<li><p>Apache for Windows contains the ability to load modules at
runtime, without recompiling the server. If Apache is compiled
normally, it will install a number of optional modules in the
- <code>\Apache2\modules</code> directory. To activate these or
+ <code>\Apache2.2\modules</code> directory. To activate these or
other modules, the new <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>
directive must be used. For example, to activate the status
module, use the following (in addition to the status-activating
the command prompt at the Apache <code>bin</code> subdirectory:</p>
<div class="example"><p><code>
- httpd -k install
+ httpd.exe -k install
</code></p></div>
<p>If you need to specify the name of the service you want to
computer.</p>
<div class="example"><p><code>
- httpd -k install -n "MyServiceName"
+ httpd.exe -k install -n "MyServiceName"
</code></p></div>
<p>If you need to have specifically named configuration files for
different services, you must use this:</p>
<div class="example"><p><code>
- httpd -k install -n "MyServiceName" -f "c:\files\my.conf"
+ httpd.exe -k install -n "MyServiceName" -f "c:\files\my.conf"
</code></p></div>
<p>If you use the first command without any special parameters except
<p>Removing an Apache service is easy. Just use:</p>
<div class="example"><p><code>
- httpd -k uninstall
+ httpd.exe -k uninstall
</code></p></div>
<p>The specific Apache service to be uninstalled can be specified by using:</p>
<div class="example"><p><code>
- httpd -k uninstall -n "MyServiceName"
+ httpd.exe -k uninstall -n "MyServiceName"
</code></p></div>
<p>Normal starting, restarting and shutting down of an Apache
service's configuration file by using:</p>
<div class="example"><p><code>
- httpd -n "MyServiceName" -t
+ httpd.exe -n "MyServiceName" -t
</code></p></div>
<p>You can control an Apache service by its command line switches,
too. To start an installed Apache service you'll use this:</p>
<div class="example"><p><code>
- httpd -k start
+ httpd.exe -k start
</code></p></div>
<p>To stop an Apache service via the command line switches, use
this:</p>
<div class="example"><p><code>
- httpd -k stop
+ httpd.exe -k stop
</code></p></div>
<p>or</p>
<div class="example"><p><code>
- httpd -k shutdown
+ httpd.exe -k shutdown
</code></p></div>
<p>You can also restart a running service and force it to reread
its configuration file by using:</p>
<div class="example"><p><code>
- httpd -k restart
+ httpd.exe -k restart
</code></p></div>
<p>By default, all Apache services are registered to run as the
in the background. If you run the command</p>
<div class="example"><p><code>
- httpd -n "MyServiceName" -k start
+ httpd.exe -n "MyServiceName" -k start
</code></p></div>
<p>via a shortcut on your desktop, for example, then if the
use the following command:</p>
<div class="example"><p><code>
- apache
+ httpd.exe
</code></p></div>
<p>Apache will execute, and will remain running until it is stopped
window and entering:</p>
<div class="example"><p><code>
- httpd -k shutdown
+ httpd.exe -k shutdown
</code></p></div>
<p>This should be preferred over pressing Control-C because this
complete without interruption. To restart Apache, use:</p>
<div class="example"><p><code>
- httpd -k restart
+ httpd.exe -k restart
</code></p></div>
<div class="note">Note for people familiar with the Unix version of Apache:
<p>If the Apache console window closes immediately or unexpectedly
after startup, open the Command Prompt from the Start Menu -->
Programs. Change to the folder to which you installed Apache, type
- the command <code>httpd</code>, and read the error message. Then
+ the command <code>httpd.exe</code>, and read the error message. Then
change to the logs folder, and review the <code>error.log</code>
file for configuration mistakes. If you accepted the defaults when
you installed Apache, the commands would be:</p>
<div class="example"><p><code>
c: <br />
cd "\Program Files\Apache Software Foundation\Apache2.2\bin" <br />
- httpd
+ httpd.exe
</code></p></div>
<p>Then wait for Apache to stop, or press Control-C. Then enter the
a particular configuration file:</p>
<div class="example"><p><code>
- httpd -f "c:\my server files\anotherconfig.conf"
+ httpd.exe -f "c:\my server files\anotherconfig.conf"
</code></p></div>
<p>or</p>
<div class="example"><p><code>
- httpd -f files\anotherconfig.conf
+ httpd.exe -f files\anotherconfig.conf
</code></p></div></li>
<li><p><code>-n</code> specifies the installed Apache service
whose configuration file is to be used:</p>
<div class="example"><p><code>
- httpd -n "MyServiceName"
+ httpd.exe -n "MyServiceName"
</code></p></div>
</li>
</ul>
invoking Apache with the <code>-V</code> switch, like this:</p>
<div class="example"><p><code>
- httpd -V
+ httpd.exe -V
</code></p></div>
<p>Apache will then try to determine its <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code> by trying the following, in this order:</p>
<li>The server root compiled into the server. This is <code>
/apache</code> by default, you can verify it by using <code>
- httpd -V</code> and looking for a value labelled as
