SSL Apache

[barry]

Hi,

I've followed the manual instructions and created a cert with godaddy, but when I copy the cert files to the conf folder apache won't start.

I've created certs before and used them with IIS, but never really used apache before. I looked in the apache logs and can't find any errors relating to ssl. Before I create the csr I copied all the files in the conf folder and if I paste them back apache starts ok.

I'm running this in trial mode, I would like to have it all configured and working before I purchase a license.

Thanks,

Barry.

Added a copy of the cmd commands incase there's something I'm missing.

C:\Program Files\FirstSpot\www\apache\bin>openssl genrsa -out ..\conf\my-server.
key 2048
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
...........................+++
.....+++
e is 65537 (0x10001)

C:\Program Files\FirstSpot\www\apache\bin>openssl genrsa -out ..\conf\my-server.
key 2048
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..........+++
.................................................+++
e is 65537 (0x10001)

C:\Program Files\FirstSpot\www\apache\bin>openssl genrsa -out ..\conf\my-server.
key 2048
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..+++
..........+++
e is 65537 (0x10001)

C:\Program Files\FirstSpot\www\apache\bin>openssl req -new -key ..\conf\my-serve
r.key -out ..\conf\my-server.csr -config ..\conf\openssl.cnf
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

[alan]

Not exactly too sure what you problem is. Can you zip and email us your :

config.ini
my-server.key
my-server.cert
ca.crt

to firstspot@patronsoft.com so that we can test it in our side?
_________________
~ Patronsoft Limited ~

[alan]

Seems to be your private key does not match the cert. The private key is using 1024bit (my-server.key). The cert is using 2048bit (my-server.cert). You need to re-generate the cert from GoDadday.

You can use the following instructions to check whether the cert type is matched. In command line go to:

[firstspot directory]\FirstSpot\www\apache\bin\

run follow command for Verifying that a Private Key Matches a Certificate

// The 'modulus' and the 'public exponent' portions in the key and the Certificate must match.
1) openssl x509 -noout -text -in ..\conf\my-server.cert > a1.txt

2) openssl rsa -noout -text -in ..\conf\my-server.key > a2.txt

// But since the public exponent is usually 65537 and it's bothering comparing long modulus you can use the following approach:
3) openssl x509 -noout -modulus -in ..\conf\my-server.cert | openssl md5 > b1.txt

4) openssl rsa -noout -modulus -in ..\conf\my-server.key | openssl md5 > b2.txt
_________________
~ Patronsoft Limited ~