[APACHE] Problem z Instalacją SSL pod Windows Opcje

[tomeknh]

Witam,

Mam problem z instalacją SSL. Zainstalowałem Apache (apache_2.0.61-win32-x86-openssl-0.9.7m.msi). Skonfigurowałem wszystko. Wygenerowałem certyfikaty... odpalam https://localhost/ lub https://127.0.0.1/ lub http://localhost:443/ i nic... wykombinowałem już chyba wszystkie opcje.

Robiłem wszystko na podstawie tego: http://tud.at/programm/apache-ssl-win32-howto.php3
Czyli generowanie certyfikatów

openssl req -config openssl.cnf -new -out my-server.csr
This creates a certificate signing request and a private key. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server (e.g. www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn't match.

openssl rsa -in privkey.pem -out my-server.key
This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator.
You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don't want this.

If you have users with MS Internet Explorer 4.x and want them to be able to install the certificate into their certificate storage (by downloading and opening it), you need to create a DER-encoded version of the certificate:
openssl x509 -in my-server.cert -out my-server.der.crt -outform DER

Create an Apache/conf/ssl directory and move my-server.key and my-server.cert into it.

Plik error.log

Kod

[Tue Dec 25 14:44:28 2007] [notice] Parent: Received restart signal -- Restarting the server.
[Tue Dec 25 14:44:28 2007] [notice] Child 424: Exit event signaled. Child process is ending.
[Tue Dec 25 14:44:29 2007] [notice] Child 424: Released the start mutex
[Tue Dec 25 14:44:29 2007] [notice] Apache/2.0.61 (Win32) mod_ssl/2.0.61 OpenSSL/0.9.8g configured -- resuming normal operations
[Tue Dec 25 14:44:29 2007] [notice] Server built: Sep  5 2007 09:55:35
[Tue Dec 25 14:44:29 2007] [notice] Parent: Created child process 2904
[Tue Dec 25 14:44:30 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Dec 25 14:44:30 2007] [notice] Child 2904: Child process is running
[Tue Dec 25 14:44:30 2007] [notice] Child 2904: Acquired the start mutex.
[Tue Dec 25 14:44:30 2007] [notice] Child 2904: Starting 250 worker threads.
[Tue Dec 25 14:44:31 2007] [notice] Child 424: Waiting for 250 worker threads to exit.
[Tue Dec 25 14:44:31 2007] [notice] Child 424: All worker threads have exited.
[Tue Dec 25 14:44:31 2007] [notice] Child 424: Child process is exiting

Szukałem na temat Session Cache, ale nic ciekawego nie znalazłem, próbowałem ustawić wartość w konfiguracji na None i dalej to samo...

Plik ssl.conf

Kod

SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  
  <IfDefine SSL>
  
  Listen 443
  
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl
  
  SSLPassPhraseDialog  builtin
  
  SSLSessionCache         dbm:logs/ssl_scache
  SSLSessionCacheTimeout  300
  
  SSLMutex default
  
  <VirtualHost 127.0.0.1:443>
  
  DocumentRoot "D:/Apache2/htdocs/ssl"
  ServerName 127.0.0.1:443
  ServerAdmin root@localhost
  ErrorLog logs/ssl-error.log
  TransferLog logs/ssl-access.log
  
  SSLEngine on
  
  
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  
  SSLCertificateFile conf/ssl/server.cert
  SSLCertificateKeyFile conf/ssl/server.key
  
  
  <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "D:/Apache2/cgi">
      SSLOptions +StdEnvVars
  </Directory>
  
  SetEnvIf User-Agent ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
  
  CustomLog logs/ssl_request_log \
            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  
  </VirtualHost>                                  
  
  </IfDefine>

Czy ktoś wie co jest nie tak?

Pozdrawiam

Problem rozwiązany: Wystarczy przesunąć VirtualHost oraz dyrektywę SSLSessionCache poza <IFDefine SSL> inaczej Apache nie widzi danych ustawień.

Ten post edytował tomeknh 25.12.2007, 14:51:36