Hi Guys,
Please help with the below:
After adding the following block to httpd.conf Apache service refuses to start,
---------------------------------------------------------------------------------------------------------------------------
Listen 443
<VirtualHost *:443>
#ServerName www.example.com
SSLEngine on
SSLCertificateFile /some-path/cert.pem
SSLCertificateKeyFile /some-path/privkey.pem
# SSLCertificateChainFile /some-path/chain.pem
# rest of your virtualhost configuration here
</VirtualHost>
---------------------------------------------------------------------------------------------------------------------------
so i ran it from the command line and got the following error:
C:\Users\RioMED_TT>c:\\Apache24\\bin\\httpd.exe -d C:/Apache24
AH00526: Syntax error on line 498 of C:/Apache24/conf/httpd.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not inclu
ded in the server configuration
I googled the error and it said i have to enable a module mod_ssl.
Can anyone provide some guidance on how to do this ?
Thanks
Regards,
Robert Ramoutar.
This email is intended for the intended recipient(s) and may contain
confidential information.
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
the sender. If you are not the intended recipient, please notify the sender
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the
sender's
prior permission.
________________________________
From: Marat Khalili <m...@rqc.ru>
Sent: Tuesday, November 8, 2016 11:10 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Install and Configure Apache on Windows Server
I have obtain a certificate file, and the key file. No chain file.
Most public CAs use intermediate certificates (and hence chains) so it is
strange you didn't get one. Since chain is often the same for all clients, it
may be available for download from CA's site somewhere. If you don't need
chain, just omit SSLCertificateChainFile line. Browser warnings and
SSLTest<https://www.ssllabs.com/ssltest/> will tell you if something is amiss.
To httpd.conf or to default-ssl.conf.
You can put everything into httpd.conf
Also where do i find sample site configurations ? so i can have a look.
Well, e.g. if you download Apache for Windows binaries from Apache
Haus<https://www.apachehaus.com/cgi-bin/download.plx>, you will find them in
/Apache24/conf/extra/
--
With Best Regards,
Marat Khalili
On 08/11/16 17:38, Robert Ramoutar wrote:
Hi Marat,
I have obtain a certificate file, and the key file. No chain file.
Just to be sure
Do I add :
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /some-path/cert.pem
SSLCertificateKeyFile /some-path/privkey.pem
SSLCertificateChainFile /some-path/chain.pem
# rest of your virtualhost configuration here
</VirtualHost>
To httpd.conf or to default-ssl.conf.
Also where do i find sample site configurations ? so i can have a look.
Thanks.
Regards,
Robert Ramoutar.
This email is intended for the intended recipient(s) and may contain
confidential information.
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
the sender. If you are not the intended recipient, please notify the sender
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the
sender's
prior permission.
________________________________
From: Marat Khalili <m...@rqc.ru><mailto:m...@rqc.ru>
Sent: Friday, November 4, 2016 2:08 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] Install and Configure Apache on Windows Server
I have been able to generate CSR file and key using OpenSSL as you mentioned.
Now pass the CSR file (without the key) to your CA to get it signed. In return
you should obtain a certificate file, and possibly also a certificate chain
file. Again, your CA should help you with Apache configuration, but generally
it should contain the following lines:
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /some-path/cert.pem
SSLCertificateKeyFile /some-path/privkey.pem
SSLCertificateChainFile /some-path/chain.pem
# rest of your virtualhost configuration here
</VirtualHost>
Apache usually comes with sample site configurations (i.e. default-ssl.conf),
just read them.
Cannot help you with Tomcat, sorry. Saw it last time in 2004.
--
With Best Regards,
Marat Khalili
On 04/11/16 16:19, Robert Ramoutar wrote:
Hello ,
Thank you for that explanation. I have been able to generate CSR file and key
using OpenSSL as you mentioned.
Can anyone indicate what is the next step and also if possible how does one
test this configuration to ensure it is working.
