic''';
+
:* Click '''OK'''.
+
  
=== Configure PHP ===
+
Extract the web application archives into sub-directories of the Apache document root directory (usually C:\wamp64\www<code></code>). Your directory structure should look like this:
  
==== Steps ====
+
<pre>
 +
C:\wamp64\www
 +
- wam
 +
  + api
 +
  + fonts
 +
  + img
 +
  + js
 +
    app.xml
 +
    index.html
 +
- wam-pub
 +
  + api
 +
  + fonts
 +
  + img
 +
  + js
 +
    app.xml
 +
    index.html
 +
</pre>
  
* Open the <code>php.ini</code> file: click the WampServer tray icon and select '''PHP''' -> '''php.ini'''
+
Edit the "httpd-vhosts.conf" file to enable remote access to the new directories.
  
* Enable the COM/.NET extension
+
<pre>
:* Search the file for the following section and if you don't find it, add it to the bottom of the file:
+
# Virtual Hosts
 +
#
 +
<VirtualHost *:80>
 +
  ServerName localhost
 +
  ServerAlias localhost
 +
  DocumentRoot "${INSTALL_DIR}/www"
 +
  <Directory "${INSTALL_DIR}/www/">
 +
    Options +Indexes +Includes +FollowSymLinks +MultiViews
 +
    AllowOverride All
 +
    Require local
 +
  </Directory>
 +
  <Directory "${INSTALL_DIR}/www/wam">
 +
    Options +Indexes +Includes +FollowSymLinks +MultiViews
 +
    AllowOverride All
 +
    Require all granted
 +
  </Directory>
 +
  <Directory "${INSTALL_DIR}/www/wam-pub">
 +
    Options +Indexes +Includes +FollowSymLinks +MultiViews
 +
    AllowOverride All
 +
    Require all granted
 +
  </Directory>
 +
</VirtualHost>
 +
</pre>
  
[COM_DOT_NET]
+
=== Schedule a nightly restart of the services ===
extension=php_com_dotnet.dll
+
  
* Disable the PHP script execution timeout
+
Create a batch file to stop, force the termination of, and restart the Wampapache and Ad Manager Web Host services:
:* Search the file for the following section:
+
  
max_execution_time =
+
<pre>
 +
@echo off
 +
net stop wampapache
 +
taskkill /f /im httpd.exe
 +
net stop cpwh
 +
taskkill /f /im cpwh.exe
 +
net start wampapache
 +
</pre>
  
:* change it to:
+
Note: the Ad Manager Web Host service starts on demand and doesn't need to be started explicitly.
  
max_execution_time = 0
+
Use the task scheduler to set up a task to execute the batch file nightly:
 +
* Run whether user is logged on or not;
 +
* Run with highest privileges.
  
* Increase the amount of memory a script may consume
+
== Configure the Ad Manager web features ==
:* search the file for the following section:
+
  
memory_limit =
+
1. Edit the online sharing options: "Tools : Options : Online Sharing".
  
:* increase the limit:
+
2. Import the web application roles: "Tools : Import Web App : From URL...".
  
memory_limit = 256M
+
3. Create Web Users.
  
* If you made changes, save them and restart the Apache service.
+
== Configure SSL/TLS ==
  
=== Configure Apache for HTTPS ===
+
=== Purchase an SSL certificate ===
  
To prevent eavesdropping attacks, we recommend that you configure the Apache web server for [http://en.wikipedia.org/wiki/HTTP_Secure HTTPS]. See [[How to Configure Apache for HTTPS]].
+
1. Create a server key and a certificate signing request (CSR).
  
=== Configure Windows Firewall ===
+
E.g. using OpenSSL:
  
Enable inbound connections to TCP port 80.
+
<pre>
 +
openssl genrsa -out host.example.com.key 2048
 +
openssl req -new -key host.example.com.key -out host.example.com.csr
 +
</pre>
  
== Install and configure the Ad Manager web application ==
+
2. Use the CSR to purchase an SSL certificate from a certificate issuing authority, e.g. [https://www.digicert.com/ Digicert], [https://godaddy.com GoDaddy], etc.
  
=== Copy the web application into the Apache root directory ===
+
To create a self-signed certificate using OpenSSL:
  
The Ad Manager web application consists of a set of HTML, PHP, Javascript and other files.
+
<pre>
Deploying it is as simple as placing those files in a sub-directory of the Apache root directory ("www").
+
openssl x509 -req -in host.example.com.csr -signkey host.example.com.key  -days 365 -out host.example.com.crt
The name of that directory becomes part of the URL of the web application.
+
</pre>
For instance, if you name the directory <code>ad-manager</code>, then the application URL will be
+
<code><nowiki>http://host/ad-manager/</nowiki></code> (where <code>host</code> is the web server's DNS name or IP address).
+
  
==== Steps ====
+
=== Configure Apache for SSL ===
  
* Decide what to name the application directory (e.g. <code>ad-manager</code>).
+
1. Copy the server key and the SSL certificates to a subdirectory of your Apache installation, e.g. C:\wamp64\ssl:
  
* Open the Apache root directory: click the WampServer tray icon and select '''www directory'''.
+
<pre>
 +
C:\wamp64\ssl
 +
  host.example.com.chain.crt
 +
  host.example.com.crt
 +
  host.example.com.key
 +
</pre>
  
* Create a sub-directory of the Apache root directory with the name you've chosen.
+
Here "host.example.com.key" is the server key (in PEM format), "host.example.com.crt" is the SSL certificate you purchased (in PEM format), and "host.example.com.chain.crt" is the intermediate (or chain) certificate of the certificate issuing authority (in PEM format).
  
