I don't write a whole lot of HOWTO stuff on this site. I think the combination of lack of sufficient expertise and lack of time to do so has made it pretty unlikely that anyone would find info on anything useful here.

However, I just finished installing OpenSSL for Apache 2 on my laptop, for dev purposes, and it wasn't easy. In addition, I looked high and low for info that might help me debug and did not find anything specific anywhere, so I figure that I can help some folks and maybe divert some traffic from Google to my site all in the same shot.

For anyone who's visited http://tud.at/programm/apache-ssl-win32-howto.php3, you may run into the same trouble I did, especially if you are as attentive to detail as I am (not very much) when reading instructions.

First, let me identify the Apache version I started with as 2.0.52. When complete, I had 2.0.55. This was essentially a copy and paste operation, but I did not copy over my httpd.conf files. I ran a comparison on my old file vs. the new file to see what was different and it was mostly stuff that didn't matter much, so I was able to keep the old file and have no trouble.

After I did the install according to the HOWTO, I had no SSL available via https://localhost. I ran the debug command noted in the HOWTO by entering openssl s_client -connect localhost:443 at the command line in the openssl directory I had created. Here's how that went:

C:Program FilesApache GroupApache2openssl>openssl s_client -connect localhost:443 -state -debugLoading 'screen' into random state - done connect: Bad file descriptor connect:errno=10061

Not so good. Took me a while to figure out why. For those of you who have a similar problem, read on, and maybe this will work for you, too.

I installed everything as directed in that fantastic HOWTO that I linked to above. It went pretty easily. When I was done, I realized that I did not need to rewrite anything into my httpd.conf because the ssl.conf file provided with the zip file at http://hunter.campbus.com/ was great and the httpd.conf file had an IfModule directive for mod_ssl.c that Includes the ssl.conf file anyway. So I made no edits to my httpd.conf file.

I had to change the SSLCertificateFile value to conf/ssl/my-server.cert, making sure to change the .crt to .cert from the default ssl.conf value, as this was kind of a sneaky problem.

I had to change the SLLMutex setting in the ssl.conf file to have a value of "default" per the error output when trying to restart Apache after making these changes. This brings me to the most important point: changing the way Apache starts.

There is a small note that's easy to miss in the HOWTO that says, "Don't forget to call apache with -D SSL if the IfDefine directive is active in the config file!". Guess what...the IfDefine directive is indeed set in the default ssl.conf file that comes with that distro. So you do in fact need to start Apache with the SSL switch as this note specifies.

The trickier part was discovering that when starting Apache as a service in XP, it was not starting with SSL. I could do it this way from the command line (although for some reason it still didn't start the SSL server), but not from the service panel. And in fact, it is not possible to change the startup values permanently from the services dialog in the XP Control Panel. So I had to use regedit to edit the registry value of ImagePath in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesApache2 to include the SSL at the tail end of the startup command. After doing so, I was able to start Apache from both the command line and from the services panel and the SSL server started beautifully.

So, in summary, follow the directions at http://tud.at/programm/apache-ssl-win32-howto.php3. Then when you're done, change the ssl.conf values I noted above. Then use regedit to edit that ImagePath key and add the -D SSL switch. Hopefully, after doing so you'll have a working SSL server for use on your dev machine. Good luck!

Anonymous said:

THANK YOU! Spent the past two hours fighting this beast of a mistake on the part of Apache's install... you'd think that they could figure out how to add that flag on the service start-up when you choose the binary install package that includes openssl. (posted 5:11pm, 23Jan08)

Bill Haenel said:

You're welcome! (posted 4:15pm, 30May08)

Anonymous said:

Hi, Thanks 4 the information. It proved a lot helpful to me. However, I'll like to add some more things I learnt 4 d benefit of others as it concerns the info. in the docs at Source: http://tud.at/programm/apache-ssl-win32-howto.php3 I use Apache 2.0.63/PHP 5.2.5/Openssl and found the following changes necessary 4 complete success on my development server (in httpd.conf) Initial (from http://tud.at/programm/apache-ssl-win32-howto.php3) ————————————————————————————————- SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel info # You can later change "info" to "warn" if everything is OK <VirtualHost www.my-server.dom:443> SSLEngine On SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key </VirtualHost> Modification (as it concerns Apache 2.0.63) —————————————————————- #correct values for SSLMutex are: none|default . Avoid using sem SSLMutex default SSLRandomSeed startup builtin SSLSessionCache none #SSLLog directive no longer supported. use ErrorLog instead. #There is usually a directive up in httpd.conf file as # ErrorLog logs/error.log #so you may omit the next line ErrorLog logs/SSL.log #Similarly, SSLLogLevel is no longer supported. Use LogLevel LogLevel info # You can later change "info" to "warn" if everything is OK <VirtualHost serverName:443> SSLEngine On SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key </VirtualHost> Lastly, I saw something a bit shocking and am still wondering why. Guess someone will provide an explanation. Apache reads from httpd.conf and ssl.conf b4 starting. Now, (for the Apache 2.0.63 installation on my system and probably 4 all) why is there a conflict in the ssl listening ports in both httpd.conf and ssl.conf ? In httpd.conf, I have Listen 443 (after Listen 80) but in the ssl.conf file, I saw Listen 8443 and all references there uses it as default ssl listening port. I attempted changing it but everything failed 2 work, so took it back 2 what it was. The funny thing is that it still works like this but why the discrepancy? (posted 5:40pm, 26Jul08)

Anonymous said:

still can't use SSL on my Apache 2.0.63.. please help me.. still getting : connect: Bad file descriptor connect:errno=10061 (posted 4:04am, 03Nov08)

Anonymous said:

openSSL s_client -connect localhost:443 This defaults to ssl2.0. your server may be using a different protocol Try running one of these two commands to see if you are running on tls or ssl3.0 openSSL s_client -connect localhost:443 -tls1 openSSL s_client -connect localhost:443 -ssl3 (posted 3:44pm, 21Oct10)

Anonymous said:

Some time ago, I really needed to buy a house for my corporation but I didn't have enough money and couldn't order anything. Thank God my dude proposed to try to take the <a href="http://bestfinance-blog.com">loan</a> from creditors. So, I did so and was satisfied with my car loan. (posted 12:25am, 09Aug11)

Add a comment

Technorati Tags:

[where: 13617]

May 25th, 2012

Feb 29th, 2012

Feb 3rd, 2012

Feb 18th, 2011

Feed me!

Find me!

On that subject...

in Internet

in Software

in Open Source

Anonymous said:

Bill Haenel said:

Anonymous said:

Anonymous said:

Anonymous said:

Anonymous said: