You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brian Gordon <bg...@gmail.com> on 2007/02/16 07:38:21 UTC
[users@httpd] Installing Apache + SSL on Windows
I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.
I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key
These are unencrypted (win32 doesn't support encrypted keys) SSL keys
that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer
than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.
This is the entire debug log for an attempted start:
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `163.11.110.152:443' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
It abruptly ends at that last line.
This is the relevant section from my httpd.conf. It's basically
identical to ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).
#SSL
Listen 163.11.110.152:443
AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl .crl
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
LogLevel debug
<VirtualHost 163.11.110.152:443>
SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key
</VirtualHost>
Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,
something that helped some other people. What else is there left ot
try?
--
Brian Gordon
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Installing Apache + SSL on Windows
Posted by Brian Gordon <bg...@gmail.com>.
just ran it through the same function I used to generate it (rsa I
think) but with no additional arguments
something like:
openssl rsa -in enc.key -out unenc.key
On 2/16/07, Richard de Vries <ri...@yahoo.com> wrote:
> What method did you use to remove the password from
> the private key you generated?
>
>
> --- Brian Gordon <bg...@gmail.com> wrote:
>
> > I've been trying for ages to get my server running
> > SSL successfully. I
> > don't need port 80 (unencrypted traffic) at all,
> > just 411.
> >
> > I have the module set up just fine, and apache runs
> > fine unless I
> > define a valid cert and key:
> >
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> > These are unencrypted (win32 doesn't support
> > encrypted keys) SSL keys
> > that are valid for apache (when they're not valid it
> > tells me so and
> > refuses to load them). But when I have these
> > defined, and I start
> > apache, the "starting apache" console window comes
> > up and takes longer
> > than usual, then just crashes and the vista "Apache
> > HTTP server
> > stopped working and was closed" window comes up.
> >
> > This is the entire debug log for an attempted start:
> >
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> > with 136 bytes of entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading
> > certificate & private key of
> > SSL-aware server
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_pphrase.c(469):
> > unencrypted RSA private key - pass phrase not
> > required
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> > temporary RSA
> > private keys (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> > temporary DH
> > parameters (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing
> > (virtual) servers for SSL
> > [Fri Feb 16 01:29:29 2007] [info] Configuring server
> > for SSL protocol
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(405): Creating
> > new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(729): Configuring
> > RSA server certificate
> > [Fri Feb 16 01:29:29 2007] [warn] RSA server
> > certificate CommonName
> > (CN) `163.11.110.152:443' does NOT match server
> > name!?
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(768): Configuring
> > RSA server private key
> > [Fri Feb 16 01:29:29 2007] [info] Server:
> > Apache/2.2.3, Interface:
> > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> > with 136 bytes of entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading
> > certificate & private key of
> > SSL-aware server
> >
> > It abruptly ends at that last line.
> >
> > This is the relevant section from my httpd.conf.
> > It's basically
> > identical to ssl.conf and including that doesn't
> > make a difference.
> > And like I said, if I just take out those two
> > cert/key lines then it
> > will start fine (but of course tell me that there's
> > no way ssl will
> > work without a certificate).
> >
> > #SSL
> >
> > Listen 163.11.110.152:443
> >
> > AddType application/x-x509-ca-cert .cert
> > AddType application/x-pkcs7-crl .crl
> >
> > SSLMutex default
> > SSLRandomSeed startup builtin
> > SSLSessionCache none
> >
> > LogLevel debug
> >
> > <VirtualHost 163.11.110.152:443>
> > SSLEngine On
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> > </VirtualHost>
> >
> > Does anyone know what's going on? I see hundreds of
> > success stories
> > around the internet about making the key file
> > unencrypted, but mine is
> > already unencrypted. Also it's Listening on a
> > specific IP address,
> > something that helped some other people. What else
> > is there left ot
> > try?
> >
> > --
> > Brian Gordon
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the
> > Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for
> > more info.
> > To unsubscribe, e-mail:
> > users-unsubscribe@httpd.apache.org
> > " from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> > users-help@httpd.apache.org
> >
> >
>
>
>
>
> ____________________________________________________________________________________
> It's here! Your new message!
> Get new email alerts with the free Yahoo! Toolbar.
> http://tools.search.yahoo.com/toolbar/features/mail/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Brian Gordon
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Installing Apache + SSL on Windows
Posted by Richard de Vries <ri...@yahoo.com>.
What method did you use to remove the password from
the private key you generated?
--- Brian Gordon <bg...@gmail.com> wrote:
> I've been trying for ages to get my server running
> SSL successfully. I
> don't need port 80 (unencrypted traffic) at all,
> just 411.
>
> I have the module set up just fine, and apache runs
> fine unless I
> define a valid cert and key:
>
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
>
> These are unencrypted (win32 doesn't support
> encrypted keys) SSL keys
> that are valid for apache (when they're not valid it
> tells me so and
> refuses to load them). But when I have these
> defined, and I start
> apache, the "starting apache" console window comes
> up and takes longer
> than usual, then just crashes and the vista "Apache
> HTTP server
> stopped working and was closed" window comes up.
>
> This is the entire debug log for an attempted start:
>
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> with 136 bytes of entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading
> certificate & private key of
> SSL-aware server
> [Fri Feb 16 01:29:29 2007] [debug]
> ssl_engine_pphrase.c(469):
> unencrypted RSA private key - pass phrase not
> required
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> temporary RSA
> private keys (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> temporary DH
> parameters (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Initializing
> (virtual) servers for SSL
> [Fri Feb 16 01:29:29 2007] [info] Configuring server
> for SSL protocol
> [Fri Feb 16 01:29:29 2007] [debug]
> ssl_engine_init.c(405): Creating
> new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Fri Feb 16 01:29:29 2007] [debug]
> ssl_engine_init.c(729): Configuring
> RSA server certificate
> [Fri Feb 16 01:29:29 2007] [warn] RSA server
> certificate CommonName
> (CN) `163.11.110.152:443' does NOT match server
> name!?
> [Fri Feb 16 01:29:29 2007] [debug]
> ssl_engine_init.c(768): Configuring
> RSA server private key
> [Fri Feb 16 01:29:29 2007] [info] Server:
> Apache/2.2.3, Interface:
> mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> with 136 bytes of entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading
> certificate & private key of
> SSL-aware server
>
> It abruptly ends at that last line.
>
> This is the relevant section from my httpd.conf.
> It's basically
> identical to ssl.conf and including that doesn't
> make a difference.
> And like I said, if I just take out those two
> cert/key lines then it
> will start fine (but of course tell me that there's
> no way ssl will
> work without a certificate).
>
> #SSL
>
> Listen 163.11.110.152:443
>
> AddType application/x-x509-ca-cert .cert
> AddType application/x-pkcs7-crl .crl
>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
> LogLevel debug
>
> <VirtualHost 163.11.110.152:443>
> SSLEngine On
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
> </VirtualHost>
>
> Does anyone know what's going on? I see hundreds of
> success stories
> around the internet about making the key file
> unencrypted, but mine is
> already unencrypted. Also it's Listening on a
> specific IP address,
> something that helped some other people. What else
> is there left ot
> try?
>
> --
> Brian Gordon
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
____________________________________________________________________________________
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org