<br />
    </li>
    </ol>

    <p>Now <code>server.key</code> contains an unencrypted copy of the key.
    If you point your server at this file, it will not prompt you for a
    pass-phrase. HOWEVER, if anyone gets this key they will be able to
    impersonate you on the net. PLEASE make sure that the permissions on this
    file are such that only root or the web server user can read it
    (preferably get your web server to start as root but run as another
    user, and have the key readable only by root).</p>
    
    <p>As an alternative approach you can use the ``<code>SSLPassPhraseDialog
    exec:/path/to/program</code>'' facility. Bear in mind that this is
    neither more nor less secure, of course.</p>


<h3><a name="verify" id="verify">How do I verify that a private key matches its Certificate?</a></h3>
<p>A private key contains a series of numbers. Two of these numbers form
    the "public key", the others are part of the "private key". The "public
    key" bits are included when you generate a CSR, and subsequently form
    part of the associated Certificate.</p>
    <p>To check that the public key in your Certificate matches the public
    portion of your private key, you simply need to compare these numbers. 
    To view the Certificate and the key run the commands:</p>
    
    <p><code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br />
    <code><strong>$ openssl rsa -noout -text -in server.key</strong></code></p>
    
    <p>The `modulus' and the `public exponent' portions in the key and the
    Certificate must match. As the public exponent is usually 65537
    and it's difficult to visually check that the long modulus numbers
    are the same, you can use the following approach:</p>
    
    <p><code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br />
    <code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code></p>
    
    <p>This leaves you with two rather shorter numbers to compare. It is,
    in theory, possible that these numbers may be the same, without the 
    modulus numbers being the same, but the chances of this are 
    overwhelmingly remote.</p>
    <p>Should you wish to check to which key or certificate a particular 
    CSR belongs you can perform the same calculation on the CSR as 
    follows:</p>
    
    <p><code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code></p>


<h3><a name="badcert" id="badcert">Why do connections fail with an "alert 
bad certificate" error?</a></h3>
<p>Errors such as <code>OpenSSL: error:14094412: SSL
    routines:SSL3_READ_BYTES:sslv3 alert bad certificate</code> in the SSL
    logfile, are usually caused a browser which is unable to handle the server
    certificate/private-key. For example, Netscape Navigator 3.x is 
    unable to handle RSA key lengths not equal to 1024 bits.</p>


<h3><a name="keysize" id="keysize">Why does my 2048-bit private key not work?</a></h3>
<p>The private key sizes for SSL must be either 512 or 1024 bits, for compatibility
    with certain web browsers. A keysize of 1024 bits is recommended because
    keys larger than 1024 bits are incompatible with some versions of Netscape
    Navigator and Microsoft Internet Explorer, and with other browsers that
    use RSA's BSAFE cryptography toolkit.</p>


<h3><a name="hashsymlinks" id="hashsymlinks">Why is client authentication broken after upgrading from
SSLeay version 0.8 to 0.9?</a></h3>
<p>The CA certificates under the path you configured with
    <code>SSLCACertificatePath</code> are found by SSLeay through hash
    symlinks. These hash values are generated by the `<code>openssl x509 -noout
    -hash</code>' command. However, the algorithm used to calculate the hash for a
    certificate changed between SSLeay 0.8 and 0.9. You will need to remove
    all old hash symlinks and create new ones after upgrading. Use the
    <code>Makefile</code> provided by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>.</p>


<h3><a name="pemder" id="pemder">How can I convert a certificate from PEM to DER format?</a></h3>
<p>The default certificate format for SSLeay/OpenSSL is PEM, which is simply
    Base64 encoded DER, with header and footer lines. For some applications
    (e.g. Microsoft Internet Explorer) you need the certificate in plain DER
    format. You can convert a PEM file <code>cert.pem</code> into the
    corresponding DER file <code>cert.der</code> using the following command:
    <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code></p>


<h3><a name="verisign" id="verisign">Why can't I find the
<code>getca</code> or <code>getverisign</code> programs mentioned by 
Verisign, for installing my Verisign certificate?</a></h3>
<p>Verisign has never provided specific instructions
    for Apache+mod_ssl. The instructions provided are for C2Net's 
    Stronghold (a commercial Apache based server with SSL support).</p> 
    <p>To install your certificate, all you need to do is to save the 
    certificate to a file, and give the name of that file to the 
    <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> directive.
    You will also need to give it the key file. For more information, 
    see the <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> 
    directive.</p> 


