The Apache Haus Forum

Forum Topics => Apache 2.2 => Topic started by: spil on March 13, 2015, 09:36:45 PM

Title: Problem with x86 2.2.29 build and Sha256 hashed certs
Post by: spil on March 13, 2015, 09:36:45 PM
Hi,

Just received a new set of signed certs (with sha256 hash) and trying to implement these on a Win2k3 x86 system with the ApacheLounge 2.2.29 1.0.1l build

Looks like an issue with Windows, the binary version from ApacheLounge behaves exactly the same although that's a VC10 compiled  binary.

Any help appreciated!
Title: Re: Problem with x86 2.2.29 build and Sha256 hashed certs
Post by: Gregg on March 13, 2015, 11:15:39 PM
Sometime you just don't get errors.

If not in the error log, you can look at the Windows Event viewer. If that doesn't work then try starting apache normally from the command line, just type httpd and press Enter. If that gives you nothing then there's LogLevel Debug.

I know SHA2 certificates do not work in Windows XP/2k3, but I think that is only for IIS & IE. I have SHA 256 certs on 2k3 working on Apache 2.4.12.

I'm curious, if you grabbed these certificates from the freebsd machine and dropped them into W2k3, it might possibly be a line ending dilemma. I'd make another copy and run unix2dos on them and give those a go. Other than that, it's just rolling dice.

I just gave it a try on Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1l Win2k3 and it works with the same certs.
Title: Re: Problem with x86 2.2.29 build and Sha256 hashed certs
Post by: spil on March 13, 2015, 11:33:00 PM
If not in the error log, you can look at the Windows Event viewer. If that doesn't work then try starting apache normally from the command line, just type httpd and press Enter. If that gives you nothing then there's LogLevel Debug.
Tried that and httpd -w -e debug nothing additional shows.
EventLog only shows Disabled use of AcceptEx()

I know SHA2 certificates do not work in Windows XP/2k3, but I think that is only for IIS & IE. I have SHA 256 certs on 2k3 working on Apache 2.4.12.
Yes, same certificate/key with 2.4.12 (ApacheLounge build) works fine.

I'm curious, if you grabbed these certificates from the freebsd machine and dropped them into W2k3, it might possibly be a line ending dilemma. I'd make another copy and run unix2dos on them and give those a go. Other than that, it's just rolling dice.
Works in 2.4.12, works with openssl s_server, did modify line-ends Win to Unix no dice :/

I just gave it a try on Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1l Win2k3 and it works with the same certs.
I have both VeriSign and a GlobalSign key/cert, neither seem to work.

??? ??? ??? *sigh*

Sorry. Bit terse, frustration shining through...

Seems the 2.4.12 install stopped crashing (runs on test box) after I have disabled certificate logins... Not running long enough without problems yet to move production :/

Thanks!
Title: Re: Problem with x86 2.2.29 build and Sha256 hashed certs
Post by: Gregg on March 13, 2015, 11:45:12 PM
Works in 2.4.12, works with openssl s_server, did modify line-ends Win to Unix no dice :/

Unix -> Win, not the reverse. I assume that's a typo but making sure.

If only 2.2 had the trace level logging like 2.4 does.