When installing a certificate with Apache OpenSSL instead of IIS on Windows Server, Apache could not be restarted if I replaced it with a legitimate certificate even though it worked with the certificate, so I will describe how to deal with it as a memorandum. I will.
First of all, when you say Apache on Windows, in many cases, it is common to install it on a local PC with Xampp etc. and the certificate does not work due to OpenSSL.
In that case, first suspect a port conflict with another application.
If you look at netstat, you can check other apps that use 80 or 443, so if you change the port number on the web server side or the app side, it will be solved.
I think this is a rare case, but it is a solution for Windows Server.
Under normal circumstances, it is unlikely that you are running an app that has port conflicts on Windows Server.
Therefore, it is assumed that the certificate can be installed, and although a warning is issued on https for the time being, it is in a state where it can be accessed.
If you apply for a legitimate certificate and replace it, you may run into trouble that Apache cannot be restarted.
In such a case, take a look at the Apache error log.
AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key) AH02311: Fatal error initialising mod_ssl, exiting. See C:/apache/logs/error.log for more information AH02564: Failed to configure encrypted (?) private key cloudshift.jp:443:0, check C:/apache/conf/ssl.key/server.key SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey) SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) AH00016: Configuration Failed
I’ve cut off the beginning of the log for a moment, but I think you’ll get an error like this.
Notice the very first log.
SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/apache/conf/ssl.key/server.key)
In short, Win32 doesn’t support SSL passphrases! That’s crack.
When you apply for the certificate, when you create the key file, you probably registered your passphrase, so you need to delete it.
Create a file without passphrase from the command line as follows.
openssl rsa -in C:/apache/conf/ssl.key/server.key -out C:/apache/conf/ssl.key/nopassserver.key
You will be prompted for a passphrase, enter it and press Enter.
Then, I think that C: /apache/conf/ssl.key/nopassserver.key is created, so after that,
if you rewrite the key file name of ssl.conf to nopassserver.key and restart Aapche, it will be fine and the startup will be confirmed. I can do it.
- Nginx configuration 80 can be accessed by forcing jump 443 or not
- [Nginx] solution: it can’t be accessed on the background API interface after HTTPS (access the specified port through the domain name)
- Git Error Resolution: errno:10054 Time out
- linux tomcat Run (DWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [debugIni）
- Hadoop 3.2.0 idea development environment construction and HDFS read write API operation
- Linux Nagios failed to log in to internal server error (Fixed)
- Solutions to errors in installing xunsearch engine in centos8.0
- U-boot NFS download file error: loading: * * * error: File lookup fail solution
- PM2 user defined Log, PID and other Log File Locations
- Error Running Context: The server unexpectedly closed the connection
- Nginx Error: [emerg] bind() to [::]:80 failed (98: Address already in use)
- Common configuration methods of nginx
- Git Clone Error: ‘fatal: HTTP request failed‘
- Notes on Linux SCP command using specific port
- Installation, Configuration and Simple Use of Rancher
- [Solved] paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
- Server hardware and RAID configuration
- How to Check Password Modification Complexity
- summary of configuration and deployment of uwsgi+nginx+flag in centos7 and why internal server error is prompted [official instructions]