* Extract the contents of the <code>ad-manager.zip</code> file into the newly created directory. Your directory structure should look like this:
+
2. Edit the "httpd.conf" file:
- www
+
  - ad-manager
+
    + api
+
    + fonts
+
    + img
+
    + js
+
      ...
+
      index.html
+
  
=== Configure the Google API Key ===
+
Edit the port Apache will listen to:
  
The Ad Manager web application uses the Google Maps API.
+
<pre>
 +
Listen 0.0.0.0:443
 +
Listen [::0]:443
 +
</pre>
  
All applications using the Google Maps API use an API key. Using an API key enables you to monitor the application's Google Maps API usage, and ensures that Google can contact you about your application if necessary. If the application's Google Maps API usage exceeds the [https://developers.google.com/maps/documentation/javascript/usage#usage_limits Usage Limits], using an API key allows you to purchase additional quota; otherwise the application might stop working.
+
Uncomment the line that loads the SSL module:
  
To obtain a Google API Key you need a Google account.
+
<pre>
 +
LoadModule ssl_module modules/mod_ssl.so
 +
</pre>
  
==== Steps ====
+
3. Edit the "httpd-vhosts.conf" file:
  
* Obtain a Google API Key:
+
Specify the port of the virtual host, update the server name if necessary, and add the SSL directives.
:* visit the [https://console.developers.google.com Google Developers Console] and log in with your Google Account;
+
:* go to the '''Projects''' tab, click the '''Create Project''' button, type a name (e.g. "Web Ad Manager"), and click '''Create''';
+
:* go to the '''APIs and auth''' -> '''Registered apps''' tab of the project
+
:* click the '''Register App''' button, type a name (e.g. "Web App"), select '''Web Application''' as the platform, and click '''Register''';
+
:* expand the '''Browser Key''' section of the registered app screen and copy the '''API Key''';
+
:* optionally, click the '''Restrict access''' button to limit the use of the key to domains you control (e.g. <code>:*.mydomain.com/:*</code>).
+
  
* Store the Google API Key in the <code>cfg.json</code> file
+
<pre>
:* Open the the <code>cfg.json</code> file, located in the <code>js</code> sub-folder of the web app, in a text editor;
+
<VirtualHost *:443>
:* Find this section:
+
  ServerName host.example.com
 +
  SSLEngine on
 +
  SSLCertificateFile "${INSTALL_DIR}/ssl/host.example.com.crt"
 +
  SSLCertificateKeyFile "${INSTALL_DIR}/ssl/host.example.com.key"
 +
  SSLCertificateChainFile "${INSTALL_DIR}/ssl/host.example.com.chain.crt"
 +
  ...
 +
</VirtualHost>
 +
</pre>
  
{
+
Note: the name specified in the ServerName directive must match the name in the certificate.
  ...
+
  "google": {
+
    "maps": ""
+
  }
+
  ...
+
}
+
  
:* Change it to:
+
4. Restart the Apache service.
  
{
+
5. Ensure the firewall is not blocking incoming traffic to the port Apache is listening to.
  ...
+
  "google": {
+
    "maps": "the-api-key-you-obtained-earlier"
+
  }
+
  ...
+
}
+
  
:* save and close the file.
+
See also: [https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html SSL/TLS Strong Encryption: How-To].

Latest revision as of 13:27, 27 January 2023

Web Ad Manager consists of the following parts:

  • the Ad Manager desktop application components: these include the ActiveX components which expose the Ad Manager data and business logic to the web application;
  • the Ad Manager Web Host service: it provides the context in which the web application loads the Ad Manager ActiveX components;
  • the Apache HTTP Server with a PHP preprocessor: it makes the web application accessible on the Internet;
  • the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application.

Please note that the Web Ad Manager Server components cannot be installed on a machine that has IIS currently installed on it, as this is incompatible with the server components used.

Contents

Install Ad Manager

Install Ad Manager (including any add-ins) as if you're setting up another client workstation.

Install and configure the Ad Manager Web Host service

Set up a Windows user account for the Web Host service

The Web Host service needs to run as a Windows user who:

  • can run Ad Manager if logged on interactively;
  • belongs to the local machine's "Administrators" group.

1. Pick or create a user account; make sure the account belongs to the local "Administrators" group.

2. Log on as that user, run Ad Manager and import the Ad Manager serial number and license into the user profile.

3. Make sure you can access all Ad Manager databases that will be exposed through the web application.

Install and register the Web Host service

1. Run the Ad Manager Web Host installer (Amwh.msi); install for "Everyone".

2. Register the service: run cmd.exe as an administrator and execute the following commands:

cd "C:\Program Files (x86)\Dot2Dot\Ad Manager Web Host"
cpwh.exe -service

3. Use the "Services" management console to configure the "Dot2Dot Ad Manager Web Host Service" to log on as the user account you configured earler.

