When installing a certificate with Apache OpenSSL instead of IIS on Windows Server, Apache could not be restarted if I replaced it with a legitimate certificate even though it worked with the certificate, so I will describe how to deal with it as a memorandum. I will.
First of all, when you say Apache on Windows, in many cases, it is common to install it on a local PC with Xampp etc. and the certificate does not work due to OpenSSL.
In that case, first suspect a port conflict with another application.
If you look at netstat, you can check other apps that use 80 or 443, so if you change the port number on the web server side or the app side, it will be solved.
I think this is a rare case, but it is a solution for Windows Server.
Under normal circumstances, it is unlikely that you are running an app that has port conflicts on Windows Server.
Therefore, it is assumed that the certificate can be installed, and although a warning is issued on https for the time being, it is in a state where it can be accessed.
If you apply for a legitimate certificate and replace it, you may run into trouble that Apache cannot be restarted.
In such a case, take a look at the Apache error log.
AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key) AH02311: Fatal error initialising mod_ssl, exiting. See C:/apache/logs/error.log for more information AH02564: Failed to configure encrypted (?) private key cloudshift.jp:443:0, check C:/apache/conf/ssl.key/server.key SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey) SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) AH00016: Configuration Failed
I’ve cut off the beginning of the log for a moment, but I think you’ll get an error like this.
Notice the very first log.
SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key)
In short, Win32 doesn’t support SSL passphrases! That’s crack.
When you apply for the certificate, when you create the key file, you probably registered your passphrase, so you need to delete it.
Create a file without passphrase from the command line as follows.
openssl rsa -in C:/apache/conf/ssl.key/server.key -out C:/apache/conf/ssl.key/nopassserver.key
You will be prompted for a passphrase, enter it and press Enter.
Then, I think that C: /apache/conf/ssl.key/nopassserver.key is created, so after that,
if you rewrite the key file name of ssl.conf to nopassserver.key and restart Aapche, it will be fine and the startup will be confirmed. I can do it.
- Nginx Error: SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
- Apache Cannot Start: SSL Library Error: -8181 Certificate has expired
- [Solved] Linux wget Error: ERROR: cannot verify Issued certificate has expire
- ERROR: configuration failed for package ‘openssl’ [How to Solve]
- [Solved] redis Startup Error: Creating Server TCP listening socket 127.0. 0.1:6379: bind: no error redis
- [Solved] Error in OpenSSL when compiling code locally for raspberry pie
- Error while loading shared libraries [How to Solve]
- [Solved] Git Error: OpenSSL SSL_read: Connection was reset, errno 10054和Failed to connect to github.com port 443
- [Solved] httpd:httpd:Could not reliably determine the server‘s fully qualif domain name,using ::1 for Se
- error while loading shared libraries [How to Solve]
- Nginx configuration 80 can be accessed by forcing jump 443 or not
- [Nginx] solution: it can’t be accessed on the background API interface after HTTPS (access the specified port through the domain name)
- [Solved] Error during installation of nginx: Make: * * * [build] error 2
- Git Error Resolution: errno:10054 Time out
- The upgrade of Ubuntu results in an error in the compilation of Android Jack [Two Method to Solve]
- [Solved] Web server failed to start. Port 8080 was already in use.
- Nginx Startup Error: Job for nginx.service failed because the control process exited with error code
- linux tomcat Run (DWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [debugIni）
- Centos6.8vnc error: connect: Connection refused 10061