Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache Won't Start as a Service (SSL Issue) |
|
| Author |
|
flyingmonkey
Joined: 01 Aug 2007
Posts: 15
|
 Posted: Fri 17 Aug '07 22:15 Post subject: Apache Won't Start as a Service (SSL Issue) |
 |
|
I just setup an instance of Apache on Windows with SSL and it starts by running "httpd.exe", but I can't get it to start as a service. It was running fine before adding the SSL certificate/key pair.
This is the error, I get as a Service:
| Quote: |
[Wed Aug 15 11:22:09 2007] [info] mod_unique_id: using ip addr 123.1.2.3
[Wed Aug 15 11:22:10 2007] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Aug 15 11:22:10 2007] [info] Loading certificate & private key of SSL-aware server
[Wed Aug 15 11:22:10 2007] [error] (OS 5)Access is denied. : Init: Can't open server certificate file C:/Apache2/conf/ssl/abc.dfg.hij.klm.cert
|
This is what happens when I run it via "httpd.exe"
| Quote: |
[Wed Aug 15 11:27:08 2007] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Aug 15 11:27:08 2007] [info] Loading certificate & private key of SSL-aware server
[Wed Aug 15 11:27:08 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Aug 15 11:27:08 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Aug 15 11:27:08 2007] [info] Init: Initializing (virtual) servers for SSL
[Wed Aug 15 11:27:08 2007] [info] Configuring server for SSL protocol
[Wed Aug 15 11:27:08 2007] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e
|
Here's a couple of lines from my httpd.conf:
| Code: |
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLMutex default
SSLSessionCache none
</IfModule>
<IfModule proxy_module>
#disable proxy htmllogverbose only for debuging
ProxyHTMLLogVerbose On
ProxyRequests Off
ProxyTimeout 600
<VirtualHost abc.dfg.hij.klm:443>
ProxyPreserveHost On
SSLProxyEngine On
SSLProtocol All
SSLEngine On
SSLCertificateFile conf/ssl/abc.dfg.hij.klm.cert
SSLCertificateKeyFile conf/ssl/abc.dfg.hij.klm.key
|
Any help or insight is appreciated! Thanks in advance.
Last edited by flyingmonkey on Fri 17 Aug '07 23:40; edited 1 time in total |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Fri 17 Aug '07 23:10 Post subject: |
|
|
This looks like a Windows file permission problem, rather than an Apache configuration problem.
When you start Apache from the command line, it runs as the user you are logged in as.
When you start Apache as a service, it runs as user SYSTEM (unless you have changed it).
Check the file permissions on C:\Apache2\conf\ssl\abc.dfg.hij.klm.cert [Windows Explorer] [Properties] [Security tab] to see if SYSTEM has read access to the file.
It might be helpful to compare the permissions on the .cert file to a file that you know Apache can read as SYSTEM - for example, C:\Apache2\conf\httpd.conf.
-tom- |
|
| Back to top |
|
flyingmonkey
Joined: 01 Aug 2007
Posts: 15
|
| Posted: Fri 17 Aug '07 23:39 Post subject: |
|
|
Thanks for the reply Tom! I checked the permissions of the certificate and SYSTEM has "full control" including read access. Still no luck, I also tried absolute paths without any luck. 
| Code: |
SSLCertificateFile "C:\Apache2\conf\ssl\abc.dfg.hij.klm.cert"
SSLCertificateKeyFile "C:\Apache\conf\ssl\abc.dfg.hij.klm.key"
|
Any other ideas?[/code] |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Sat 18 Aug '07 0:48 Post subject: |
|
|
Remember to use forward slashes in httpd.conf, not back-slashes.
The error is definitely Windows Error 5 (access denied), so there is something that the process lacks permissions for.
Did you check the permissions on the conf\ssl directory, as well as the permissions on the .cert file itself?
-tom- |
|
| Back to top |
|
flyingmonkey
Joined: 01 Aug 2007
Posts: 15
|
| Posted: Sat 18 Aug '07 2:08 Post subject: |
|
|
| Yup, both the directory and the cert have full control with read access. The account associated to the service is "local system". |
|
| Back to top |
|
|
|
|
|
|
