Hi,
Example of file "wamp\bin\apache\apache2.4.39\conf\extra\httpd-ssl.conf"
#
# This is the Apache server configuration file providing SSL support.
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 0.0.0.0:443
Listen [::0]:443
# SSL Cipher Suite:
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets on
# SSL Protocol support:
# List the protocol versions which clients are allowed to connect with.
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2
# protocol or later should remain in use.
SSLProtocol all -SSLv2 -TLSv1 -TLSv1.1 -SSLv3
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
##
## SSL Virtual Host Context
##
<VirtualHost *:443>
ServerName MYSITE
DocumentRoot "G:/www/MYDIR"
ServerAdmin webmaster@MYSITE.net
ErrorLog "${INSTALL_DIR}/logs/error.log"
TransferLog "${INSTALL_DIR}/logs/access.log"
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile "${SRVROOT}/conf/Certs/Site/MYSITE.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/Certs/Site/MYSITE.key"
SSLCACertificateFile "${SRVROOT}/conf/Certs/Cacerts/Ca.crt"
#
SSLVerifyClient none
SSLVerifyDepth 10
<Directory "G:/www/MYDIR/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
Require local
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
You will need to modify MYDIR and MYSITE according to your own local site, as well as the paths on public and private certificates and keys.
Then, validate the Apache modules mod_ssl and mod_socache_shmcb and uncomment:
Include conf/extra/httpd-ssl.conf (*)
That's how https SSL works at home locally, but that doesn't mean it will work perfectly with your configuration.
(*) To avoid having to comment or uncomment the include line every time I validate or uncheck the ssl module for the different tests, I slightly modified httpd.conf :
Replace:
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
by
# Secure (SSL/TLS) connections
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/extra/httpd-ssl.conf
</IfModule>
---------------------------------------------------------------
Documentation Apache -
Documentation PHP -
Documentation MySQL -
Wampserver install files & addons