Topic: SSL not working on Apache 2.2.1

[stemolli]

Hi,
I have installed last release Apache2.2.1 and I have configured httpd.conf
for including external conf file httpd-ssl.conf.

I have tha same problem you have written, I have generated my key and crt file but if I "turn ON" SSLEngine, mi apache instance doesn't start.
If I turn it OFF, it works fine but obviously without SSL.

I did my certificates with this commands:
openssl.exe req -config openssl.cnf -new -nodes -out server.csr -keyout server.key

openssl.exe x509 -in server.csr -out server.crt -req -signkey server.key -days 365 -set_serial 1

Then I moved them under "conf" directory (my httpd-ssl.conf find them) but apache doesn't start.

I have seen your site and it doesn't give a certificate but it allow https connection. How can I do the same?

Thanks a lot,
Ste

[Steffen]

See post www.apachelounge.com/viewtopic.php?p=931
Steffen

[Steffen]

I build it now with openssl 0.9.8b instead with 0.9.8a.

James reported me that it is now working.

Maybe you can try it again with this version.

Steffen

[James Blond]

Jepp, I had the same Problem as stemolli had. But now it runs well. I guess there was something wring in openSSL

[madRAM]

unfortunately it does not work for me.

I also have (as posted in different thread) apache 2.2.1 (build with openssl 0.9.8b as the log states) on a windows 2003 server. When I create my cert (exactly as posted in this topic) and try to start apache I get these lines in my error.log and apache stops working immediately:

[Wed Apr 12 09:46:52 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Apr 12 09:46:52 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Wed Apr 12 09:46:52 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Apr 12 09:46:52 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Apr 12 09:46:52 2006] [info] Init: Initializing (virtual) servers for SSL
[Wed Apr 12 09:46:52 2006] [info] Configuring server for SSL protocol
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv3, TLSv1)
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_init.c(729): Configuring RSA server certificate
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Apr 12 09:46:52 2006] [info] Server: Apache/2.2.1, Interface: mod_ssl/2.2.1, Library: OpenSSL/0.9.8b-dev
[Wed Apr 12 09:46:52 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Apr 12 09:46:52 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Apr 12 09:46:52 2006] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Wed Apr 12 09:46:52 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)

Can you please assist, this is rellay driving me crazy. It's my first time with apache on windows (usually I do Linux, Solaris or Mac OS X).

[Steffen]

Does Apache crash ?

Try to install the Microsoft C++ 2005 Redistributable:

http://www.microsoft.com/downloads/details.aspx?familyid=32BC1BEE-A3F9-4C13-9C99-220B62A191EE&displaylang=en


Steffen

[madRAM]

unfortunately I am not allowed to install any compiler software - company policy. Using the certificate from the windows CA (Base64 coded certificate and key in one file) and it works fine, if I use self signed certificate from the bundled openssl.

[Steffen]

Maybe you overlooked my question:

Does Apache crash ?

Steffen

[madRAM]

sorry, I think I might actually overlooked it. Apache starts, reads the certificate, says that it can't use passphrase dialog on windows (although there is NO passphrase) and ends.