Topic: SSL nightmare!

[duartesss]

Hello folks,

I’m an Apache newbie, but I don’t know if I will still continue with Apache….

With IIS I setup SSL access in 10 minutes. With Apache is a nightmare!....

For 2 days I was beating with my head trying to setup SSL in Apache!

I’m using Apache 2.2.3 + Windows 2003 + PHP 5.1.6 + MySQL.

In had already Apache installed and everything works fine with PHP and MySQL.

In the hhtp.conf I wrote the listening directive to list at 443 TCP port. From the web browser I can reached www.mysite.org:443 without problems, but without SSL encryption.

Then I tried to setup SSL following essentially these guidelines http://www.jm-solutions.com/OpenSSL/Introduction/introduction.php , with the difference that in download 1, 2 and 3 I downloaded the updated version of the files from http://hunter.campbus.com/, since I’m using the Apache 2.2.3 version.

First I had problems to start Apache service with an error saying more or less that the port 443 is already in use. I thought the problem was because in the http.conf I had a listening directive with port 443 and also the same directive in the ssl.conf.
Then I tried to remove this listening port in the hhtp.conf or change it to the TCP 442 port. Only in the ssl.conf the 443 listening still indicated. However, after I did this, it failed to start Apache service with a faulting error in the ssl_mod module.
Only after I transferred the “LoadModule ssl_module modules/mod_ssl.so” from http.conf to ssl.conf, uncomment the <define> and </define> tags and start with the command Httpd –D SSL was possible to start Apache.
However when I run the following command - "openssl s_client -connect www.mysite.org:443 -state –debug" , I received the following error:

Loading 'screen' into random state - done
CONNECTED(0000078C)
SSL_connect:before/connect initialization
write to 009668F8 [00966958] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
0060 - 00 80 a8 3d c5 d3 41 ba-01 de 2a b0 6e 30 de 75 ...=..A...*.n0.u
0070 - 75 23 cd ca e8 c6 27 2e-5d 87 49 18 9c ff b5 fc u#....'.].I.....
0080 - e9 dd ..
SSL_connect:SSLv2/v3 write client hello A
read from 009668F8 [0096BEB8] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
5768:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s
23_clnt.c:458:

I tried to setup SSL, and tried and tried….But without success.

Then I did the following: removed all the Apache files, download the Apache_2.2.3-Openssl_0.9.8d-Win32.zip from http://hunter.campbus.com/ and start again from nothing with fresh copies of the Apache binaries, http.conf and ssl.conf. Again I followed the guidelines at http://www.jm-solutions.com/OpenSSL/Introduction/introduction.php
Now I can start the Apache service (with the <define> and </define> tags commented) or with the command Httpd –D SSL (with the <define> and </define> tags uncommented), even if I remove the 443 listening port at hhtp.conf or change it for another TCP port.
However when I run the following command - "openssl s_client -connect www.mysite.org:443 -state –debug" I still receiving the following error:

Loading 'screen' into random state - done
CONNECTED(0000078C)
SSL_connect:before/connect initialization
write to 009668F8 [00966958] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
0060 - 00 80 a8 3d c5 d3 41 ba-01 de 2a b0 6e 30 de 75 ...=..A...*.n0.u
0070 - 75 23 cd ca e8 c6 27 2e-5d 87 49 18 9c ff b5 fc u#....'.].I.....
0080 - e9 dd ..
SSL_connect:SSLv2/v3 write client hello A
read from 009668F8 [0096BEB8] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
5768:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown

From the web browser I can’t reach www.mysite.org:443


I don’t know what to do more…. And I’m exausthed with this problem…

Bellow I send a copy of the hhtp.conf and ssl.conf files.

Please, can you help me?

Many thanks!

Mod note: Never post all content of your config files ONLY changes you made! We removed it

[Steffen]

A good and up to date guide you can find at http://tud.at/programm/apache-ssl-win32-howto.php3/

Note: in the Apache 2.2 binary from here is all Openssl stuff included. So do not follow the step in the guide to copy ssleay32.dll and libeay32.dll

Steffen

[duartesss]

Thanks,

I start again from the beggining and now is working.

I think I did exact the same thing....

I don't understand why to setup SSL in Apache must be so much iosª*#kl&/ !!!!

Do it simple...

Duarte S.