Installing Apache + SSL on Windows

I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.

I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:

SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

These are unencrypted (win32 doesn't support encrypted keys) SSL keys
that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer
than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.

This is the entire debug log for an attempted start:

[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `163.11.110.152:443' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server

It abruptly ends at that last line.

This is the relevant section from my httpd.conf. It's basically
identical to ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).

#SSL

Listen 163.11.110.152:443

AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl .crl

SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none

LogLevel debug


SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key


Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,
something that helped some other people. What else is there left ot
try?

--
Brian Gordon
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Installing Apache + SSL on Windows

------=_Part_6285_13851937.1171647818451
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Brian,
You'd better to redo a key file and crt file. Remove the pass phrase from
the key file. Good luck!
Xian


On 2/16/07, Brian Gordon wrote:
>
> I've been trying for ages to get my server running SSL successfully. I
> don't need port 80 (unencrypted traffic) at all, just 411.
>
> I have the module set up just fine, and apache runs fine unless I
> define a valid cert and key:
>
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
>
> These are unencrypted (win32 doesn't support encrypted keys) SSL keys
> that are valid for apache (when they're not valid it tells me so and
> refuses to load them). But when I have these defined, and I start
> apache, the "starting apache" console window comes up and takes longer
> than usual, then just crashes and the vista "Apache HTTP server
> stopped working and was closed" window comes up.
>
> This is the entire debug log for an attempted start:
>
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> SSL-aware server
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
> unencrypted RSA private key - pass phrase not required
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
> parameters (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for
> SSL
> [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
> new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
> RSA server certificate
> [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
> (CN) `163.11.110.152:443' does NOT match server name!?
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
> RSA server private key
> [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
> mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> SSL-aware server
>
> It abruptly ends at that last line.
>
> This is the relevant section from my httpd.conf. It's basically
> identical to ssl.conf and including that doesn't make a difference.
> And like I said, if I just take out those two cert/key lines then it
> will start fine (but of course tell me that there's no way ssl will
> work without a certificate).
>
> #SSL
>
> Listen 163.11.110.152:443
>
> AddType application/x-x509-ca-cert .cert
> AddType application/x-pkcs7-crl .crl
>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
> LogLevel debug
>
>
> SSLEngine On
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
>
>
> Does anyone know what's going on? I see hundreds of success stories
> around the internet about making the key file unencrypted, but mine is
> already unencrypted. Also it's Listening on a specific IP address,
> something that helped some other people. What else is there left ot
> try?
>
> --
> Brian Gordon
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

------=_Part_6285_13851937.1171647818451
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Re: Installing Apache + SSL on Windows

There is no pass phrase on the key file. I've redone the key and crt
several times; it always asks me for a passphrase at some point but I
think that at the end of the process nothing is encrypted

On 2/16/07, Xian Xian wrote:
> Brian,
> You'd better to redo a key file and crt file. Remove the pass phrase from
> the key file. Good luck!
> Xian
>
>
> On 2/16/07, Brian Gordon wrote:
> >
> > I've been trying for ages to get my server running SSL successfully. I
> > don't need port 80 (unencrypted traffic) at all, just 411.
> >
> > I have the module set up just fine, and apache runs fine unless I
> > define a valid cert and key:
> >
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> > These are unencrypted (win32 doesn't support encrypted keys) SSL keys
> > that are valid for apache (when they're not valid it tells me so and
> > refuses to load them). But when I have these defined, and I start
> > apache, the "starting apache" console window comes up and takes longer
> > than usual, then just crashes and the vista "Apache HTTP server
> > stopped working and was closed" window comes up.
> >
> > This is the entire debug log for an attempted start:
> >
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
> > unencrypted RSA private key - pass phrase not required
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
> > private keys (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
> > parameters (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for
> SSL
> > [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
> > new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
> > RSA server certificate
> > [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
> > (CN) `163.11.110.152:443' does NOT match server name!?
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
> > RSA server private key
> > [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
> > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> >
> > It abruptly ends at that last line.
> >
> > This is the relevant section from my httpd.conf. It's basically
> > identical to ssl.conf and including that doesn't make a difference.
> > And like I said, if I just take out those two cert/key lines then it
> > will start fine (but of course tell me that there's no way ssl will
> > work without a certificate).
> >
> > #SSL
> >
> > Listen 163.11.110.152:443
> >
> > AddType application/x-x509-ca-cert .cert
> > AddType application/x-pkcs7-crl .crl
> >
> > SSLMutex default
> > SSLRandomSeed startup builtin
> > SSLSessionCache none
> >
> > LogLevel debug
> >
> >
> > SSLEngine On
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> >
> > Does anyone know what's going on? I see hundreds of success stories
> > around the internet about making the key file unencrypted, but mine is
> > already unencrypted. Also it's Listening on a specific IP address,
> > something that helped some other people. What else is there left ot
> > try?
> >
> > --
> > Brian Gordon
> >
> ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
>
>


--
Brian Gordon
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org