httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Gordon" <bgord...@gmail.com>
Subject Re: [users@httpd] Installing Apache + SSL on Windows
Date Fri, 16 Feb 2007 23:17:28 GMT
just ran it through the same function I used to generate it (rsa I
think) but with no additional arguments

something like:

openssl rsa -in enc.key -out unenc.key

On 2/16/07, Richard de Vries <richard_devries@yahoo.com> wrote:
> What method did you use to remove the password from
> the private key you generated?
>
>
> --- Brian Gordon <bgordon0@gmail.com> wrote:
>
> > I've been trying for ages to get my server running
> > SSL successfully. I
> > don't need port 80 (unencrypted traffic) at all,
> > just 411.
> >
> > I have the module set up just fine, and apache runs
> > fine unless I
> > define a valid cert and key:
> >
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> > These are unencrypted (win32 doesn't support
> > encrypted keys) SSL keys
> > that are valid for apache (when they're not valid it
> > tells me so and
> > refuses to load them). But when I have these
> > defined, and I start
> > apache, the "starting apache" console window comes
> > up and takes longer
> > than usual, then just crashes and the vista "Apache
> > HTTP server
> > stopped working and was closed" window comes up.
> >
> > This is the entire debug log for an attempted start:
> >
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> > with 136 bytes of entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading
> > certificate & private key of
> > SSL-aware server
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_pphrase.c(469):
> > unencrypted RSA private key - pass phrase not
> > required
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> > temporary RSA
> > private keys (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating
> > temporary DH
> > parameters (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing
> > (virtual) servers for SSL
> > [Fri Feb 16 01:29:29 2007] [info] Configuring server
> > for SSL protocol
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(405): Creating
> > new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(729): Configuring
> > RSA server certificate
> > [Fri Feb 16 01:29:29 2007] [warn] RSA server
> > certificate CommonName
> > (CN) `163.11.110.152:443' does NOT match server
> > name!?
> > [Fri Feb 16 01:29:29 2007] [debug]
> > ssl_engine_init.c(768): Configuring
> > RSA server private key
> > [Fri Feb 16 01:29:29 2007] [info] Server:
> > Apache/2.2.3, Interface:
> > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG
> > with 136 bytes of entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading
> > certificate & private key of
> > SSL-aware server
> >
> > It abruptly ends at that last line.
> >
> > This is the relevant section from my httpd.conf.
> > It's basically
> > identical to ssl.conf and including that doesn't
> > make a difference.
> > And like I said, if I just take out those two
> > cert/key lines then it
> > will start fine (but of course tell me that there's
> > no way ssl will
> > work without a certificate).
> >
> > #SSL
> >
> > Listen 163.11.110.152:443
> >
> > AddType application/x-x509-ca-cert .cert
> > AddType application/x-pkcs7-crl    .crl
> >
> > SSLMutex default
> > SSLRandomSeed startup builtin
> > SSLSessionCache none
> >
> > LogLevel debug
> >
> > <VirtualHost 163.11.110.152:443>
> > SSLEngine On
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> > </VirtualHost>
> >
> > Does anyone know what's going on? I see hundreds of
> > success stories
> > around the internet about making the key file
> > unencrypted, but mine is
> > already unencrypted. Also it's Listening on a
> > specific IP address,
> > something that helped some other people. What else
> > is there left ot
> > try?
> >
> > --
> > Brian Gordon
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the
> > Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for
> > more info.
> > To unsubscribe, e-mail:
> > users-unsubscribe@httpd.apache.org
> >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> > users-help@httpd.apache.org
> >
> >
>
>
>
>
> ____________________________________________________________________________________
> It's here! Your new message!
> Get new email alerts with the free Yahoo! Toolbar.
> http://tools.search.yahoo.com/toolbar/features/mail/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Brian Gordon

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message