httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Gordon" <>
Subject [users@httpd] SSL and Apache
Date Fri, 16 Feb 2007 13:35:43 GMT
I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.

I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:

SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

These are unencrypted (win32 doesn't support encrypted keys) SSL keys
that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer
than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.

This is the entire debug log for an attempted start:

[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server

It abruptly ends at that last line.

This is the relevant section from my httpd.conf. It's basically
identical to ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).



AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl    .crl

SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none

LogLevel debug

SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,
something that helped some other people. What else is there left ot

Brian Gordon

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message