Playing sysadmin for a while... I want to setup an Apache HTTP server on a Windows box, with SSL encryption; normally I won't bother with Windows, but I don't have a Linux box available at the moment.
So I downloaded the pre-compiled binaries of Apache_2.0.52-Openssl_0.9.7e-Win32.zip and then proceeded to create my own CA and the server certificate, by following the process described in The Apache + SSL HOWTO, Client Authentication with SSL (ultimately I'll want only client with valid certificates to be able to access this server). The problem is that basically it doesn't work at all...
Testing with OpenSSL gives:
Update: amazing what happens when you post about a problem and the solution is just a click away... I had this line in my ssl.conf file:
So I downloaded the pre-compiled binaries of Apache_2.0.52-Openssl_0.9.7e-Win32.zip and then proceeded to create my own CA and the server certificate, by following the process described in The Apache + SSL HOWTO, Client Authentication with SSL (ultimately I'll want only client with valid certificates to be able to access this server). The problem is that basically it doesn't work at all...
Testing with OpenSSL gives:
$ openssl s_client -connect my.server.com:443 CONNECTED(00000003) 31896:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:Of course my.server.com is the real name of my server. Testing with some browsers (Opera, Firefox) gives similar errors. In the Apache log (LogLevel debug) there are entries like:
[Sun Nov 28 12:49:53 2004] [error] [client 192.168.0.1] Invalid method in request \x80\x8c\x01\x03\x01 [Sun Nov 28 12:50:04 2004] [error] [client 192.168.0.1] Invalid method in request \x80F\x01\x03That makes me think that there's some problems with the certificates, but I don't know where else to look... Has anybody got that particular Apache+SSL combination to work on Windows?
Update: amazing what happens when you post about a problem and the solution is just a click away... I had this line in my ssl.conf file:
<VirtualHost _default_:443>and by simply changing it to
<VirtualHost my.server.com:443>(i.e. replacing _default_ with the ServerName of my server) I fixed the problem. Hopefully this post will be indexed by search engines so that other folks can use it to solve the same problem.
Another update… A new machine, with the same Apache+OpenSSL combination, the same certificate and the same host name doesn‘t work with VirtualHost my.server.com:443 giving Invalid method in request. Changing to VirtualHost _default_:443 made it work.