Setting up Apache with SSL on Windows (for Subversion)


Well, I finally decided to begin using Subversion rather than my usual choice, SourceGear Vault, for source code control. Vault is great, but lately I’ve been finding the need to use Subversion and well… it’s free (but certainly not without its hassles).

I decided to go the Apache route so as to be able to securely connect to my Subversion server via the Internet. The basic windows MSI installer of Subversion (1.4.3 as of this posting) comes with a server application that runs as a service and it’s easy to setup… Tortoise can even connect to it using secure SSH, but I wanted to give Apache a shot. Looking back, I might stick to the basic install next time. 🙂

  1. Use this link to get started. Be sure to grab Apache 2.0.59.

    • Use this link to get setup the SSL version of Apache, located here. Download version 2.0.59 and simply extract the zipped files over the version of Apache downloaded in step 1.

      Follow the instructions through Step 2 and you will now have the SSL capabilities to generate key files and certificates.

      • Purchase a cert to make this official. I got mine from GoDaddy and used these instructions to generate a CSR for Apache 2.x (using the windows version of OpenSSL, of course).

        Otherwise, generate the test certificate.

        • The only issues I had were:

          • Pay careful attention to the error.log file in the Apache logs directory. It’ll help you to work out any issues.

          • The Windows version of Apache is retarded. Be sure to decrypt the key file prior to running Apache with SSL using the command: openssl rsa -in originalEncryptedKeyFile.key -out newDecryptedKeyFile.key

            • The SSLMutex parameter in the httpd.conf file is different. Set the SSLMutex parameter to ‘default’.

              • The SSLLog parameters in the httpd.conf file don’t seem to work anymore. Remove any reference to them.

                • In your virtual host entry in the httpd.conf file, set the ServerName to whatever your Canonical Name was in the certificate (foo.bar.com).</UL></OL>It’s late, I haven’t tested Subversion out yet. I’ll let you know tomorrow.

              By the way, I’m running my version of Apache side-by-side with IIS, so I had to set the SSL port to 444. You can set that up in the http.conf file by setting up the ListenOn port to 444 and including the port number in your VirtualHost entry.</p>

AnkhSVN (Visual Studio 2005 AddIn for connecting to Subversion)