+ httpd.exe -V</code> and looking for a value labelled as
<code>HTTPD_ROOT</code>.</li>
</ol>
<p>If you happen to be running Apache on an alternate port, you
need to explicitly put that in the URL:</p>
-
+
<div class="example"><p><code>
- http://127.0.0.1:8080/
+ http://127.0.0.1:8080/
</code></p></div>
<p>Once your basic installation is working, you should configure it
<h2><a name="about" id="about">About The Module</a></h2>
<ul>
<li><a href="#history">What is the history of mod_ssl?</a></li>
-<li><a href="#y2k">mod_ssl and Year 2000?</a></li>
<li><a href="#wassenaar">mod_ssl and Wassenaar Arrangement?</a></li>
</ul>
<li><a href="#mutex">Why do I get permission errors related to
SSLMutex when I start Apache?</a></li>
<li><a href="#entropy">Why does mod_ssl stop with the error "Failed to
-generate temporary 512 bit RSA private key", when I start Apache?</a></li>
+generate temporary 512 bit RSA private key" when I start Apache?</a></li>
</ul>
<h3><a name="mutex" id="mutex">Why do I get permission errors related to
<h3><a name="entropy" id="entropy">Why does mod_ssl stop with the error
- "Failed to generate temporary 512 bit RSA private key", when I start
+ "Failed to generate temporary 512 bit RSA private key" when I start
Apache?</a></h3>
<p>Cryptographic software needs a source of unpredictable data
to work correctly. Many open source operating systems provide
<p>To prevent this error, <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> has to provide
enough entropy to the PRNG to allow it to work correctly. This can
be done via the <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code>
- directives.</p>
+ directive.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<li><a href="#httpstest">How do I speak HTTPS manually for testing
purposes?</a></li>
<li><a href="#hang">Why does the connection hang when I connect to my
-SSL-aware Apache server</a></li>
+SSL-aware Apache server?</a></li>
<li><a href="#refused">Why do I get ``Connection Refused'' errors, when
trying to access my newly installed Apache+mod_ssl server via HTTPS?</a></li>
<li><a href="#envvars">Why are the <code>SSL_XXX</code> variables not
port 80, HTTPS to port 443), so there is no direct conflict between
them. You can either run two separate server instances bound to
these ports, or use Apache's elegant virtual hosting facility to
- create two virtual servers over one instance of Apache - one
- responding to requests on port 80 and speaking HTTP and the other
- responding to requests on port 443 speaking HTTPS.</p>
+ create two virtual servers, both served by the same instance of Apache
+ - one responding over HTTP to requests on port 80, and the other
+ responding over HTTPS to requests on port 443.</p>
<h3><a name="ports" id="ports">Which port does HTTPS use?</a></h3>
<p>You can run HTTPS on any port, but the standards specify port 443, which
is where any HTTPS compliant browser will look by default. You can force
- your browser to look on a different port by specifying it in the URL like
- this (for port 666): <code>https://secure.server.dom:666/</code></p>
+ your browser to look on a different port by specifying it in the URL. For
+ example, if your server is set up to serve pages over HTTPS on port 8080,
+ you can access them at <code>https://example.com:8080/</code></p>
<h3><a name="httpstest" id="httpstest">How do I speak HTTPS manually for testing purposes?</a></h3>
<p>for simple testing of Apache via HTTP, it's not so easy for
HTTPS because of the SSL protocol between TCP and HTTP. With the
help of OpenSSL's <code>s_client</code> command, however, you can
- do a similar check for HTTPS:</p>
+ do a similar check via HTTPS:</p>
<div class="example"><p><code>$ openssl s_client -connect localhost:443 -state -debug<br />
GET / HTTP/1.0</code></p></div>
-
- <p>Before the actual HTTP response you will receive detailed
- information about the SSL handshake. For a more general command
- line client which directly understands both HTTP and HTTPS, can
- perform GET and POST operations, can use a proxy, supports byte
- ranges, etc. you should have a look at the nifty
- <a href="http://curl.haxx.se/">cURL</a> tool. Using this, you can
- check that Apache is responding correctly on ports 80 and 443 as
- follows:</p>
-
+
+ <p>Before the actual HTTP response you will receive detailed
+ information about the SSL handshake. For a more general command
+ line client which directly understands both HTTP and HTTPS, can
+ perform GET and POST operations, can use a proxy, supports byte
+ ranges, etc. you should have a look at the nifty
+ <a href="http://curl.haxx.se/">cURL</a> tool. Using this, you can
+ check that Apache is responding correctly to requests via HTTP and
+ HTTPS as follows:</p>
+
<div class="example"><p><code>$ curl http://localhost/<br />
$ curl https://localhost/</code></p></div>
<h3><a name="hang" id="hang">Why does the connection hang when I connect
to my SSL-aware Apache server?</a></h3>
-<p>Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
- the form ``<code>http://</code>'' instead of ``<code>https://</code>''.
