Re: Installing Apache + SSL on Windows
This is a discussion on Re: Installing Apache + SSL on Windows within the Modssl Users forums, part of the Web Server and Related Forums category; There is no pass phrase on the key file. I've redone the key and crt several times; it always ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2007
|
|||
|
|||
Re: Installing Apache + SSL on Windows
There is no pass phrase on the key file. I've redone the key and crt
several times; it always asks me for a passphrase at some point but I think that at the end of the process nothing is encrypted On 2/16/07, Xian Xian <xian1990@gmail.com> wrote: > Brian, > You'd better to redo a key file and crt file. Remove the pass phrase from > the key file. Good luck! > Xian > > > On 2/16/07, Brian Gordon <bgordon0@gmail.com> wrote: > > > > I've been trying for ages to get my server running SSL successfully. I > > don't need port 80 (unencrypted traffic) at all, just 411. > > > > I have the module set up just fine, and apache runs fine unless I > > define a valid cert and key: > > > > SSLCertificateFile pw/my-server.cert > > SSLCertificateKeyFile pw/my-server.key > > > > These are unencrypted (win32 doesn't support encrypted keys) SSL keys > > that are valid for apache (when they're not valid it tells me so and > > refuses to load them). But when I have these defined, and I start > > apache, the "starting apache" console window comes up and takes longer > > than usual, then just crashes and the vista "Apache HTTP server > > stopped working and was closed" window comes up. > > > > This is the entire debug log for an attempted start: > > > > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of > entropy > > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of > > SSL-aware server > > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469): > > unencrypted RSA private key - pass phrase not required > > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA > > private keys (512/1024 bits) > > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH > > parameters (512/1024 bits) > > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for > SSL > > [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol > > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating > > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring > > RSA server certificate > > [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName > > (CN) `163.11.110.152:443' does NOT match server name!? > > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring > > RSA server private key > > [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface: > > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d > > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of > entropy > > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of > > SSL-aware server > > > > It abruptly ends at that last line. > > > > This is the relevant section from my httpd.conf. It's basically > > identical to ssl.conf and including that doesn't make a difference. > > And like I said, if I just take out those two cert/key lines then it > > will start fine (but of course tell me that there's no way ssl will > > work without a certificate). > > > > #SSL > > > > Listen 163.11.110.152:443 > > > > AddType application/x-x509-ca-cert .cert > > AddType application/x-pkcs7-crl .crl > > > > SSLMutex default > > SSLRandomSeed startup builtin > > SSLSessionCache none > > > > LogLevel debug > > > > <VirtualHost 163.11.110.152:443> > > SSLEngine On > > SSLCertificateFile pw/my-server.cert > > SSLCertificateKeyFile pw/my-server.key > > </VirtualHost> > > > > Does anyone know what's going on? I see hundreds of success stories > > around the internet about making the key file unencrypted, but mine is > > already unencrypted. Also it's Listening on a specific IP address, > > something that helped some other people. What else is there left ot > > try? > > > > -- > > Brian Gordon > > > __________________________________________________ ____________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > > -- Brian Gordon __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org 
|
Linear Mode