I am trying to accomplish the following:
1. Use apache for certificate
2. Use tomcat to host website
Am i stating this correctly or do i just specify the location of the
certificates in tomcat's configuration ?
If so how do i test this configuration.
Thanks for your guidance
Robert.
Regards,
Robert Ramoutar.
This email is intended for the intended recipient(s) and may contain
confidential information.
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
the sender. If you are not the intended recipient, please notify the sender
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the
sender's
prior permission.
________________________________
From: Marat Khalili <m...@rqc.ru><mailto:m...@rqc.ru>
Sent: Friday, November 4, 2016 1:37 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] Install and Configure Apache on Windows Server
Hello Robert,
There seems some misunderstanding here. Apache does not generate certificates,
nor there's "import" process - you just put files wherever you want and specify
their location in configuration. Minimal Apache configuration of site with SSL
is less than dozen lines, nothing difficult.
Generating necessary certificate files is indeed more involved, but it has
nothing to do with Apache. Ask your CA for help, they should have clear
instructions on what to do (or use different CA). Usually it means running some
commands in OpenSSL. You can use any working installation of OpenSSL, not
necessarily on your Windows PC with Apache.
--
С уважением,
Марат Халили (Российский Квантовый Центр)
+7 926 950 0804
On November 3, 2016 10:06:47 PM GMT+03:00, Robert Ramoutar
<robert_ramou...@hotmail.com><mailto:robert_ramou...@hotmail.com> wrote:
Hi Again,
Thanks for the reply,
I was able to download, install apache service and got IT WORKS when entering
localhost:80 in my browser.
I was reading the following page :
Apache SSL/TLS Encryption
http://httpd.apache.org/docs/2.4/ssl/
But i'm still unable to configure.
Can you say how to import certificates into apache and how to test the imported
certificates to make sure they function.
1. I have to generate a CSR request and key,
2. Then after i get the files from the cert provider import it into apache
Any ideas on how to complete the above two steps.
Thanks again for your help,
Regards,
Robert Ramoutar.
This email is intended for the intended recipient(s) and may contain
confidential information.
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
the sender. If you are not the intended recipient, please notify the sender
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the
sender's
prior permission.
________________________________
From: Alexandru Duzsardi
<alexandru.duzsa...@pitechnologies.ro><mailto:alexandru.duzsa...@pitechnologies.ro>
Sent: Thursday, November 3, 2016 10:49 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] Install and Configure Apache on Windows Server
Hi ,
I think is a good starting point
http://httpd.apache.org/docs/2.4/platform/windows.html
Using Apache HTTP Server on Microsoft Windows - Apache
...<http://httpd.apache.org/docs/2.4/platform/windows.html>
httpd.apache.org
This document explains how to install, configure and run Apache 2.4 under
Microsoft Windows. If you have questions after reviewing the documentation (and
any event ...
It’s pretty straight forward , download the installer from one of those links
http://httpd.apache.org/docs/2.4/platform/windows.html#down
Install like any other software
Install the windows serverice for apache
http://httpd.apache.org/docs/2.4/platform/windows.html#winsvc , and set it to
start automatically
Anything else is pretty much the same on any platform
http://httpd.apache.org/docs/2.4/ , just be careful with the PATH’s
Apache HTTP Server Version 2.4 Documentation<http://httpd.apache.org/docs/2.4/>
httpd.apache.org
Copyright 2016 The Apache Software Foundation. Licensed under the Apache
License, Version 2.0. Modules | Directives | FAQ | Glossary | Sitemap
----
From: Robert Ramoutar [mailto:robert_ramou...@hotmail.com]
Sent: Thursday, November 3, 2016 4:42 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] Install and Configure Apache on Windows Server
Hello all,
I have been tasked with Installing and Configuring Apache 2.4 on a windows
server for the following purpose:
1. Configure SSL through apache
2. Apache Tomcat also installed on server to handle web request to a specific
web application - MySQL db also on the same server.
