The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: Problem with x86 2.2.29 build and Sha256 hashed certs  (Read 3389 times)

spil

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
Problem with x86 2.2.29 build and Sha256 hashed certs
« on: March 13, 2015, 09:36:45 PM »

Hi,

Just received a new set of signed certs (with sha256 hash) and trying to implement these on a Win2k3 x86 system with the ApacheLounge 2.2.29 1.0.1l build
  • it won't start up, not log anything in error log.
  • httpd -t doesn't return any issues
  • httpd -w -e debug loads modules up to mod_ssl and then dies without any message
  • using the same key/cert with the openssl s_server is OK
  • Same key/cert is OK on a FreeBSD 10.1 i386 Apache 2.2.28 / OpenSSL 1.0.1l

Looks like an issue with Windows, the binary version from ApacheLounge behaves exactly the same although that's a VC10 compiled  binary.

Any help appreciated!
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 828
Re: Problem with x86 2.2.29 build and Sha256 hashed certs
« Reply #1 on: March 13, 2015, 11:15:39 PM »

Sometime you just don't get errors.

If not in the error log, you can look at the Windows Event viewer. If that doesn't work then try starting apache normally from the command line, just type httpd and press Enter. If that gives you nothing then there's LogLevel Debug.

I know SHA2 certificates do not work in Windows XP/2k3, but I think that is only for IIS & IE. I have SHA 256 certs on 2k3 working on Apache 2.4.12.

I'm curious, if you grabbed these certificates from the freebsd machine and dropped them into W2k3, it might possibly be a line ending dilemma. I'd make another copy and run unix2dos on them and give those a go. Other than that, it's just rolling dice.

I just gave it a try on Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1l Win2k3 and it works with the same certs.
Logged

spil

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
Re: Problem with x86 2.2.29 build and Sha256 hashed certs
« Reply #2 on: March 13, 2015, 11:33:00 PM »

If not in the error log, you can look at the Windows Event viewer. If that doesn't work then try starting apache normally from the command line, just type httpd and press Enter. If that gives you nothing then there's LogLevel Debug.
Tried that and httpd -w -e debug nothing additional shows.
EventLog only shows Disabled use of AcceptEx()

I know SHA2 certificates do not work in Windows XP/2k3, but I think that is only for IIS & IE. I have SHA 256 certs on 2k3 working on Apache 2.4.12.
Yes, same certificate/key with 2.4.12 (ApacheLounge build) works fine.

I'm curious, if you grabbed these certificates from the freebsd machine and dropped them into W2k3, it might possibly be a line ending dilemma. I'd make another copy and run unix2dos on them and give those a go. Other than that, it's just rolling dice.
Works in 2.4.12, works with openssl s_server, did modify line-ends Win to Unix no dice :/

I just gave it a try on Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1l Win2k3 and it works with the same certs.
I have both VeriSign and a GlobalSign key/cert, neither seem to work.

??? ??? ??? *sigh*

Sorry. Bit terse, frustration shining through...

Seems the 2.4.12 install stopped crashing (runs on test box) after I have disabled certificate logins... Not running long enough without problems yet to move production :/

Thanks!
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 828
Re: Problem with x86 2.2.29 build and Sha256 hashed certs
« Reply #3 on: March 13, 2015, 11:45:12 PM »

Works in 2.4.12, works with openssl s_server, did modify line-ends Win to Unix no dice :/

Unix -> Win, not the reverse. I assume that's a typo but making sure.

If only 2.2 had the trace level logging like 2.4 does.
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13