4. Test the configuration by starting and stopping the service.

Configure the Web Ad Manager COM+ application

This step is required if you're installing the 64-bit version of WampServer. It will make the required Ad Manager components, which are 32-bit, accessible to the web application.

1. Launch the "Component Services" management console.

2. Create a COM+ server application called "Web Ad Manager", running as "Local Service".

3. Import the "Cpwh.DateTime" coponent from the 32-bit registry into the application.

Configure the Web Host database connections

Select the "Configure" shortcut in "Start : All Programs : Dot2Dot Ad Manager Web Host" and add a connection for each database that will be exposed through the web application.

Set Up the Web Server

Install WampServer

Follow the instructions at the WampServer download page. The latest Microsoft Visual C++ Redistributable components are a pre-requisite.

Allow incoming connections to the web server port

Use the "Windows Firewall with Advanced Security" management console to allow the incoming connections.

Select the appropriate PHP version

The highest PHP version the Ad Manager web applications are compatible with is 7.3.x.

Tweak the PHP configuration

Edit the "php.ini" file.

1. Disable the script execution timeout:

max_execution_time = 0

2. Remove the memory limit:

memory_limit = -1

Create the Ad Manager web applications

Extract the web application archives into sub-directories of the Apache document root directory (usually C:\wamp64\www). Your directory structure should look like this:

C:\wamp64\www
- wam
  + api
  + fonts
  + img
  + js
    app.xml
    index.html
- wam-pub
  + api
  + fonts
  + img
  + js
    app.xml
    index.html

Edit the "httpd-vhosts.conf" file to enable remote access to the new directories.

# Virtual Hosts
#
<VirtualHost *:80>
  ServerName localhost
  ServerAlias localhost
  DocumentRoot "${INSTALL_DIR}/www"
  <Directory "${INSTALL_DIR}/www/">
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride All
    Require local
  </Directory>
  <Directory "${INSTALL_DIR}/www/wam">
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride All
    Require all granted
  </Directory>
  <Directory "${INSTALL_DIR}/www/wam-pub">
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>

Schedule a nightly restart of the services

Create a batch file to stop, force the termination of, and restart the Wampapache and Ad Manager Web Host services:

@echo off
net stop wampapache
taskkill /f /im httpd.exe
net stop cpwh
taskkill /f /im cpwh.exe
net start wampapache

Note: the Ad Manager Web Host service starts on demand and doesn't need to be started explicitly.

Use the task scheduler to set up a task to execute the batch file nightly:

  • Run whether user is logged on or not;
  • Run with highest privileges.

Configure the Ad Manager web features

1. Edit the online sharing options: "Tools : Options : Online Sharing".

2. Import the web application roles: "Tools : Import Web App : From URL...".

3. Create Web Users.

Configure SSL/TLS

Purchase an SSL certificate

1. Create a server key and a certificate signing request (CSR).

E.g. using OpenSSL:

openssl genrsa -out host.example.com.key 2048
openssl req -new -key host.example.com.key -out host.example.com.csr

2. Use the CSR to purchase an SSL certificate from a certificate issuing authority, e.g. Digicert, GoDaddy, etc.

To create a self-signed certificate using OpenSSL:

openssl x509 -req -in host.example.com.csr -signkey host.example.com.key  -days 365 -out host.example.com.crt

Configure Apache for SSL

1. Copy the server key and the SSL certificates to a subdirectory of your Apache installation, e.g. C:\wamp64\ssl:

C:\wamp64\ssl
  host.example.com.chain.crt
  host.example.com.crt
  host.example.com.key

Here "host.example.com.key" is the server key (in PEM format), "host.example.com.crt" is the SSL certificate you purchased (in PEM format), and "host.example.com.chain.crt" is the intermediate (or chain) certificate of the certificate issuing authority (in PEM format).

2. Edit the "httpd.conf" file:

Edit the port Apache will listen to:

Listen 0.0.0.0:443
Listen [::0]:443

Uncomment the line that loads the SSL module:

LoadModule ssl_module modules/mod_ssl.so

3. Edit the "httpd-vhosts.conf" file:

Specify the port of the virtual host, update the server name if necessary, and add the SSL directives.

<VirtualHost *:443>
  ServerName host.example.com
  SSLEngine on
  SSLCertificateFile "${INSTALL_DIR}/ssl/host.example.com.crt"
  SSLCertificateKeyFile "${INSTALL_DIR}/ssl/host.example.com.key"
  SSLCertificateChainFile "${INSTALL_DIR}/ssl/host.example.com.chain.crt"
  ...
</VirtualHost>

Note: the name specified in the ServerName directive must match the name in the certificate.

4. Restart the Apache service.

5. Ensure the firewall is not blocking incoming traffic to the port Apache is listening to.

See also: SSL/TLS Strong Encryption: How-To.