- This also happens the other way round when you connect via HTTPS to a HTTP
- port, i.e. when you try to use ``<code>https://</code>'' on a server that
- doesn't support SSL (on this port). Make sure you are connecting to a
- virtual server that supports SSL, which is probably the IP associated with
- your hostname, not localhost (127.0.0.1).</p>
+<p>This can happen when you try to connect to a HTTPS server (or virtual
+ server) via HTTP (eg, using <code>http://example.com/</code> instead of
+ <code>https://example.com</code>). It can also happen when trying to
+ connect via HTTPS to a HTTP server (eg, using
+ <code>https://example.com/</code> on a server which doesn't support HTTPS,
+ or which supports it on a non-standard port). Make sure that you're
+ connecting to a (virtual) server that supports SSL.</p>
<h3><a name="refused" id="refused">Why do I get ``Connection Refused'' messages,
when trying to access my newly installed Apache+mod_ssl server via HTTPS?</a></h3>
-<p>This can happen for various reasons. The most common mistakes
- include starting Apache with just <code>apachectl start</code> (or
- <code class="program"><a href="../programs/httpd.html">httpd</a></code>) instead of <code>apachectl startssl</code> (or
- <code>httpd -DSSL</code>). Your configuration may also be incorrect.
+<p>
+ This error can be caused by an incorrect configuration.
Please make sure that your <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives match your
<code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>
directives. If all else fails, please start afresh, using the default
<p>This rewrite ruleset lets you use hyperlinks of the form
<code><a href="document.html:SSL"></code>, to switch to HTTPS
- in a relative link.</p>
+ in a relative link. (Replace SSL with NOSSL to switch to HTTP.)</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<li><a href="#keyscerts">What are RSA Private Keys, CSRs and
Certificates?</a></li>
<li><a href="#startup">Is there a difference on startup between
-the original Apache and an SSL-aware Apache?</a></li>
+a non-SSL-aware Apache and an SSL-aware Apache?</a></li>
<li><a href="#selfcert">How do I create a self-signed SSL
Certificate for testing purposes?</a></li>
<li><a href="#realcert">How do I create a real SSL Certificate?</a></li>
<h3><a name="startup" id="startup">Is there a difference on startup between
- the original Apache and an SSL-aware Apache?</a></h3>
+ a non-SSL-aware Apache and an SSL-aware Apache?</a></h3>
<p>Yes. In general, starting Apache with
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> built-in is just like starting Apache
without it. However, if you have a passphrase on your SSL private
can be problematic - for example, when starting the server from the
system boot scripts. In this case, you can follow the steps
<a href="#removepassphrase">below</a> to remove the passphrase from
- your private key.</p>
+ your private key. Bear in mind that doing so brings additional security
+ risks - proceed with caution!</p>
<h3><a name="selfcert" id="selfcert">How do I create a self-signed SSL
<h3><a name="removepassphrase" id="removepassphrase">How can I get rid of the pass-phrase dialog at Apache startup time?</a></h3>
<p>The reason this dialog pops up at startup and every re-start
is that the RSA private key inside your server.key file is stored in
- encrypted format for security reasons. The pass-phrase is needed decrypt
+ encrypted format for security reasons. The pass-phrase is needed to decrypt
this file, so it can be read and parsed. Removing the pass-phrase
removes a layer of security from your server - proceed with caution!</p>
<ol>
bad certificate" error?</a></h3>
<p>Errors such as <code>OpenSSL: error:14094412: SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate</code> in the SSL
- logfile, are usually caused a browser which is unable to handle the server
+ logfile, are usually caused by a browser which is unable to handle the server
certificate/private-key. For example, Netscape Navigator 3.x is
unable to handle RSA key lengths not equal to 1024 bits.</p>
certificate to a file, and give the name of that file to the
<code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> directive.
You will also need to give it the key file. For more information,
- see the <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
+ see the <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
directive.</p>
<dt>In case of core dumps please include a Backtrace</dt>
<dd>If your Apache+mod_ssl+OpenSSL dumps its core, please attach
a stack-frame ``backtrace'' (see <a href="#backtrace">below</a>
- for information on how to get this). Without this information, the
- reason for your core dump cannot be found
+ for information on how to get this). This information is required
+ in order to find a reason for your core dump.
</dd>
<dt>A detailed description of your problem</dt>
projects / thirdparty / apache / httpd.git / commitdiff
