Bill Haenel

login | site map | contact 

On that subject...

in Internet

Flipboard, Zite, Msgboy, Pulse, Taptu, Poptart,... MORE

So I'm experimenting with a new social media... MORE

UPDATE as of 12PM EST: Facebook has apparently... MORE

I wonder if this means I won't have to help... MORE

I’ve been watching web traffic from my desk here... MORE

Ever wonder what the links under the main Google... MORE

"What if I started a new public media web... MORE

So I noticed that one of the hotter items being... MORE

I recently had the opportunity to review the work... MORE

So I don't have much time to write here, but this... MORE

My good friend John Tynan from KJZZ in Arizona... MORE

OK, I admit this post might just be a bit of a... MORE

Through my work with a number of public... MORE

Remember Webmonkey? "The Web Developer's... MORE

So I got this note from Brookstone after buying a... MORE

This is my new favorite.It's the Washlet, and... MORE

After reading the Tuesday, March 6th edition of... MORE

Sorry to those of you who did not sign up for... MORE

"Billions of signals rush over the ocean floor... MORE

Still using the hell out of those colons in my... MORE

Someone at the Public Media Conference who made... MORE

I really am a pathetic blogger. Not sure why, but... MORE

I'm going to try something new here at... MORE

As my second installment of Web Master Tidbits, ... MORE

I have a CMS called MySiteWorx!, a software that... MORE

Recently I was interviewed by Stephen Feller from... MORE

Everyone knows how much I love public... MORE

Here's one to watch.  Microsoft Point of... MORE

It seems some other folks (including the New York... MORE

When will they ever learn? I've been watching... MORE

You heard it here first. Or maybe not. But this... MORE

Recently, I've been requested by a prospective... MORE

I had the pleasure of reading the recent blog... MORE

If you've never tried it, you might want to wait... MORE

Mass Media: An ethical and socially acceptable... MORE

in Software

I recently acquired an Asus T91MT convertible... MORE

This one has driven me nuts for several years,... MORE

I haven't said much (at least not publicly) about... MORE

in Open Source

For me, one of the highlights about last week's... MORE

Posted by Bill Haenel on 08-Feb-06

I don't write a whole lot of HOWTO stuff on this site. I think the combination of lack of sufficient expertise and lack of time to do so has made it pretty unlikely that anyone would find info on anything useful here.

However, I just finished installing OpenSSL for Apache 2 on my laptop, for dev purposes, and it wasn't easy.  In addition, I looked high and low for info that might help me debug and did not find anything specific anywhere, so I figure that I can help some folks and maybe divert some traffic from Google to my site all in the same shot.

For anyone who's visited, you may run into the same trouble I did, especially if you are as attentive to detail as I am (not very much) when reading instructions.

First, let me identify the Apache version I started with as 2.0.52. When complete, I had 2.0.55. This was essentially a copy and paste operation, but I did not copy over my httpd.conf files. I ran a comparison on my old file vs. the new file to see what was different and it was mostly stuff that didn't matter much, so I was able to keep the old file and have no trouble.

After I did the install according to the HOWTO, I had no SSL available via https://localhost. I ran the debug command noted in the HOWTO by entering openssl s_client -connect localhost:443 at the command line in the openssl directory I had created. Here's how that went:

C:Program FilesApache GroupApache2openssl>openssl s_client -connect localhost:443 -state -debug
Loading 'screen' into random state - done
connect: Bad file descriptor

Not so good. Took me a while to figure out why. For those of you who have a similar problem, read on, and maybe this will work for you, too.

I installed everything as directed in that fantastic HOWTO that I linked to above. It went pretty easily. When I was done, I realized that I did not need to rewrite anything into  my httpd.conf because the ssl.conf file provided with the zip file at was great and the httpd.conf file had an IfModule directive for mod_ssl.c that Includes the ssl.conf file anyway. So I made no edits to my httpd.conf file.

I had to change the SSLCertificateFile value to conf/ssl/my-server.cert, making sure to change the .crt to .cert from the default ssl.conf value, as this was kind of a sneaky problem.

I had to change the SLLMutex setting in the ssl.conf file to have a value of "default" per the error output when trying to restart Apache after making these changes. This brings me to the most important point: changing the way Apache starts.

There is a small note that's easy to miss in the HOWTO that says, "Don't forget to call apache with -D SSL if the IfDefine directive is active in the config file!". Guess what...the  IfDefine directive is indeed set in the default ssl.conf file that comes with that distro. So you do in fact need to start Apache with the SSL switch as this note specifies.

The trickier part was discovering that when starting Apache as a service in XP, it was not starting with SSL. I could do it this way from the command line (although for some reason it still didn't start the SSL server), but not from the service panel. And in fact, it is not possible to change the startup values permanently from the services dialog in the XP Control Panel. So I had to use regedit to edit the registry value of ImagePath in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesApache2 to include the SSL at the tail end of the startup command. After doing so, I was able to start Apache from both the command line and from the services panel and the SSL server started beautifully.

So, in summary, follow the directions at Then when you're done, change the ssl.conf values I noted above. Then use regedit to edit that ImagePath key and add the  -D SSL switch. Hopefully, after doing so you'll have a working SSL server for use on your dev machine. Good luck!

Related topics: · ·
Technorati Tags:
[where: 13617]
Xbox Live Gratuit