|
I have obtain a certificate file, and the
key file. No chain file.
Most public CAs use intermediate certificates (and hence chains)
so it is strange you didn't get one. Since chain is often the same
for all clients, it may be available for download from CA's site
somewhere. If you don't need chain, just omit
SSLCertificateChainFile line. Browser warnings and SSLTest will tell
you if something is amiss.
To httpd.conf or to default-ssl.conf.
You can put everything into httpd.conf
Also where do i find sample site
configurations ? so i can have a look.
Well, e.g. if you download Apache for Windows binaries from Apache
Haus, you will find them in /Apache24/conf/extra/
--
With Best Regards,
Marat Khalili
On 08/11/16 17:38, Robert Ramoutar
wrote:
Hi Marat,
I
have obtain a certificate file, and the key file. No chain
file.
Just
to be sure
Do
I add :
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /some-path/cert.pem
SSLCertificateKeyFile /some-path/privkey.pem
SSLCertificateChainFile /some-path/chain.pem
# rest of your virtualhost configuration here
</VirtualHost>
To httpd.conf or to default-ssl.conf.
Also where do
i find sample site
configurations ? so i can have a look.
Thanks.
Regards,
Robert
Ramoutar.
This email is intended for the intended
recipient(s) and may contain confidential
information.
Reproduction, dissemination or
distribution of this message is prohibited unless
authorized by
the sender. If you are not the intended
recipient, please notify the sender immediately and
you
must not read, keep, use, disclose, copy or
distribute this email without the sender's
prior permission.
I have been able to generate CSR
file and key using OpenSSL as you mentioned.
Now pass the CSR file (without the key) to your CA to get it
signed. In return you should obtain a certificate file, and
possibly also a certificate chain file. Again, your CA
should help you with Apache configuration, but generally it
should contain the following lines:
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /some-path/cert.pem
SSLCertificateKeyFile /some-path/privkey.pem
SSLCertificateChainFile /some-path/chain.pem
# rest of your virtualhost configuration here
</VirtualHost>
Apache usually comes with sample site configurations (i.e.
default-ssl.conf), just read them.
Cannot help you with Tomcat, sorry. Saw it last time in
2004.
--
With Best Regards,
Marat Khalili
On 04/11/16 16:19, Robert
Ramoutar wrote:
Hello ,
Thank you for that explanation. I have been able to
generate CSR file and key using OpenSSL as you
mentioned.
Can anyone indicate what is the next step and also if
possible how does one test this configuration to
ensure it is working.
I am trying to accomplish the following:
1. Use apache for certificate
2. Use tomcat to host website
Am i stating this correctly or do i just specify the
location of the certificates in tomcat's configuration
?
If so how do i test this configuration.
Thanks for your guidance
Robert.
Regards,
Robert Ramoutar.
This
email is intended for the intended
recipient(s) and may contain confidential
information.
Reproduction, dissemination or
distribution of this message is prohibited
unless authorized by
the sender.
If you are not the intended recipient, please
notify the sender immediately and you
must not read, keep,
use, disclose, copy or distribute this email
without the sender's
prior permission.
Hello Robert,
There seems some misunderstanding here. Apache does
not generate certificates, nor there's "import"
process - you just put files wherever you want and
specify their location in configuration. Minimal
Apache configuration of site with SSL is less than
dozen lines, nothing difficult.
Generating necessary certificate files is indeed
more involved, but it has nothing to do with Apache.
Ask your CA for help, they should have clear
instructions on what to do (or use different CA).
Usually it means running some commands in OpenSSL.
You can use any working installation of OpenSSL, not
necessarily on your Windows PC with Apache.
--
С уважением,
Марат Халили (Российский Квантовый Центр)
+7 926 950 0804
On November 3, 2016
10:06:47 PM GMT+03:00, Robert Ramoutar
<Robert_Ramoutar@xxxxxxxxxxx>
wrote:
Hi Again,
Thanks for the reply,
I was able to download, install apache
service and got IT WORKS when entering
localhost:80 in my browser.
I was reading the following page :
Apache SSL/TLS Encryption
But i'm still unable to configure.
Can you say how to import certificates
into apache and how to test the imported
certificates to make sure they function.
1. I have to generate a CSR request and
key,
2. Then after i get the files from the
cert provider import it into apache
Any ideas on how to complete the above
two steps.
Thanks again for your help,
Regards,
Robert Ramoutar.
This email is intended
for the intended recipient(s) and
may contain confidential
information.
Reproduction,
dissemination or distribution of
this message is prohibited unless
authorized by
the sender. If you are not the
intended recipient, please notify
the sender immediately and you
must not read, keep, use, disclose,
copy or distribute this email
without the sender's
prior permission.
