Hello again, I have spent some time trying to configure HTTPS on my server with absolutely so success. I am hoping someone can assist me with this issue.
Here are my configs for Windows Server 2019 ---------------------------------------------------------------------------- local.cfg dspace.server.url = https://myspace.xyz /server dspace.ui.url = https://myspace.xyz solr.server = http://localhost:8983/solr ---------------------------------------------------------------------------- config.prod.yml ui: ssl: false host: myspace.xyz port: 4000 nameSpace: / rest: ssl: true host: localhost port: 443 nameSpace: /server ---------------------------------------------------------------------------- httpd.conf LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-vhosts.conf ---------------------------------------------------------------------------- httpd-vhost.conf <VirtualHost _default_:443> # Setup for my virtual host ErrorLog "${SRVROOT}/logs/error.log" TransferLog "${SRVROOT}/logs/access.log" SSLEngine on SSLCertificateFile "${SRVROOT}/ssl/server.crt" SSLCertificateKeyFile "${SRVROOT}/ssl/server.key" # Backend ProxyPass /server http://localhost:8080/server ProxyPassReverse /server http://localhost:8080/server # RequestHeader set X-Forwarded-Proto https # Frontend ProxyPass / http://localhost:4000 ProxyPassReverse / http://localhost:4000 </VirtualHost> ---------------------------------------------------------------------------- Now Apache2 won't start. I checked the error.log and saw this start up error. [Thu Nov 17 13:04:23.667292 2022] [ssl:emerg] [pid 5624:tid 480] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/Apache24/ssl/server.key) [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] AH02311: Fatal error initialising mod_ssl, exiting. See C:/Apache24/logs/error.log for more information [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] AH02564: Failed to configure encrypted (?) private key servername:443:0, check C:/Apache24/ssl/server.key [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey) [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Thu Nov 17 13:04:23.682918 2022] [ssl:emerg] [pid 5624:tid 480] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) AH00016: Configuration Failed I used OpenSSL v3.0.7 to create the cert and key. Please advise on how I can fix this error. Sonia On Tuesday, November 1, 2022 at 2:53:55 PM UTC-4 Tim Donohue wrote: > Hi Sonia, > > Because of how cookies work in modern web browsers (Safari, Firefox, > Chrome, all of them), unfortunately it's *not possible* to run the DSpace > v7 REST API under HTTP *unless your only client is the same machine (i.e. > localhost)*. So, for development scenarios, many active developers do > run DSpace 7 on HTTP... but that means you can only use "http://localhost"; > style URLs. As soon as you want to use a different, non-localhost URL, you > have to use HTTPS or else your web browser will *block* the cookies that > the DSpace 7 REST API requires to support authentication, etc. > > So, if your internal users are only accessing your site via " > http://localhost:4000"; (or similar) URLs, then you are fine to stay on > HTTP. But, if you need a different URL (or even an IP address) to access > the site, you'll need to switch to using HTTPS. This is a security feature > of all modern web browsers, and it's there to protect your site & users on > your site. > > If you have more information about the problems you've run into with > getting HTTPS working, it's possible someone on this list can help you find > a quick solution. There are also many common installation issues we've > documented the solutions to at > https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-CommonInstallationIssues > > So, be sure to check those, as it's possible your solution will be > documented there. > > We also have documentation on setting up HTTPS for the backend (see step > 16 of backend install) and frontend (see step 8 of frontend install) in our > Installation guide: > https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace > > If you have any more questions, let us know on this list. > > Tim > > On Tuesday, November 1, 2022 at 12:45:42 PM UTC-5 Sonia R Thompson wrote: > >> Hello, >> >> I have successfully installed DSpace 7.3 and migrated my SQL data to the >> new installation. All my data is available and the app works great. >> However, I am struggling with the HTTPS part of the install. >> >> Is it possible to implement HTTP only as client access to the server will >> only be given to 2 internal users and I don't really need HTTPS. I want to >> use 'localhost" only. >> >> If there is any one here who has done this please share as much config >> details as you can. >> >> My environment is as follows. >> - Windows 2019 Data Center >> - Dspace 7.3 >> - Java JDK 17.0.4.1 >> - Apache Maven 3.8.6 >> - Apache Ant 1.10.12 >> - PostgreSQL 13.8 >> - Apache Solr 8.11.2 >> - Apache Tomcat 9.0.65 >> - Git 2.37.2.2 >> - Apache HTTPD 2.4.54 >> >> Front End >> - Node.js 16.17.1 >> - Yarn 1.22.19 >> - PM2 5.2.0 >> >> The 2 clients accessing the server via local network will be Windows 10. >> >> Grateful for any assistance. >> >> Sonia > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/3dde2038-96ad-4f5f-ba6e-fe5201108bcbn%40googlegroups.com.
