Trouble configuring SSL on apache 2.0.59 Win32

This is a discussion on Trouble configuring SSL on apache 2.0.59 Win32 within the Windows Web Servers forums, part of the Web Server and Related Forums category; Dear All I'm trying to setup a test apache+ssl environment on my laptop for testing code when I ...


Go Back   Usenet Forums > Web Server and Related Forums > Windows Web Servers

Reload this Page Trouble configuring SSL on apache 2.0.59 Win32

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-25-2006
Lee and Brooke Rowlands
 
Posts: n/a
Default Trouble configuring SSL on apache 2.0.59 Win32
Dear All
I'm trying to setup a test apache+ssl environment on my laptop for testing
code when I don't have access to the network.
I have Apache 2.0.59 with mod_ssl 2.0.59 and openssl 0.9.8c.
I was running Apache 2.0.55 fine without mod_ssl or openssl but upgraded to
the latest version (as I could not get an earlier version of mod_ssl).
I originally downloaded openssl 0.9.8b but then deleted it and downloaded
0.9.8c.
I have Apache listening on ports 80 and 443.
I have mod_ssl.so enabled.
I have the openssl dll's in my windows\system32 folder (the 0.9.8c
versions).
I have the openssl.exe file in my apache bin folder (the 0.9.8c version).
I have apache running with server name localhost:80.
I have a virtual host definition for localhost:443.
I have generated my private key and self signed certificate using

--begin openssl commands--
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -x509 -out server.crt
--end openssl commands--

I have checked the modulus and public exponent of the certificate/key pair
and they both match.
I have removed the passphrase from my private key (no dialog on Windows) and
put both of these in conf/ssl under the server root .
My other site-wide ssl configuration lines are as follows (from my apache
conf file)

--begin httpd.conf directives---
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLSessionCache none
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
--end httpd.conf directives--

Specific to the localhost:443 virtual host I have the following directives

--begin virtual host directives--
ServerName localhost:443
DocumentRoot "xxxxx" (I have the actual path here)
ServerAdmin me@domain.com (I have the actual email address here)
ErrorLog logs/error.log
TransferLog logs/access.log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
--end virtual host directives--

Now to the problem!
Without the SSLEngine On directive for the virtual host I have no problems
viewing http://localhost:443 in the browser (it's just not secure).
Once I switch the SSLEngine On I run into trouble and apache will not start.
I have set my LogLevel to debug and I find the following in the error log.

--begin error log messages--
[Tue Oct 17 23:05:42 2006] [info] Init: Initializing OpenSSL library
[Tue Oct 17 23:05:42 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
SSL-aware server
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
RSA private key - pass phrase not required
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
SSL
[Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL]
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
server certificate
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
server private key
[Tue Oct 17 23:05:43 2006] [info] Server: Apache/2.0.59, Interface:
mod_ssl/2.0.59, Library: OpenSSL/0.9.8c
[Tue Oct 17 23:05:43 2006] [warn] pid file C:/Program Files/Apache
Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
Apache run?
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing OpenSSL library
[Tue Oct 17 23:05:43 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
SSL-aware server
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
RSA private key - pass phrase not required
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
SSL
[Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL]
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
server certificate
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
server private key
[Tue Oct 17 23:05:43 2006] [error] Unable to import RSA server private key
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218734605
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
--end error log messages--

As you can see the error starts with 'Unable to import RSA server private
key'.
Any help at all would be appreciated. I have not been able to find anything
using Google.
Apologies to those who have already seen this post in
alt.apache.configuration or comp.infosystems.www.servers.unix.

Lee Rowlands
  #2 (permalink)  
Old 12-19-2006
dconstant@imagis.fr
 
Posts: n/a
Default Re: Trouble configuring SSL on apache 2.0.59 Win32

Lee and Brooke Rowlands a écrit :

> Dear All
> I'm trying to setup a test apache+ssl environment on my laptop for testing
> code when I don't have access to the network.
> I have Apache 2.0.59 with mod_ssl 2.0.59 and openssl 0.9.8c.
> I was running Apache 2.0.55 fine without mod_ssl or openssl but upgraded to
> the latest version (as I could not get an earlier version of mod_ssl).
> I originally downloaded openssl 0.9.8b but then deleted it and downloaded
> 0.9.8c.
> I have Apache listening on ports 80 and 443.
> I have mod_ssl.so enabled.
> I have the openssl dll's in my windows\system32 folder (the 0.9.8c
> versions).
> I have the openssl.exe file in my apache bin folder (the 0.9.8c version).
> I have apache running with server name localhost:80.
> I have a virtual host definition for localhost:443.
> I have generated my private key and self signed certificate using
>
> --begin openssl commands--
> openssl genrsa -des3 -out server.key 1024
> openssl req -new -key server.key -out server.csr
> openssl req -new -key server.key -x509 -out server.crt
> --end openssl commands--
>
> I have checked the modulus and public exponent of the certificate/key pair
> and they both match.
> I have removed the passphrase from my private key (no dialog on Windows) and
> put both of these in conf/ssl under the server root .
> My other site-wide ssl configuration lines are as follows (from my apache
> conf file)
>
> --begin httpd.conf directives---
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> SSLSessionCache none
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> --end httpd.conf directives--
>
> Specific to the localhost:443 virtual host I have the following directives
>
> --begin virtual host directives--
> ServerName localhost:443
> DocumentRoot "xxxxx" (I have the actual path here)
> ServerAdmin me@domain.com (I have the actual email address here)
> ErrorLog logs/error.log
> TransferLog logs/access.log
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> --end virtual host directives--
>
> Now to the problem!
> Without the SSLEngine On directive for the virtual host I have no problems
> viewing http://localhost:443 in the browser (it's just not secure).
> Once I switch the SSLEngine On I run into trouble and apache will not start.
> I have set my LogLevel to debug and I find the following in the error log.
>
> --begin error log messages--
> [Tue Oct 17 23:05:42 2006] [info] Init: Initializing OpenSSL library
> [Tue Oct 17 23:05:42 2006] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
> SSL-aware server
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
> RSA private key - pass phrase not required
> [Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
> SSL
> [Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
> context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL]
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
> server certificate
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
> server private key
> [Tue Oct 17 23:05:43 2006] [info] Server: Apache/2.0.59, Interface:
> mod_ssl/2.0.59, Library: OpenSSL/0.9.8c
> [Tue Oct 17 23:05:43 2006] [warn] pid file C:/Program Files/Apache
> Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
> Apache run?
> [Tue Oct 17 23:05:43 2006] [info] Init: Initializing OpenSSL library
> [Tue Oct 17 23:05:43 2006] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
> SSL-aware server
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
> RSA private key - pass phrase not required
> [Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
> SSL
> [Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
> context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL]
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
> server certificate
> [Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
> server private key
> [Tue Oct 17 23:05:43 2006] [error] Unable to import RSA server private key
> [Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218529960
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218595386
> error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218734605
> error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
> --end error log messages--
>
> As you can see the error starts with 'Unable to import RSA server private
> key'.
> Any help at all would be appreciated. I have not been able to find anything
> using Google.
> Apologies to those who have already seen this post in
> alt.apache.configuration or comp.infosystems.www.servers.unix.
>
> Lee Rowlands

Hye Lee,

Do you solved the problem ?
If so, which is the solution?

Thanks
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:16 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0