• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 561
  • Last Modified:

Can someone point me in the right direction on what to do after you have installed the ssl .crt ?

Hi there,

I have downloaded the trail crt from thawte and installed the crt and key. Apache is started and ready.

Where do I go from here? I am using Apache 1.3 on a win 2000 server.

Could some one point me in the right direction of some instructions?

<VirtualHost external_ip_address:443>

DocumentRoot "D:\oracle\ora81\Apache\Apache\htdocs"
ServerName domain-name.com
ServerAdmin edward@domain-name.com
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on


SSLCertificateFile \conf\ssl.crt\www.domain-name.com.crt

#SSLCertificateFile \conf\ssl.crt\server.crt

SSLCertificateKeyFile \conf\ssl.key\www.domain-name.com.key

#SSLCertificateKeyFile \conf\ssl.key\server.key

#SSLCertificateChainFile conf\ssl.crt\ca.crt

SSLCACertificateFile conf\ssl.crt\ca-bundle.crt

#SSLCARevocationFile conf\ssl.crl\ca-bundle.crl

#SSLVerifyClient require

#SSLVerifyDepth  10

<Files ~ "\.(cgi|shtml)$">
    SSLOptions +StdEnvVars
<Directory "cgi-bin">
    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

3 Solutions
please follow the instructions available at
also have a look at
mod_ssl: http://www.modssl.org
mod_ssl configuration: http://www.modssl.org/docs/2.8/ssl_reference.html
and the most important link

let us know
One important thing to know is that after you add an SSL entry to the Apache configuration, you can't simply restart or reload;  you must stop apache:

apachectl stop

Check to make certain that all apache processes are stopped:

ps ax | grep -i apache

and then restart it using the startssl option:

apachectl startssl
Please read the following "The Apache + SSL on Win32 HOWTO"


    PS: periwinkle,  "ps" command can not work with M$ windows!
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

teched1000Author Commented:
Hi guys,

Thanks for your quick respondes.

I have been using http://tud.at/programm/apache-ssl-win32-howto.php3 and http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL.

I am stuck, when I enter: 's_client -connect www.domain-name.com:443' in openssl.exe I receive the following message.

Loading 'screen' into random state - done
1260:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unkown protocol:.\ssl\s23_clnt.c:458:

Also went I do

Apache stop

I get 'Apache prccess 1696 still running! Please shutdwon previous instance before starting'

So I

Apache -k shutdown

Apache -k startssl -- Does not work

Apache -k start  -- Receives the following error

httpd.pid overwrttien -- unclean shutdown of prvious Apache run?
Apache/1.3.12 Wwin32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

Any ideas?
D'oh - thanks, Yuz - missed the fact it was on Windows.

Signaling Apache under Windows is a bit different;  see:


which states:

You can tell a running Apache to stop by opening another console window and running:

    apache -k shutdown

Note: This option is only available with Apache 1.3.3 and later.

For earlier versions, you must use Control-C in the Apache console window to shut down the server.

From version 1.3.3 through 1.3.12, this should be used instead of pressing Control-C in a running Apache console window, because it allowed Apache to end any current transactions and cleanup gracefully.

As of version 1.3.13 pressing Control-C in the running window will cleanup Apache quite gracefully, and you may use -k stop as an alias for -k shutdown. Earlier versions do not understand -k stop.
P.S. if Apache is running as a service, you might find the following useful, too:

teched1000Author Commented:
Hi guys,

I found the solution, I started witha fresh unedited httpd.conf file and edited it a bit at a time. When I had finished I found the it worked fine.

Must have bodshed the orginal some how.

Anything I want to make the whole web site SSL secure.

At the moment you can use both http and https to enter my web sites.

How you to edit the httpd.conf file so that if anyone trys to enter using http it will rediredt them to https?

Thanks for all your help

You can redirect from the virtualhost of the non-secure version to the secure one... something like:

<VirtualHost external_ip:80>
Redirect / https://www.yourdomain.com
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now