<h3><a name="sgc" id="sgc">Can I use the Server Gated Cryptography (SGC) 
facility (aka Verisign Global ID) with mod_ssl?</a></h3>
<p>Yes. <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> has included support for the SGC 
    facility since version 2.1. No special configuration is required - 
    just use the Global ID as your server certificate. The 
    <em>step up</em> of the clients is then automatically handled by 
    <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> at run-time.</p> 


<h3><a name="gid" id="gid">Why do browsers complain that they cannot 
verify my Verisign Global ID server certificate?</a></h3>
<p>Verisign uses an intermediate CA certificate between the root CA 
    certificate (which is installed in the browsers) and the server 
    certificate (which you installed on the server). You should have 
    received this additional CA certificate from Verisign.
    If not, complain to them. Then, configure this certificate with the
    <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile</a></code> 
    directive. This ensures that the intermediate CA certificate is 
    sent to the browser, filling the gap in the certificate chain.</p>

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="aboutssl" id="aboutssl">The SSL Protocol</a></h2>
<ul>
<li><a href="#random">Why do I get lots of random SSL protocol 
errors under heavy server load?</a></li>
<li><a href="#load">Why does my webserver have a higher load, now
that it serves SSL encrypted traffic?</a></li>
<li><a href="#establishing">Why do HTTPS connections to my server
sometimes take up to 30 seconds to establish a connection?</a></li>
<li><a href="#ciphers">What SSL Ciphers are supported by mod_ssl?</a></li>
<li><a href="#adh">Why do I get ``no shared cipher'' errors, when
trying to use Anonymous Diffie-Hellman (ADH) ciphers?</a></li>
<li><a href="#sharedciphers">Why do I get a 'no shared ciphers'
error when connecting to my newly installed server?</a></li>
<li><a href="#vhosts">Why can't I use SSL with name-based/non-IP-based 
virtual hosts?</a></li>
<li><a href="#vhosts2">Why is it not possible to use Name-Based Virtual
Hosting to identify different SSL virtual hosts?</a></li>
<li><a href="#lockicon">When I use Basic Authentication over HTTPS
the lock icon in Netscape browsers stays unlocked when the dialog pops up.
Does this mean the username/password is being sent unencrypted?</a></li>
<li><a href="#msie">Why do I get I/O errors when connecting via
HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer 
(MSIE)?</a></li>
<li><a href="#nn">Why do I get I/O errors, or the message "Netscape has 
encountered bad data from the server", when connecting via
HTTPS to an Apache+mod_ssl server with Netscape Navigator?</a></li>
</ul>

<h3><a name="random" id="random">Why do I get lots of random SSL protocol 
errors under heavy server load?</a></h3>
<p>There can be a number of reasons for this, but the main one
    is problems with the SSL session Cache specified by the
    <code class="directive"><a href="../mod/mod_ssl.html#sslsessioncache">SSLSessionCache</a></code> directive. The DBM session
    cache is the most likely source of the problem, so using the SHM session cache (or
    no cache at all) may help.</p>


<h3><a name="load" id="load">Why does my webserver have a higher load, now 
that it serves SSL encrypted traffic?</a></h3>
<p>SSL uses strong cryptographic encryption, which necessitates a lot of
    number crunching. When you request a webpage via HTTPS, everything (even
    the images) is encrypted before it is transferred. So increased HTTPS
    traffic leads to load increases.</p>


<h3><a name="establishing" id="establishing">Why do HTTPS connections to my server 
sometimes take up to 30 seconds to establish a connection?</a></h3>
<p>This is usually caused by a <code>/dev/random</code> device for
    <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code> which blocks the 
    read(2) call until enough entropy is available to service the 
    request. More information is available in the reference
    manual for the <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code>
    directive.</p>


<h3><a name="ciphers" id="ciphers">What SSL Ciphers are supported by mod_ssl?</a></h3>
<p>Usually, any SSL ciphers supported by the version of OpenSSL in use, 
    are also supported by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. Which ciphers are 
    available can depend on the way you built OpenSSL. Typically, at 
    least the following ciphers are supported:</p>
    