How does one go about installing and configuring SSL through apache 2.4 on
Windows Server 2012?
I have read so many documents and so many questions on forums etc and is now
more confused than before.
Can someone please outline the steps require and if possible how to perform
these steps for apache in Windows.
Thanks.
Regards,
Robert Ramoutar.
This email is intended for the intended recipient(s) and may contain
confidential information.
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
the sender. If you are not the intended recipient, please notify the sender
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the
sender's
prior permission.
________________________________
From: users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org>
<users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org>>
Sent: Thursday, November 3, 2016 10:35 AM
To: robert_ramou...@hotmail.com<mailto:robert_ramou...@hotmail.com>
Subject: WELCOME to users@httpd.apache.org<mailto:users@httpd.apache.org>
Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org<mailto:users@httpd.apache.org> mailing list.
PLEASE READ! This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.
I have added the address
robert_ramou...@hotmail.com<mailto:robert_ramou...@hotmail.com>
to the users mailing list.
Welcome to users@httpd.apache.org<mailto:users@httpd.apache.org>!
Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.
This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues. It is NOT,
repeat NOT, an official support medium of the Foundation. Please
take a look at
<URL:http://httpd.apache.org/userslist.html
to see details about how this list is to be used.
Posting is only permitted by subscribed addresses as an anti-spam
measure. The list is moderated by volunteers from the Apache Software
Foundation; moderation will mostly be notable by its absence.
However, blatant abuse of the forum's purpose or the sensibilities
of the subscribers will not be tolerated. Any actions taken
by the moderators is final, solely at their discretion, and not
subject to formal appeal.
So.. be excellent to each other, and party on!
--- Administrative commands for the users list ---
I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:
To subscribe to the list, send a message to:
<users-subscr...@httpd.apache.org>
To remove your address from the list, send a message to:
<users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org>>
Send mail to the following for info and FAQ for this list:
<users-i...@httpd.apache.org<mailto:users-i...@httpd.apache.org>>
<users-...@httpd.apache.org<mailto:users-...@httpd.apache.org>>
Similar addresses exist for the digest list:
<users-digest-subscr...@httpd.apache.org<mailto:users-digest-subscr...@httpd.apache.org>>
<users-digest-unsubscr...@httpd.apache.org<mailto:users-digest-unsubscr...@httpd.apache.org>>
To get messages 123 through 145 (a maximum of 100 per request), mail:
<users-get.123_...@httpd.apache.org<mailto:users-get.123_...@httpd.apache.org>>
To get an index with subject and author for messages 123-456 , mail:
<users-index.123_...@httpd.apache.org<mailto:users-index.123_...@httpd.apache.org>>
They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.
To receive all messages with the same subject as message 12345,
send a short message to:
<users-thread.12...@httpd.apache.org<mailto:users-thread.12...@httpd.apache.org>>
The messages should contain one line or word of text to avoid being
treated as sp@m, but I will ignore their content.
Only the ADDRESS you send to is important.
You can start a subscription for an alternate address,
for example "john@host.domain<mailto:john@host.domain>", just add a hyphen and
your
address (with '=' instead of '@') after the command word:
<users-subscribe-john=host.dom...@httpd.apache.org<mailto:users-subscribe-john=host.dom...@httpd.apache.org>>
To stop subscription for this address, mail:
<users-unsubscribe-john=host.dom...@httpd.apache.org<mailto:users-unsubscribe-john=host.dom...@httpd.apache.org>>
In both cases, I'll send a confirmation message to that address. When
you receive it, simply reply to it to complete your subscription.
If despite following these instructions, you do not get the
desired results, please contact my owner at
users-ow...@httpd.apache.org<mailto:users-ow...@httpd.apache.org>. Please be
patient, my owner is a
lot slower than I am ;-)
--- Enclosed is a copy of the request I received.
