Enabling HTTPS in Zend Server with Apache Running on Windows

Follow

Issue

The default installation of Zend Server does not configure HTTPS for the web server. However, in case of Zend Server's setup with Apache on Windows, it is very easy to enable basic SSL support.

Environment

Zend Server 6.x, 7.x

Microsoft Windows 2008, 2012, 7, 8, Vista

Apache

Resolution

The paths here are given for a default Zend Server installation on a 64 bit system:
C:\Program Files (x86)\Zend

Adjust the paths to your system, if needed.

1. (Zend Server 6.x) Download the file attached to this article and extract its contents into the directory C:\Program Files (x86)\Zend\Apache2\bin

2. (Zend Server 6.x) Open a command line window (cmd.exe) as Administrator and issue the following commands:

cd C:\Program Files (x86)\Zend\Apache2\bin
genhttps1100.bat

3. (Zend Server 6.x) Verify that the certificate files server.crt and server.key were generated in the directory C:\Program Files (x86)\Zend\Apache2\conf .

4. Open for editing the file C:\Program Files (x86)\Zend\Apache2\conf\httpd.conf and uncomment line 432:
Include conf/extra/httpd-ssl.conf. Then save the file.

5. Try restarting Apache (for example, using the "Apache Service Monitor" in system tray).

At this point you may receive a message that the service cannot be started. You will certainly receive it, if you installed Zend Server to a default location on a 64 bit system, like in our example. The problem is in the parentheses that appear in the installation path - "(x86)".

If you try to start Apache from the command line, you will see this message:

C:\Program Files (x86)\Zend\Apache2\bin>httpd.exe
Syntax error on line 56 of C:/Program Files (x86)/Zend/Apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes

To workaround this problem you need to perform additional steps:

6. Create a Directory Junction to Zend Server's directory in a path without parentheses. To do so, open a command line window (cmd.exe) as Administrator and issue the following command:

mklink /J "C:\Program Files\Zend" "C:\Program Files (x86)\Zend"

7. Modify the path in C:\Program Files (x86)\Zend\Apache2\conf\extra\httpd-ssl.conf on line 56:

SSLSessionCache        "shmcb:C:\Program Files\Zend\Apache2/logs/ssl_scache(512000)"

8. Try restarting Apache again. This time it should work.

Details

Zend Server 7 does create self-signed SSL certificates during installation. Therefore, you may skip steps 1-3.

Note, these certificates are valid for 1 month. Generally speaking, this is not a serious limitation - you need to enforce accepting self-signed certificates anyway. If you have a reason to create certificates with longer life time (3 years), remove the files server.crt and server.key in the directory C:\Program Files (x86)\Zend\Apache2\conf . Then perform the full procedure above (including steps 1-3).

 

 

 

 

 

Have more questions? Submit a request

Comments

  • Avatar
    Zvika Dror

    If the mklink junction is not working, convert the path to short DOS 8.3 name by replacing 'C:/Program Files (x86)' like this:
    SSLSessionCache "shmcb:C:/PROGRA~2/Zend/Apache2/logs/ssl_scache(512000)"

Powered by Zendesk