    <ol>
    <li>RC4 with MD5</li>
    <li>RC4 with MD5 (export version restricted to 40-bit key)</li>
    <li>RC2 with MD5</li>
    <li>RC2 with MD5 (export version restricted to 40-bit key)</li>
    <li>IDEA with MD5</li>
    <li>DES with MD5</li>
    <li>Triple-DES with MD5</li>
    </ol>
    
    <p>To determine the actual list of ciphers available, you should run 
    the following:</p>
    <div class="example"><p><code>$ openssl ciphers -v</code></p></div>


<h3><a name="adh" id="adh">Why do I get ``no shared cipher'' errors, when 
trying to use Anonymous Diffie-Hellman (ADH) ciphers?</a></h3>
<p>By default, OpenSSL does <em>not</em> allow ADH ciphers, for security
    reasons. Please be sure you are aware of the potential side-effects 
    if you choose to enable these ciphers.</p>
    <p>In order to use Anonymous Diffie-Hellman (ADH) ciphers, you must 
    build OpenSSL with ``<code>-DSSL_ALLOW_ADH</code>'', and then add
    ``<code>ADH</code>'' into your <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>.</p>


<h3><a name="sharedciphers" id="sharedciphers">Why do I get a 'no shared ciphers' 
error when connecting to my newly installed server?</a></h3>
<p>Either you have made a mistake with your 
    <code class="directive"><a href="../mod/mod_ssl.html#&gt;sslciphersuite">&gt;SSLCipherSuite</a></code>
    directive (compare it with the pre-configured example in
    <code>httpd.conf-dist</code>) or you chose to use DSA/DH
    algorithms instead of RSA when you generated your private key
    and ignored or overlooked the warnings. If you have chosen
    DSA/DH, then your server cannot communicate using RSA-based SSL 
    ciphers (at least until you configure an additional RSA-based
    certificate/key pair). Modern browsers like NS or IE can only 
    communicate over SSL using RSA ciphers. The result is the 
    "no shared ciphers" error. To fix this, regenerate your server 
    certificate/key pair, using the RSA algorithm.</p>


<h3><a name="vhosts" id="vhosts">Why can't I use SSL with name-based/non-IP-based virtual hosts?</a></h3>
<p>The reason is very technical, and a somewhat "chicken and egg" problem. 
    The SSL protocol layer stays below the HTTP protocol layer and 
    encapsulates HTTP. When an SSL connection (HTTPS) is established
    Apache/mod_ssl has to negotiate the SSL protocol parameters with the
    client. For this, mod_ssl has to consult the configuration of the virtual
    server (for instance it has to look for the cipher suite, the server
    certificate, etc.). But in order to go to the correct virtual server
    Apache has to know the <code>Host</code> HTTP header field. To do this, the
    HTTP request header has to be read. This cannot be done before the SSL
    handshake is finished, but the information is needed in order to 
    complete the SSL handshake phase. Bingo!</p>


<h3><a name="vhosts2" id="vhosts2">Why is it not possible to use Name-Based
Virtual Hosting to identify different SSL virtual hosts?</a></h3>
    <p>Name-Based Virtual Hosting is a very popular method of identifying
    different virtual hosts. It allows you to use the same IP address and
    the same port number for many different sites. When people move on to
    SSL, it seems natural to assume that the same method can be used to have
    lots of different SSL virtual hosts on the same server.</p>

    <p>It comes as rather a shock to learn that it is impossible.</p> 

    <p>The reason is that the SSL protocol is a separate layer which
    encapsulates the HTTP protocol. So the SSL session is a separate 
    transaction, that takes place before the HTTP session has begun. 
    The server receives an SSL request on IP address X and port Y 
    (usually 443). Since the SSL request does not contain any Host: 
    field, the server has no way to decide which SSL virtual host to use.
    Usually, it will just use the first one it finds, which matches the 
    port and IP address specified.</p> 

    <p>You can, of course, use Name-Based Virtual Hosting to identify many
    non-SSL virtual hosts (all on port 80, for example) and then 
    have a single SSL virtual host (on port 443). But if you do this,
    you must make sure to put the non-SSL port number on the NameVirtualHost
    directive, e.g.</p>