Hi ,
I think is a good
starting point
http://httpd.apache.org/docs/2.4/platform/windows.html
|
httpd.apache.org
This document
explains how to install,
configure and run Apache 2.4
under Microsoft Windows. If
you have questions after
reviewing the documentation
(and any event ...
|
It’s pretty straight
forward , download the installer
from one of those links
http://httpd.apache.org/docs/2.4/platform/windows.html#down
Install like any
other software
Install the windows
serverice for apache
http://httpd.apache.org/docs/2.4/platform/windows.html#winsvc , and
set it to start automatically
Anything else is
pretty much the same on any platform
http://httpd.apache.org/docs/2.4/
, just be careful with the PATH’s
|
httpd.apache.org
Copyright 2016 The
Apache Software Foundation.
Licensed under the Apache
License, Version 2.0.
Modules | Directives | FAQ |
Glossary | Sitemap
|
Hello all,
I have been tasked
with Installing and Configuring
Apache 2.4 on a windows server for
the following purpose:
1. Configure SSL
through apache
2. Apache Tomcat also
installed on server to handle web
request to a specific web
application - MySQL db also on the
same server.
How does one go about
installing and configuring SSL
through apache 2.4 on Windows
Server 2012?
I have read so many
documents and so many questions on
forums etc and is now more
confused than before.
Can someone please
outline the steps require and if
possible how to perform these
steps for apache in Windows.
Thanks.
Regards,
Robert Ramoutar.
This email is
intended for the intended
recipient(s) and may contain
confidential information.
Reproduction,
dissemination or
distribution of this message
is prohibited unless
authorized by
the sender. If you are
not the intended recipient,
please notify the sender
immediately and you
must not read, keep,
use, disclose, copy or
distribute this email
without the sender's
prior permission.
Hi! This is the
ezmlm program. I'm managing
the
users@xxxxxxxxxxxxxxxx
mailing list.
PLEASE READ! This message
contains information specific
to
this mailing list, and is not
your standard form-letter
subscription acknowledgement.
I have added the address
Robert_Ramoutar@xxxxxxxxxxx
to the users mailing list.
Welcome to
users@xxxxxxxxxxxxxxxx!
Please save this message so
that you know the address you
are
subscribed under, in case you
later want to unsubscribe or
change your
subscription address.
This mailing list is
maintained by the Apache
Software Foundation
as a forum in which users of
the Apache HTTP server can ask
each
other questions, pose
problems, and discuss issues.
It is NOT,
repeat NOT, an official
support medium of the
Foundation. Please
take a look at
<URL:http://httpd.apache.org/userslist.html
to see details about how
this list is to be used.
Posting is only permitted by
subscribed addresses as an
anti-spam
measure. The list is
moderated by volunteers from
the Apache Software
Foundation; moderation will
mostly be notable by its
absence.
However, blatant abuse of
the forum's purpose or the
sensibilities
of the subscribers will not
be tolerated. Any actions
taken
by the moderators is final,
solely at their discretion,
and not
subject to formal appeal.
So.. be excellent to each
other, and party on!
--- Administrative commands
for the users list ---
I can handle administrative
requests automatically.
Please
do not send them to the list
address! Instead, send
your message to the correct
command address:
To subscribe to the list,
send a message to:
<users-subscribe@xxxxxxxxxxxxxxxx>
To remove your address from
the list, send a message to:
<users-unsubscribe@xxxxxxxxxxxxxxxx>
Send mail to the following for
info and FAQ for this list:
<users-info@xxxxxxxxxxxxxxxx>
<users-faq@xxxxxxxxxxxxxxxx>
Similar addresses exist for
the digest list:
<users-digest-subscribe@xxxxxxxxxxxxxxxx>
<users-digest-unsubscribe@xxxxxxxxxxxxxxxx>
To get messages 123 through
145 (a maximum of 100 per
request), mail:
<users-get.123_145@xxxxxxxxxxxxxxxx>
To get an index with subject
and author for messages
123-456 , mail:
<users-index.123_456@xxxxxxxxxxxxxxxx>
They are always returned as
sets of 100, max 2000 per
request,
so you'll actually get
100-499.
To receive all messages with
the same subject as message
12345,
send a short message to:
<users-thread.12345@xxxxxxxxxxxxxxxx>
The messages should contain
one line or word of text to
avoid being
treated as sp@m, but I will
ignore their content.
Only the ADDRESS you send to
is important.
