I purchased a certificate from Godaddy, and i received a .crt file along with .p7b file (PKCS#7).
And here is my configuration under https-ssl.conf file
<VirtualHost *:443>
----
SSLEngine on
SSLCipherSuite DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA
SSLCertificateFile "conf/extra/blablabla.crt"
SSLCertificateChainFile "conf/extra/gd-g2_iis_intermediates.p7b"
When i try to start Apache server, i receive the following errors in error log:
-
SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/xampp/apache/conf/extra/blablabla.crt),
-
AH02564: Failed to configure encrypted (?) private key
I am under Windows Server 2012 environment, with Xampp Apache 2.4 installed. Can anyone let me know what is causing the issue with the SSL configuration?
Best Answer
Apparently blablabla.crt contains the privatekey (which is permitted though not recommended) and the key is encrypted and thus requires a password (which apparently doesn't work on Windows; see for example https://support.quovadisglobal.com/kb/a90/i-get-error-message-error-init-sslpassphrasedialog-builtin-is-not-supported-on-win32.aspx )
Extract the privatekey and decrypt it (unless you already have it e.g. from the CSR generation step) and put the decrypted version back in the file, or remove it from that file and put/leave the decrypted version in a separate file (named something meaningful like blablabla.key) and specify it in
SSLCertificateKeyFile
. In either case for security make sure the ACL on the file containing the decrypted key is as restrictive as possible. With recent OpenSSL (1.0.0+) you can decrypt with one ofFor OpenSSL 0.9.x instead of
pkey
useHowever, Apache (via OpenSSL) does not support p7b format for certificate chains, although 2.4.8+ should support chain certs in
SSLCertificateFile
without separateSSLCertificateChainFile
. First dothen either use that new file as
SSLCertificateChainFile
or append it to the file you are using asSSLCertificateFile
namely blablabla.crt .PS: I assume XAMPP (which I don't use myself) gives you openssl commandline. If not, there's a good Windows build of OpenSSL (free) at http://www.slproweb.com/products/Win32OpenSSL.html