Solved

Running SSL on Windows/Apache

Posted on 2006-07-20
6
306 Views
Last Modified: 2010-03-04
Here are the basics:

Two sites on one W2KSP4 server with two separate IPs. One runs on IIS/ASP (has to because of ties to an ERP), the other being developed on Apache2.2.2/PHP5.1.4. OpenSSLv.0.98b is also installed. I've generated a key for Thawte and received the certificate. Both are installed. I've modified the httpd.conf file to listen to port 443 and that works fine. However, when I put in the code that I think will enable SSL, both the secured AND unsecured sites become unavailable. (yes, mod_ssl is enabled). Obviously, the secured site doesn't work one way or another.
Here's the code:

Listen XX.XXX.X.X:80
Listen XX.XXX.X.X:443

...

LoadModule ssl_module modules/mod_ssl.so

...

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

# SSL StartUp
<VirtualHost XX.XXX.X.X:443>
DocumentRoot "D:/Inetpub/sitefolder"
ServerName www.website.com
ServerAdmin admin@site.com
ErrorLog logs/error.log
TransferLog logs/transfer.log
SSLEngine On
SSLCertificateFile ApacheCert/cert.crt
SSLCertificateKeyFile ApacheCert/cert.key
</VirtualHost>

#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

The cert locations are correct and I obviously changed some of the IP and URL values in there. Apache starts up with no errors when this code is present but then the pages don't appear. Am I missing something here? 500 points for urgency.
0
Comment
Question by:cbeaudry1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 13

Expert Comment

by:rhickmott
ID: 17147735
Try

-------------------

Listen xxx.xxx.xxx.xxx:80

...

LoadModule ssl_module modules/mod_ssl.so

...


<IfModule mod_ssl.c>
         
      ## Handle SSL
      Listen xxx.xxx.xxx.xxx:443

      #SSL Types
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl    .crl

      SSLPassPhraseDialog  builtin
          SSLSessionCache none
      SSLSessionCacheTimeout  300      
      SSLMutex default
      SSLRandomSeed startup builtin
      SSLRandomSeed connect builtin
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      
      <VirtualHost xxx.xxx.xxx.xxx:443>
            #  General setup for the virtual host
            DocumentRoot "D:/Inetpub/sitefolder"
            ServerName *:443
            ServerAdmin you@domain.com
            ErrorLog logs/error.log
            TransferLog logs/access.log
                  
            <Directory "D:/Inetpub/sitefolder">
                      Options FollowSymLinks
                      AllowOverride All
                      Order allow,deny
                      Allow from all
            </Directory>

            <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                      SSLOptions +StdEnvVars
            </Files>
            <Directory "cgi-bin">
                      SSLOptions +StdEnvVars
            </Directory>
      
            CustomLog logs/ssl_request_log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

            SSLEngine On
            SSLCertificateFile ApacheCert/cert.crt
            SSLCertificateKeyFile ApacheCert/cert.key
      </virtualhost>
</IfModule>


<VirtualHost xxx.xxx.xxx.xxx:443>
     SSLEngine On
     SSLCertificateFile ApacheCert/cert.crt
     SSLCertificateKeyFile ApacheCert/cert.key
</VirtualHost>


NameVirtualHost xxx.xxx.xxx.xxx:80

<VirtualHost xxx.xxx.xxx.xxx:80>
     DocumentRoot "D:/Inetpub/sitefolder"
</VirtualHost>
0
 

Author Comment

by:cbeaudry1
ID: 17148996
I tried that code and got the same result so I went back to the base code provided by Thawte and realized that the key screws things up on Windows if there is a passcode. So using OpenSSL, I removed the passcode.

The good news is that the SSL is now working and can display static pages and files like phpinfo.php

The bad news is that it doesn't display php files with dynamic content. The files connect to a separate SQL server.
0
 

Author Comment

by:cbeaudry1
ID: 17149211
...and that was because one of the developers had an include redirect to a bad URL until I got the SSL working:

<?php
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])
{
      header("Location: http:/" . $_SERVER['REQUEST_URI']);
}
?>

Everything works now.
0
 

Author Comment

by:cbeaudry1
ID: 17154987
The right code for Thawte certificates is outlined in the first post. Obviously, the folder locations and values will be specific to your site.

If using a Thawte certificate, follow the instructions provided by Thawte but do not enter a private key passphrase when generating your CSR if you have Apache installed on Windows. SSLPassPhraseDialog builtin is not supported on Win32. Doing so will prevent SSL from starting up and could disable your site entirely. If you did create a passphrase and need to remove it, use the following at a command prompt:

openssl rsa -in file1.key -out file2.key

0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 17168681
Closed, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question