You can start a subscription
for an alternate address,
for example "john@host.domain",
just add a hyphen and your
address (with '=' instead of
'@') after the command word:
<users-subscribe-john=host.domain@xxxxxxxxxxxxxxxx>
To stop subscription for this
address, mail:
<users-unsubscribe-john=host.domain@xxxxxxxxxxxxxxxx>
In both cases, I'll send a
confirmation message to that
address. When
you receive it, simply reply
to it to complete your
subscription.
If despite following these
instructions, you do not get
the
desired results, please
contact my owner at
users-owner@xxxxxxxxxxxxxxxx.
Please be patient, my owner is
a
lot slower than I am ;-)
--- Enclosed is a copy of the
request I received.
Return-Path: <Robert_Ramoutar@xxxxxxxxxxx>
Received: (qmail 22078 invoked
by uid 99); 3 Nov 2016
14:35:43 -0000
Received: from
pnap-us-west-generic-nat.apache.org
(HELO
spamd4-us-west.apache.org)
(209.188.14.142)
by apache.org
(qpsmtpd/0.29) with ESMTP;
Thu, 03 Nov 2016 14:35:43
+0000
Received: from localhost
(localhost [127.0.0.1])
by
spamd4-us-west.apache.org (ASF
Mail Server at
spamd4-us-west.apache.org)
with ESMTP id 93C13C12BA
for <users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail.com@xxxxxxxxxxxxxxxx>;
Thu, 3 Nov 2016 14:35:42
+0000 (UTC)
X-Virus-Scanned: Debian
amavisd-new at
spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8
tagged_above=-999
required=6.31
tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,
HTML_MESSAGE=2,
RCVD_IN_DNSWL_LOW=-0.7,
RCVD_IN_MSPIKE_H2=-0.001,
RP_MATCHES_RCVD=-2.999,
SPF_PASS=-0.001,
URIBL_BLOCKED=0.001]
autolearn=disabled
Authentication-Results:
spamd4-us-west.apache.org
(amavisd-new);
dkim=pass (2048-bit
key) header.d=hotmail.com
Received: from
mx1-lw-us.apache.org
([10.40.0.8])
by localhost
(spamd4-us-west.apache.org
[10.40.0.11]) (amavisd-new,
port 10024)
with ESMTP id
lmnCdw_0glZR
for <users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail.com@xxxxxxxxxxxxxxxx>;
Thu, 3 Nov 2016
14:35:38 +0000 (UTC)
Received: from
COL004-OMC1S15.hotmail.com
(col004-omc1s15.hotmail.com
[65.55.34.25])
by
mx1-lw-us.apache.org (ASF Mail
Server at
mx1-lw-us.apache.org) with
ESMTPS id 3AD9C5FD01
for <users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail.com@xxxxxxxxxxxxxxxx>;
Thu, 3 Nov 2016 14:35:37
+0000 (UTC)
Received: from
NAM03-BY2-obe.outbound.protection.outlook.com
([65.55.34.8]) by
COL004-OMC1S15.hotmail.com
over TLS secured channel with
Microsoft
SMTPSVC(7.5.7601.23008);
Thu, 3 Nov 2016
07:35:06 -0700
DKIM-Signature: v=1;
a=rsa-sha256;
c=relaxed/relaxed;
d=hotmail.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=HnL45X3/NoE4wrc/02/wjec4XoTgHH7M2W5E3o8BYtM=;
b=fdotrFLmERmzS7uaZ+6HTvUAhmqqzfCLnSN2uxpvkzCrmPy0ctwl/INSVylE8C9PxosxyYnswg5qvn+Li8ftVQ9Rd1x2/ureuyaQCbeKDp8FCwFMCgf8UR9Lw/mrLqu7lajZRAEBu30dECml2pye2gt7mD3zumVoqA+h3KFlEhWrHKzS5CgdSOpShzS1iwWzLdGanveo8pmehw3LpR/2o73dKNcQMsgfnLe4vYJrr9MLbdGYsAG3W0EcPBPiKDlf+hXzKXyXOjkDCGI5WdTAsZw1vhVlYV/9i+MzIadjysQPM0ZEykLDG1MpvoSkG/1MrFTnkpaU1+tY6cUsI0zZUA==
Received: from
CO1NAM03FT039.eop-NAM03.prod.protection.outlook.com
(10.152.80.53) by
CO1NAM03HT045.eop-NAM03.prod.protection.outlook.com
(10.152.81.55) with Microsoft
SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.3; Thu,
3 Nov
2016 14:35:04 +0000
Received: from
