| Author |
|
emastyle
Joined: 05 Aug 2011
Posts: 4
|
 Posted: Fri 05 Aug '11 18:03 Post subject: Help with Start SSL on apache win 32 |
 |
|
Hello, I'm trying to configure apache openSSl 2.2.19 on windows 2008 (apache run on win32).
I've installed openSSL succesfully with self-sign certificate (apache runs anf ssl works), but I'm unable to install certificate generate from startssl.org.
Apache creashes with following errors:
[Fri Aug 05 16:37:02 2011] [error] Init: Unable to read server certificate from file C:/Apache2.2.19/conf/ca.crt
[Fri Aug 05 16:37:02 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Aug 05 16:37:02 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Any suggestions?
Thank you! |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU
|
| Posted: Fri 05 Aug '11 20:36 Post subject: |
|
|
Maybe you mixed up you certificates.
You need four entries in your conf.
SSLCertificateFile ssl.crt
SSLCertificateKeyFile ssl.key
SSLCertificateChainFile sub.classX.server.ca.cer (X for class1 or class2)
SSLCACertificateFile ca.cer
At the StratSSL toolbox menu StartCom CA Certificates, you can download:
StartCom Root CA (PEM encoded) is the ca.cer
Class X Intermediate Server CA is the sub.classX.server.ca.cer
Steffen |
|
| Back to top |
|
emastyle
Joined: 05 Aug 2011
Posts: 4
|
| Posted: Mon 08 Aug '11 9:50 Post subject: |
|
|
Hello, thanks for your reply but now I have a lot of confusion on how to configure the server;
In the pdf I've download from Apachelounge it's not so clear how to install the certificate generated from an Authority.
Also, StartCom answered to me: "Try to use the ca.pem and sub.class2.server.ca.pem instead (Apache needs the PEM encoded files)."
What I have to do now?
My vhost config are:
SSLCertificateFile "c:/Apache2.2.19/conf/ca.crt" (copied and pasted from startssl toolbox)
SSLCertificateKeyFile "c:/Apache2.2.19/conf/ssl.key" (generate from local)
SSLCertificateChainFile "c:/Apache2.2.19/conf/sub.class2.server.ca.pem" (downloaded from startcom)
SSLCACertificateFile "c:/Apache2.2.19/conf/ca.pem" (downloaded from startcom)
There is a step-by-step guide on how to configure ssl on apache on windows?
Any other suggestions?
Thank you! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU
|
| Posted: Mon 08 Aug '11 11:59 Post subject: |
|
|
Looks you are class2 verified, wright ?
What I do not understand is your note "generate from local".
SSLCertificateKeyFile "c:/Apache2.2.19/conf/ssl.key" (generate from local)
The StartSSL wizard can create the private key. When encrypted (look in the certicate) use Decrypt Private Key in the toolbox.
Or did you Skip at the step for private key generation in the wizzard ?
Steffen |
|
| Back to top |
|
emastyle
Joined: 05 Aug 2011
Posts: 4
|
| Posted: Mon 08 Aug '11 12:07 Post subject: |
|
|
Hello,
yes, I have class 2 verified...
I've skipped the step of key generation couse I've generated the keys by myself through openssl.exe on server (I followed this instructions www.apachelounge.com/download/InstallingApacheonWindows.pdf).
At this point I'm asking if will be better to re-initiate my certificate creation completely from startssl winzard...
Emanuele |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU
|
| Posted: Mon 08 Aug '11 12:42 Post subject: |
|
|
Yep, try to do it complete with the wizzard. It costs you nothing.
Attention to decrypt then the key.
Steffen |
|
| Back to top |
|
emastyle
Joined: 05 Aug 2011
Posts: 4
|
| Posted: Wed 10 Aug '11 18:01 Post subject: |
|
|
After generating keys and obtaining the certificate totally through StartCom wizard all working fine!
Thank for helping me. |
|
| Back to top |
|
