You are probably experiencing the Win32 startup hang I researched/reported
last month. Apache Win32 spawns a child process at startup, and this child
(as well as the parent) prompt for the passphrase. Because of an Apache
bug, the prompt string from the child is not displayed, and the child hangs
waiting for hte passphrase to be entered.
Quick fix 1 - enter the passphrase a second time "blind"
Quick fix 2 - run Apache with -X option (single process)
Quick fix 3 - run with unencrypted server key
Slow fix 1 - write a simple command line program to emit the passphrase and
configure it with the SSLPassPhraseDialog, such as:
SSLPassPhraseDialog "exec:c:/program files/apache/bin/pwfilter1.exe"
where pwfilter1 is the program.
Slower fix 2 - patch and rebuild the Apache core to cause the second prompt
string to be displayed. I described the fix previously and it should be in
the maillist archive. The problem is that the handles for stderr/stdout
were not being inherited properly by the child.
cheers
Kirk
Ralf - I think this hangup deserves a FAQ entry by now
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of r.borghesi@liber
> Sent: Tuesday, June 27, 2000 5:08 AM
> To: [EMAIL PROTECTED]
> Subject: newbie: how to create CAs under winnt
>
>
> Thanks for your message, but I had already started SSL (under windows
> nt apache -D SSL).
> I think it's a problem with CAs: I have created new server
> certificates, but left the original apache files that refer to
> www.snakeoil.dom as CA.
> Modssl documentation says that a new self-signed CA for the server can
> be created using the ca.sh script.. but no such scripts (or
> equivalents) exist in the win32 distribution of Apache+modssl.
>
> What can i do ?
>
> Thank you in advance
> Roberto Borghesi
>
>
> > Try /path to apachectl/apachectl startssl
> > then at the prompt enter you password.
> >
> > Regards,
> > Bruce.
> >
> >
> > >Hi everyone,
> > >I'm a new apache 1.3.12 + mod_ssl user (windows NT version, SP5)
> > >I've tried to generate a new server certificate using the command
> line
> > >utility openssl, with the following steps:
> > >
> > >1) key generation
> > >openssl genrsa -des3 -rand
> > >c:\i386\msvbvm60.dll:c:\i386\msvbvm50.dll:c:\i386\win32k.sys:c:\i386
> \she
> > >ll32.dll:c:\mts20.hlp -out myhost.mydomain.com.key 1024
> > >
> > >2) Certificate Signing Request generation
> > >openssl req -new -key myhost.mydomain.com.key -out
> > >myserver.mydomain.com.csr -config openssl.cnf
> > >
> > >3) generate temporary self-signed certificate ***
> > >openssl x509 -req -days 365 -in myhost.mydomain.com.csr -signkey
> > >myhost.mydomain.com.key -out myhost.mydomain.com.crt
> > >
> > >4) copied all files to the respective dirs (ssl.key, ssl.csr,
> ssl.crt)
> > >and changed httpd.conf in the virtualhost SSL section
> > >
> > >5) submitted the .csr to www.thawte.com to get a temporary signed
> > >certificate: I've saved it as myhost.mydomain.com.crt (I put it in
> place
> > >of the temporary, self-signed .crt file)
> > >
> > >Starting apache and trying to load https://localhost apache hangs and
> > >nothing happens.
> > >
> > >Can someone help me ?
> > >
> > >Thank you in advance
> > >Roberto Borghesi
> > >
> > >
> >
> >______________________________________________________________________
> > >Apache Interface to OpenSSL (mod_ssl)
> www
> User Support Mailing List modssl-
> [EMAIL PROTECTED]
> > >Automated List Manager
> [EMAIL PROTECTED]
> >
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
