[SOLVED] Installing SSL on Apache - Syntax Error in openssl.cnf

Issue

I'm trying to learn how to get ssl up and running on an apache 2.4 webserver (Windows Server 2012). I had the web server and PHP up and running perfectly fine without SSL.

• I Generated my cert and key and placed them in C:\Apache24\conf
• I Modified httpd.conf in the following way:

LoadModule ssl_module modules/mod_ssl.so
Include C:/Apache24/conf/openssl.cnf

• I modified c:/Apache24/conf/extra/httpd-ssl.conf in the following way:

SSLCertificateFile "c:/Apache24/conf/server.crt" SSLCertificateKeyFile "c:/Apache24/conf/server.key" DocumentRoot "c:/Apache24/htdocs"

• Added the following System Environment Variable

Variable Name: OPENSSL_CONF Variable Value: C:\Apache24\conf\openssl.cnf

I've hit a point where apache will not start due to the following error.

running httpd -t in powershell gives the result:

: Syntax error on line 8 of C:/Apache24/conf/openssl.cnf:
Invalid command 'HOME', perhaps misspelled or defined by a module not included in the server configuration

The following are lines 6 through 9 of openssl.cnf ( I have not modified this file. )

# This definition stops the following lines choking if HOME isn't
# defined.
HOME            = .
RANDFILE        = $ENV::HOME/.rnd

Any help is appreciated. Thanks !

Solution

You are basically trying to include a third party config file inside httpd configuration, which will never yield a good result because Apache httpd will never recognize what's in there. Remove that include.

If you want to add system variables you can use PassEnv directive from mod_env module.

To get SSL up and running all you need is a SSL virtualhost like this:

In your server config something like:

LoadModule ssl_module modules/mod_ssl.so
<IfModule mod_ssl.c>
        Listen 443
        LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
        SSLProtocol all -SSLv3
        SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
        SSLHonorCipherOrder     on
        SSLCompression          off
        SSLSessionTickets       off
        SSLRandomSeed startup file:/dev/urandom 2048 # perhaps this need to be adapted for windows
        SSLRandomSeed connect file:/dev/urandom 2048 # same with this
        SSLSessionCache shmcb:/path/to/logs/ssl_gcache_data(512000)
</IfModule>

And the Virtualhost:

<Virtualhost *:443>
ServerName myssllvh.example.com
DocumentRoot /filesystem/path/to/docroot
CustomLog /path/to/logs/mysslvh.log combined
ErrorLog /path/to/logs/mysslvh-error.log

SSLEngine on
SSLCertificateFile /path/to/certs/mysslvh.crt
SSLCertificateKeyFile /path/to/certs/mysslvh.key

# Other stuff here
</VirtualHost>

Answered By - ezra-s

Answer Checked By - Mildred Charles (WPSolving Admin)