I've been trying for ages to get my server running SSL successfully. I don't need port 80 (unencrypted traffic) at all, just 411. I have the module set up just fine, and apache runs fine unless I define a valid cert and key: SSLCertificateFile pw/my-server.cert SSLCertificateKeyFile pw/my-server.key These are unencrypted (win32 doesn't support encrypted keys) SSL keys that are valid for apache (when they're not valid it tells me so and refuses to load them). But when I have these defined, and I start apache, the "starting apache" console window comes up and takes longer than usual, then just crashes and the vista "Apache HTTP server stopped working and was closed" window comes up. This is the entire debug log for an attempted start: [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of SSL-aware server [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName (CN) `163.11.110.152:443' does NOT match server name!? [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring RSA server private key [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library: OpenSSL/0.9.8d [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of SSL-aware server It abruptly ends at that last line. This is the relevant section from my httpd.conf. It's basically identical to ssl.conf and including that doesn't make a difference. And like I said, if I just take out those two cert/key lines then it will start fine (but of course tell me that there's no way ssl will work without a certificate). #SSL Listen 163.11.110.152:443 AddType application/x-x509-ca-cert .cert AddType application/x-pkcs7-crl .crl SSLMutex default SSLRandomSeed startup builtin SSLSessionCache none LogLevel debug <VirtualHost 163.11.110.152:443> SSLEngine On SSLCertificateFile pw/my-server.cert SSLCertificateKeyFile pw/my-server.key </VirtualHost> Does anyone know what's going on? I see hundreds of success stories around the internet about making the key file unencrypted, but mine is already unencrypted. Also it's Listening on a specific IP address, something that helped some other people. What else is there left ot try? -- Brian Gordon --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|