[How to Solve] Apache cannot be restarted with Windows Server + Open SSL

Leave a reply

When installing a certificate with Apache OpenSSL instead of IIS on Windows Server, Apache could not be restarted if I replaced it with a legitimate certificate even though it worked with the certificate, so I will describe how to deal with it as a memorandum. I will.

First of all, when you say Apache on Windows, in many cases, it is common to install it on a local PC with Xampp etc. and the certificate does not work due to OpenSSL.
In that case, first suspect a port conflict with another application.
If you look at netstat, you can check other apps that use 80 or 443, so if you change the port number on the web server side or the app side, it will be solved.

I think this is a rare case, but it is a solution for Windows Server.
Under normal circumstances, it is unlikely that you are running an app that has port conflicts on Windows Server.
Therefore, it is assumed that the certificate can be installed, and although a warning is issued on https for the time being, it is in a state where it can be accessed.
If you apply for a legitimate certificate and replace it, you may run into trouble that Apache cannot be restarted.
In such a case, take a look at the Apache error log.

AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key)
AH02311: Fatal error initialising mod_ssl, exiting. See C:/apache/logs/error.log for more information
AH02564: Failed to configure encrypted (?) private key cloudshift.jp:443:0, check C:/apache/conf/ssl.key/server.key
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH00016: Configuration Failed

I’ve cut off the beginning of the log for a moment, but I think you’ll get an error like this.
Notice the very first log.

SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key)

In short, Win32 doesn’t support SSL passphrases! That’s crack.
When you apply for the certificate, when you create the key file, you probably registered your passphrase, so you need to delete it.
Create a file without passphrase from the command line as follows.

openssl rsa -in C:/apache/conf/ssl.key/server.key -out C:/apache/conf/ssl.key/nopassserver.key

You will be prompted for a passphrase, enter it and press Enter.
Then, I think that C: /apache/conf/ssl.key/nopassserver.key is created, so after that,
if you rewrite the key file name of ssl.conf to nopassserver.key and restart Aapche, it will be fine and the startup will be confirmed. I can do it.

Read More:

Leave a Reply

Your email address will not be published. Required fields are marked *