What method did you use to remove the password from the private key you generated? --- Brian Gordon <bgordon0@xxxxxxxxx> wrote: > I've been trying for ages to get my server running > SSL successfully. I > don't need port 80 (unencrypted traffic) at all, > just 411. > > I have the module set up just fine, and apache runs > fine unless I > define a valid cert and key: > > SSLCertificateFile pw/my-server.cert > SSLCertificateKeyFile pw/my-server.key > > These are unencrypted (win32 doesn't support > encrypted keys) SSL keys > that are valid for apache (when they're not valid it > tells me so and > refuses to load them). But when I have these > defined, and I start > apache, the "starting apache" console window comes > up and takes longer > than usual, then just crashes and the vista "Apache > HTTP server > stopped working and was closed" window comes up. > > This is the entire debug log for an attempted start: > > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG > with 136 bytes of entropy > [Fri Feb 16 01:29:29 2007] [info] Loading > certificate & private key of > SSL-aware server > [Fri Feb 16 01:29:29 2007] [debug] > ssl_engine_pphrase.c(469): > unencrypted RSA private key - pass phrase not > required > [Fri Feb 16 01:29:29 2007] [info] Init: Generating > temporary RSA > private keys (512/1024 bits) > [Fri Feb 16 01:29:29 2007] [info] Init: Generating > temporary DH > parameters (512/1024 bits) > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing > (virtual) servers for SSL > [Fri Feb 16 01:29:29 2007] [info] Configuring server > for SSL protocol > [Fri Feb 16 01:29:29 2007] [debug] > ssl_engine_init.c(405): Creating > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [Fri Feb 16 01:29:29 2007] [debug] > ssl_engine_init.c(729): Configuring > RSA server certificate > [Fri Feb 16 01:29:29 2007] [warn] RSA server > certificate CommonName > (CN) `163.11.110.152:443' does NOT match server > name!? > [Fri Feb 16 01:29:29 2007] [debug] > ssl_engine_init.c(768): Configuring > RSA server private key > [Fri Feb 16 01:29:29 2007] [info] Server: > Apache/2.2.3, Interface: > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG > with 136 bytes of entropy > [Fri Feb 16 01:29:29 2007] [info] Loading > certificate & private key of > SSL-aware server > > It abruptly ends at that last line. > > This is the relevant section from my httpd.conf. > It's basically > identical to ssl.conf and including that doesn't > make a difference. > And like I said, if I just take out those two > cert/key lines then it > will start fine (but of course tell me that there's > no way ssl will > work without a certificate). > > #SSL > > Listen 163.11.110.152:443 > > AddType application/x-x509-ca-cert .cert > AddType application/x-pkcs7-crl .crl > > SSLMutex default > SSLRandomSeed startup builtin > SSLSessionCache none > > LogLevel debug > > <VirtualHost 163.11.110.152:443> > SSLEngine On > SSLCertificateFile pw/my-server.cert > SSLCertificateKeyFile pw/my-server.key > </VirtualHost> > > Does anyone know what's going on? I see hundreds of > success stories > around the internet about making the key file > unencrypted, but mine is > already unencrypted. Also it's Listening on a > specific IP address, > something that helped some other people. What else > is there left ot > try? > > -- > Brian Gordon > > --------------------------------------------------------------------- > The official User-To-User support forum of the > Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: > users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: > users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: > users-help@xxxxxxxxxxxxxxxx > > ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|