Hi, I installed successfully apache ssl (open sa) on windows NT svc pack 5 without any problem Best regards -----Message d'origine----- De : Dan S. <[EMAIL PROTECTED]> � : [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date : jeudi 27 janvier 2000 22:18 Objet : Win32 problems loading ApacheModuleSSL.dll >Surely there MUST be someone else encountering the "Syntax Error" when >starting the server. It appears that ApacheModuleSSL.dll cannot be loaded. >I've tried everything, including reinstalling both versions (.10 and .20) on >new and old PCs. Of course, they were all running either windows 95 or 98, >not NT. I wonder if that is the problem? > >Thanks to all - I hope I'm not alone!! > >Dan > >______________________________________________________________________ >The OpenSA Project http://www.opensa.org/ >User List [EMAIL PROTECTED] >Title: Apache+SSL Win32 HOWTO
The Apache + SSL on Win32 HOWTO
Overview
This page describes the installation of the Win32 version of Apache with the mod_ssl extension. This process worked for me on Windows NT; please mail me your suggestions and bug reports. You can even install Apache with SSL in addition to the Microsoft Internet Information Server if you need to.
Apache with mod_ssl seems to be the only free (as in speech, not in beer) solution for Win32. Please note that Apache on Win32 is considered beta quality as it doesn't reach the stability and performance of Apache on Un*x platforms.
Microsoft IIS doesn't cost money either, and it has SSL, too. However, exported versions of it are only able to use 40-bit cryptography which is considered quite insecure. OpenSSL uses 128 bit that is much more secure. The other problem with IIS is that it doesn't seem to accept self-signed certificates which are quite useful for testing purposes and intranet servers.
1.: Install Apache
Get the Win32 version of the Apache web server from one of the mirrors. It is called something like "apache_x_y_z_win32.exe". This is a self-extracting archive that contains the Apache base system and sample configuration files.
Install Apache as described in http://www.apache.org/docs/windows.html.
Change at least the following parameters in Apache-dir/conf/httpd.conf:
Port443 (You might need to tweak IIS not to listen on 443)- (if not in addition to IIS)
Listen80 Listen443ServerNamewww.my-server.com- (if in addition to IIS)
DocumentRootand the corresponding<Directorysome-dir>to yourInetpub\wwwroot - If you want to use PHP, configure it according to the instructions.
Install the Apache service (NT only) and start the server. Verify that everything works before proceeding to the SSL installation because this limits the possible errors.
Try https://my-server.com. It won't be encrypted yet but if this works then the port configuration (port 443) is right.
2.: Get OpenSSL and mod_ssl
Go to http://www.modssl.org/contrib/ and find a file that is called something like Apache_X-mod_ssl_Y-openssl_Z-WIN32-i386.zip. Download and unzip it to a new directory.
Copy the files ssleay32.dll and libeay32.dll from the Apache directory to WINNT\System32.
You will need the OpenSSL or SSLeay utility to create a certificate. (The openssl.exe in the Apache-mod_ssl distribution doesn't work because it tries to open a configuration file in /usr/ that you probably don't have.)
If you have access to a Un*x machine, get OpenSSL from http://www.openssl.org and compile it.
If all you have is Windows, go to
http://sourceware.cygnus.com/cygwin/
and get the CygWin system (a kind of Un*x on top of Windows) and the
SSLeay
binary distribution.
Set up and configure both (this can be hard without Un*x experience) until you can run ssleay.
3.: Create a test certificate
The following instructions are from http://www.apache-ssl.org/#FAQ.
If you use SSLeay instead of OpenSSL, type ssleay instead of openssl in the following commands.
openssl req -new > my-server.csr
This creates a certificate signing request and a private key.
openssl rsa -in privkey.pem -out my-server.key
This removes the passphrase from the private key. You should understand what this means; my-server.key should be only readable by the apache server and the administrator.
openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (This is optional; if know your users, you can tell them to install the certificate into their browsers.)
Copy my-server.key and my-server.cert to the Apache/conf/ssl directory.
4.: Configure Apache and mod_ssl
Copy the files from the downloaded apache-mod_ssl distribution over your original Apache installation directory (remember to stop Apache first!).
Find the LoadModule directives in your httpd.conf file and add this:
LoadModule ssl_module modules/ApacheModuleSSL.dll
Add the following to the end of httpd.conf:
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLogLevel info
# You can later change this to "warn" if everything is OK<VirtualHost www.my-server.com:443> SSLEngine On SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key </VirtualHost>
You might need to use regedit to change the key
HKEY_LOCAL_MACHINE\SOFTWARE\Apache Group\Apache\X.Y.Z to the correct number if the apache.exe from modssl.org/contrib is not the same version as the previously installed one.
Start the server, this time from the command prompt (not as a service) in order to see the error messages that prevent Apache from starting. If everything is OK, (optionally) press CTRL+C to stop the server and start it as a service if you prefer.
If it doesn't work, Apache should write meaningful messages to the screen and/or into the error.log and SSL.log files in the Apache/logs directory.
Links
Apache Web Server: http://www.apache.orgmod_ssl: http://www.modssl.org
OpenSSL: http://www.openssl.org
CygWin: http://sourceware.cygnus.com/cygwin/
SSLeay for CygWin: http://www.student.uni-koeln.de/cygwin/Distribution/Binary/?item=ssleay
PHP Hypertext preprocessor: http://www.php.net
Author of this document: Balázs Bárány (http://tud.at)