Return-Path: <robert_ramou...@hotmail.com<mailto:robert_ramou...@hotmail.com>>
Received: (qmail 22078 invoked by uid 99); 3 Nov 2016 14:35:43 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
spamd4-us-west.apache.org) (209.188.14.142)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Nov 2016 14:35:43 +0000
Received: from localhost (localhost [127.0.0.1])
by spamd4-us-west.apache.org (ASF Mail Server at
spamd4-us-west.apache.org) with ESMTP id 93C13C12BA
for
<users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org<mailto:users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org>>;
Thu, 3 Nov 2016 14:35:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=6.31
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001,
RP_MATCHES_RCVD=-2.999, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
port 10024)
with ESMTP id lmnCdw_0glZR
for
<users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org<mailto:users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org>>;
Thu, 3 Nov 2016 14:35:38 +0000 (UTC)
Received: from COL004-OMC1S15.hotmail.com (col004-omc1s15.hotmail.com
[65.55.34.25])
by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with
ESMTPS id 3AD9C5FD01
for
<users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org<mailto:users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org>>;
Thu, 3 Nov 2016 14:35:37 +0000 (UTC)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com ([65.55.34.8]) by
COL004-OMC1S15.hotmail.com over TLS secured channel with Microsoft
SMTPSVC(7.5.7601.23008);
Thu, 3 Nov 2016 07:35:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=HnL45X3/NoE4wrc/02/wjec4XoTgHH7M2W5E3o8BYtM=;
b=fdotrFLmERmzS7uaZ+6HTvUAhmqqzfCLnSN2uxpvkzCrmPy0ctwl/INSVylE8C9PxosxyYnswg5qvn+Li8ftVQ9Rd1x2/ureuyaQCbeKDp8FCwFMCgf8UR9Lw/mrLqu7lajZRAEBu30dECml2pye2gt7mD3zumVoqA+h3KFlEhWrHKzS5CgdSOpShzS1iwWzLdGanveo8pmehw3LpR/2o73dKNcQMsgfnLe4vYJrr9MLbdGYsAG3W0EcPBPiKDlf+hXzKXyXOjkDCGI5WdTAsZw1vhVlYV/9i+MzIadjysQPM0ZEykLDG1MpvoSkG/1MrFTnkpaU1+tY6cUsI0zZUA==
Received: from CO1NAM03FT039.eop-NAM03.prod.protection.outlook.com
(10.152.80.53) by CO1NAM03HT045.eop-NAM03.prod.protection.outlook.com
(10.152.81.55) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.3; Thu, 3 Nov
2016 14:35:04 +0000
Received: from SN1PR17MB0381.namprd17.prod.outlook.com (10.152.80.54) by
CO1NAM03FT039.mail.protection.outlook.com (10.152.81.202) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.707.3 via Frontend Transport; Thu, 3 Nov 2016 14:35:04 +0000
Received: from SN1PR17MB0381.namprd17.prod.outlook.com ([10.163.223.146]) by
SN1PR17MB0381.namprd17.prod.outlook.com ([10.163.223.146]) with mapi id
15.01.0693.009; Thu, 3 Nov 2016 14:35:04 +0000
From: Robert Ramoutar
<robert_ramou...@hotmail.com<mailto:robert_ramou...@hotmail.com>>
To:
"users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org<mailto:users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org>"
