| Lee and Brooke Rowlands 2006-10-17, 1:27 pm |
| Dear All
I'm trying to setup a test apache+ssl environment on my laptop for testing
code when I don't have access to the network.
I have Apache 2.0.59 with mod_ssl 2.0.59 and openssl 0.9.8c.
I was running Apache 2.0.55 fine without mod_ssl or openssl but upgraded to
the latest version (as I could not get an earlier version of mod_ssl).
I originally downloaded openssl 0.9.8b but then deleted it and downloaded
0.9.8c.
I have Apache listening on ports 80 and 443.
I have mod_ssl.so enabled.
I have the openssl dll's in my windows\system32 folder (the 0.9.8c
versions).
I have the openssl.exe file in my apache bin folder (the 0.9.8c version).
I have apache running with server name localhost:80.
I have a virtual host definition for localhost:443.
I have generated my private key and self signed certificate using
--begin openssl commands--
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -x509 -out server.crt
--end openssl commands--
I have checked the modulus and public exponent of the certificate/key pair
and they both match.
I have removed the passphrase from my private key (no dialog on Windows) and
put both of these in conf/ssl under the server root .
My other site-wide ssl configuration lines are as follows (from my apache
conf file)
--begin httpd.conf directives---
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLSessionCache none
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
--end httpd.conf directives--
Specific to the localhost:443 virtual host I have the following directives
--begin virtual host directives--
ServerName localhost:443
DocumentRoot "xxxxx" (I have the actual path here)
ServerAdmin me@domain.com (I have the actual email address here)
ErrorLog logs/error.log
TransferLog logs/access.log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
--end virtual host directives--
Now to the problem!
Without the SSLEngine On directive for the virtual host I have no problems
viewing http://localhost:443 in the browser (it's just not secure).
Once I switch the SSLEngine On I run into trouble and apache will not start.
I have set my LogLevel to debug and I find the following in the error log.
--begin error log messages--
[Tue Oct 17 23:05:42 2006] [info] Init: Initializing OpenSSL library
[Tue Oct 17 23:05:42 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
SSL-aware server
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
RSA private key - pass phrase not required
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
SSL
[Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
permitted SSL ciphers
& #91;ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+ME
DIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
server certificate
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
server private key
[Tue Oct 17 23:05:43 2006] [info] Server: Apache/2.0.59, Interface:
mod_ssl/2.0.59, Library: OpenSSL/0.9.8c
[Tue Oct 17 23:05:43 2006] [warn] pid file C:/Program Files/Apache
Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
Apache run?
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing OpenSSL library
[Tue Oct 17 23:05:43 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Tue Oct 17 23:05:43 2006] [info] Loading certificate & private key of
SSL-aware server
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_pphrase.c(469): unencrypted
RSA private key - pass phrase not required
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Tue Oct 17 23:05:43 2006] [info] Init: Initializing (virtual) servers for
SSL
[Tue Oct 17 23:05:43 2006] [info] Configuring server for SSL protocol
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(405): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(588): Configuring
permitted SSL ciphers
& #91;ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+ME
DIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(716): Configuring RSA
server certificate
[Tue Oct 17 23:05:43 2006] [debug] ssl_engine_init.c(755): Configuring RSA
server private key
[Tue Oct 17 23:05:43 2006] [error] Unable to import RSA server private key
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Oct 17 23:05:43 2006] [error] SSL Library Error: 218734605
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
--end error log messages--
As you can see the error starts with 'Unable to import RSA server private
key'.
Any help at all would be appreciated. I have not been able to find anything
using Google.
Lee Rowlands
|