SN1PR17MB0381.namprd17.prod.outlook.com
(10.152.80.54) by
CO1NAM03FT039.mail.protection.outlook.com (10.152.81.202) with
Microsoft SMTP
Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.707.3 via Frontend
Transport; Thu, 3 Nov 2016
14:35:04 +0000
Received: from
SN1PR17MB0381.namprd17.prod.outlook.com
([10.163.223.146]) by
SN1PR17MB0381.namprd17.prod.outlook.com ([10.163.223.146]) with mapi id
15.01.0693.009; Thu, 3 Nov
2016 14:35:04 +0000
From: Robert Ramoutar <Robert_Ramoutar@xxxxxxxxxxx>
To:
"users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail.com@xxxxxxxxxxxxxxxx"
<users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail.com@xxxxxxxxxxxxxxxx>
Subject: Re: confirm subscribe
to
users@xxxxxxxxxxxxxxxx
Thread-Topic: confirm
subscribe to
users@xxxxxxxxxxxxxxxx
Thread-Index:
AQHSNd6je7noe+ujykG9ZqB8z9gZPqDHUy43
Date: Thu, 3 Nov 2016 14:35:04
+0000
Message-ID: <SN1PR17MB03814273D2EBDC86811159318FA30@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1478183343.99748.ezmlm@xxxxxxxxxxxxxxxx>
In-Reply-To: <1478183343.99748.ezmlm@xxxxxxxxxxxxxxxx>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results:
httpd.apache.org; dkim=none
(message not signed)
header.d=none;httpd.apache.org; dmarc=none action="">
header.from=hotmail.com;
x-incomingtopheadermarker:
OriginalChecksum:5ED0FEB0316F11B988590D2CFCB2454E169E7D6530314186DE33E1A80CC1DF38;UpperCasedChecksum:B6F0B440F5A85BD3F02FACB962E3265ACD92B1F758E900C235F58373E370B080;SizeAsReceived:7391;Count:38
x-tmn:
[H3dbSNIbp4KHsw7dJq6DSU0wlNTaNW0EPH3PXb3o1mo=]
x-incomingheadercount: 38
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics:
1;CO1NAM03HT045;5:hrPmnmerba2biI5MzVyFs/obtLPyPWsnnNAPb81Pv5A2p1Kuet+vIhavMShR987BX02T1E2sT2e2hD7pIAhTafgoQ/u8jGlFkkMXnRRMEB6SpY5LdjbOYd2jCzmi5KR66D5n3MfIASRtlCNV+GqtguCDrkAhAuNymYX+CoZTrlk=;24:dxl579oaBX39gHlyOjBq/byu/ogwNhu8rZQFrorGLR69INLSRHDwbjKxsDpdlDte80DdMUeMbQwx957UMjRdaRFIFNJ5d2pCvio8uobscEs=;7:LT2cbh+jkT9Ls3glpiNpGZUNlUhMPBF/T9scwe6Z0VQnlZO1KigGgLT87aWeUnID/9XbMXT0epjoyP47Avjc1C5XBxEIPO9ib3ikPmHeVDskA5qMu1bcGSeL6+0a/OEgeSHZEba3qANQLLThou/GehMXwY44MhwxoAsy4tkaZ8YIVfEbjgCuWzgGC76059yXInDm2gEwN5jHocv8D3K4/e4HeQdt3+gYs7sA8LdvWD8u8Sk/UGViO4rMeOM1H718HPHCCbVXJCIwPF6rba1DncAv6hkmCe22ZrbFwwu5rIV+fXjtZLuoz9QkfsF52EVrX8FN40zdg1cR5WkmrE33uT2aDLsFT7tihZsfmJqt3zY=
x-forefront-antispam-report:
EFV:NLI;SFV:NSPM;SFS:(10019020)(98900003);DIR:OUT;SFP:1102;SCL:1;SRVR:CO1NAM03HT045;H:SN1PR17MB0381.namprd17.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id:
8277fdd0-a837-46ca-4e5e-08d403f699bb
x-microsoft-antispam:
UriScan:;BCL:0;PCL:0;RULEID:(1601124038)(5061506232)(5061507235)(1603103103)(1601125047)(1603101340);SRVR:CO1NAM03HT045;
x-exchange-antispam-report-cfa-test:
BCL:0;PCL:0;RULEID:(432015012)(82015046);SRVR:CO1NAM03HT045;BCL:0;PCL:0;RULEID:;SRVR:CO1NAM03HT045;
x-forefront-prvs: 011579F31F
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type:
multipart/alternative;
boundary="_000_SN1PR17MB03814273D2EBDC86811159318FA30SN1PR17MB0381namp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2016 14:35:04.0768
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id:
84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT045
X-OriginalArrivalTime: 03 Nov
2016 14:35:06.0104 (UTC)
FILETIME=[78652780:01D235DF]
|