<users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org<mailto:users-sc.1478183343.jikkijpbomggnfdjlkmj-Robert_Ramoutar=hotmail....@httpd.apache.org>>
Subject: Re: confirm subscribe to
users@httpd.apache.org<mailto:users@httpd.apache.org>
Thread-Topic: confirm subscribe to
users@httpd.apache.org<mailto:users@httpd.apache.org>
Thread-Index: AQHSNd6je7noe+ujykG9ZqB8z9gZPqDHUy43
Date: Thu, 3 Nov 2016 14:35:04 +0000
Message-ID:
<sn1pr17mb03814273d2ebdc86811159318f...@sn1pr17mb0381.namprd17.prod.outlook.com<mailto:sn1pr17mb03814273d2ebdc86811159318f...@sn1pr17mb0381.namprd17.prod.outlook.com>>
References:
<1478183343.99748.ez...@httpd.apache.org<mailto:1478183343.99748.ez...@httpd.apache.org>>
In-Reply-To:
<1478183343.99748.ez...@httpd.apache.org<mailto:1478183343.99748.ez...@httpd.apache.org>>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: httpd.apache.org; dkim=none (message not signed)
header.d=none;httpd.apache.org; dmarc=none action=none
header.from=hotmail.com;
x-incomingtopheadermarker:
OriginalChecksum:5ED0FEB0316F11B988590D2CFCB2454E169E7D6530314186DE33E1A80CC1DF38;UpperCasedChecksum:B6F0B440F5A85BD3F02FACB962E3265ACD92B1F758E900C235F58373E370B080;SizeAsReceived:7391;Count:38
x-tmn: [H3dbSNIbp4KHsw7dJq6DSU0wlNTaNW0EPH3PXb3o1mo=]
x-incomingheadercount: 38
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics:
1;CO1NAM03HT045;5:hrPmnmerba2biI5MzVyFs/obtLPyPWsnnNAPb81Pv5A2p1Kuet+vIhavMShR987BX02T1E2sT2e2hD7pIAhTafgoQ/u8jGlFkkMXnRRMEB6SpY5LdjbOYd2jCzmi5KR66D5n3MfIASRtlCNV+GqtguCDrkAhAuNymYX+CoZTrlk=;24:dxl579oaBX39gHlyOjBq/byu/ogwNhu8rZQFrorGLR69INLSRHDwbjKxsDpdlDte80DdMUeMbQwx957UMjRdaRFIFNJ5d2pCvio8uobscEs=;7:LT2cbh+jkT9Ls3glpiNpGZUNlUhMPBF/T9scwe6Z0VQnlZO1KigGgLT87aWeUnID/9XbMXT0epjoyP47Avjc1C5XBxEIPO9ib3ikPmHeVDskA5qMu1bcGSeL6+0a/OEgeSHZEba3qANQLLThou/GehMXwY44MhwxoAsy4tkaZ8YIVfEbjgCuWzgGC76059yXInDm2gEwN5jHocv8D3K4/e4HeQdt3+gYs7sA8LdvWD8u8Sk/UGViO4rMeOM1H718HPHCCbVXJCIwPF6rba1DncAv6hkmCe22ZrbFwwu5rIV+fXjtZLuoz9QkfsF52EVrX8FN40zdg1cR5WkmrE33uT2aDLsFT7tihZsfmJqt3zY=
x-forefront-antispam-report:
EFV:NLI;SFV:NSPM;SFS:(10019020)(98900003);DIR:OUT;SFP:1102;SCL:1;SRVR:CO1NAM03HT045;H:SN1PR17MB0381.namprd17.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: 8277fdd0-a837-46ca-4e5e-08d403f699bb
x-microsoft-antispam:
UriScan:;BCL:0;PCL:0;RULEID:(1601124038)(5061506232)(5061507235)(1603103103)(1601125047)(1603101340);SRVR:CO1NAM03HT045;
x-exchange-antispam-report-cfa-test:
BCL:0;PCL:0;RULEID:(432015012)(82015046);SRVR:CO1NAM03HT045;BCL:0;PCL:0;RULEID:;SRVR:CO1NAM03HT045;
x-forefront-prvs: 011579F31F
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
boundary="_000_SN1PR17MB03814273D2EBDC86811159318FA30SN1PR17MB0381namp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2016 14:35:04.0768
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT045
X-OriginalArrivalTime: 03 Nov 2016 14:35:06.0104 (UTC)
FILETIME=[78652780:01D235DF]
