Skip to main content

Apache + SSL on Windows (Yes, Windows)

This past week was a pretty frustrating one on numerous levels; just one of those weeks where everything that can possibly go wrong does, and 99% of it was out of my control, which makes it all the more frustrating. Out of these challenges tends to come some experience and maybe even a bit of wisdom, however, so while it's painful while it's a growth experience and forces you to investigate things you might not otherwise have done. (That's my "silver lining" outlook at the end of the week. If I had posted anything on Monday it would have been far less optimistic!)

One of the major frustrations I had this week was trying to upgrade CF 5 to CF 7 Enterprise (multi-instance installation) on a Windows 2000 server. Nothing I haven't done numerous times before, but this particular server was the proverbial server from hell. Every single thing that could go wrong did, and since I'm in Dallas and the server's in San Diego, it made it all the more frustrating because walking over, sticking a CD in the drive, and reinstalling Windows wasn't an option. Sure I could have scheduled to have it done by the colo engineers, but that seemed overkill just to get CF upgraded.

Problem #1 was that the CF 7 installation hung when it was trying to connect to the web server, which was IIS at this point. (For some reason it was unsuccessul in migrating my CF 5 settings as well, but that was a minor issue since I had a spreadsheet with all the settings in it anyway.) I've seen that happen before but usually you can just kill the process and run the web server connector after the fact. The web server connector also hung, however, so I was faced with doing this piece manually.

This isn't that big of a deal, or shouldn't have been, but after following these instructions, it still just didn't work. When I'd hit the CF administrator it would just spit out what I assume is the encrypted CF code to the browser, and attempts to hit other CF pages would either result in the source code being displayed or some varying degrees of not processing or not finding the pages. In short, CF and IIS weren't communicating.

Step 2 was to try doing a single instance/standalone install of CF 7 because on this server I really don't need multiple instances. I prefer to do the multi-instance install regardless, but since I wasn't getting anywhere with the multi-instance install I decided to give the standalone install a try. The web server connector still locked up, so I tried these instructions to do the manual configuration for the standalone installation. Still nothing--same behavior as before from IIS.

At this point I've spent a significant amount of time on something that should have been rather trivial, so I decided to install Apache 2.0.55 on Windows and see if that would work. The web server connector still hung (I was being ultra-paranoid and uninstalling/reinstalling CF at several points during this process) when trying to talk to Apache. So I followed the stand-alone manual web server configuration instructions above to get CF to talk to Apache and EUREKA! Success!

The story doesn't end there though. The Windows installer for Apache 2.0.55 doesn't come with SSL support, and this server runs one app that needs SSL. Jared was nice enough to be listening to me yell over IM about my problems during this process and sent me a link describing how to install SSL support for Apache on Windows. This led me down a couple of other paths, but here are the links for trying this process (emphasis on TRYING):

My own personal opinion on these two sets on instructions is that they are missing some rather crucial steps (if you *combine* the two you get close), but in the end even after trying this process multiple times, it just didn't work. Apache would fail to start with the mod_ssl LoadModule line uncommented, but if I commented it out Apache would start. I checked the placement and existence of the files multiple times and spent a lot of time walking back through this process step by step, and I was sure I was using the latest package that supposedly will allow for this, but it just didn't want to work.

VERY long story short, if you want to use Apache with SSL on Windows, go download this package from and be done with it. Yes, it comes with MySQL, mod_perl, PHP 5, and a bunch of other stuff you might not want or need, but you can easily disable that stuff and it doesn't install these add-ons as Windows services, so it's really just some extra files on your hard drive that won't cause any real harm.

The key here is that this is Apache 2.0.54 with SSL support already in there. (Another option I found prior to discovering this package was to get the source code for Apache and mod_ssl and compile it myself, but I just wanted to get this thing DONE!) I just installed it late yesterday--I wasn't about to let the weekend hit without having this issue resolved--and so far it works like a champ. I generated a test certificate using Open SSL and it works great. Just going this route initially would have saved me a ton of time so my thanks go out to devside for making this available.

Now back to the silver lining stuff. I know a lot more about Apache than I did before (I'm semi-dangerous with Apache on Linux), it forced me to figure out SSL with Apache on Windows, and I also know more than I ever wanted to about manually configuring the web server connections with CF. That's not necessarily a bad thing and it likely isn't something I would have spent my time learning had I not been faced with this. Most importantly I left work for the weekend knowing that things were working, and hey, now I can count myself among the cool kids because I'm running Apache. ;-)


I always use the Apache/SSL binary from

works like a champ is always up to date within a day of a new Apache or OpenSSL release.

Thanks Kurt--I actually used those as part of the instructions I list in the blog entry but didn't have luck getting it to work. I may take another run at it at some point but that other package seemed to install without a hitch, so I'm happy for the time being.

I've had the same frustrations with Apache/SSL/Win32. The all in one WAMP packages, like DevSide's is the way to go, if you can. There are a number of these out there, some with or without SSL. Saint WAMP is another good one which is on sourceforge. EasyPHP is a popular one, but its getting kinda stale, it doesn't have SSL, and half of the instructions are in French. Xampp, Uniform Server, IBServer, and FoxServ are other examples (but I'd probably stick with DevSide and Saint WAMP).

In any case, its quite amazing that for something that has been around as long as it has, that this kind of functionality isn't easier to get up and running and/or come out of the box without having to go to these WAMP solutions. While it makes sense that you might have to recompile things on a *nix box, it doesn't make sense for a Windows box in which it shouldn't matter. A Win32 executable is more or less the same/compatible no matter which version of Windows you have.

Oh yeah, BTW, here's another good site that I think is better (than the two you mentioned) at explaining exactly what you have to do to get 2.0.55 up and running with SSL on a Windows box:

I always use the ApacheSSL package from


Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Running a Django Application on Windows Server 2012 with IIS

This is a first for me since under normal circumstances we run all our Django applications on Linux with Nginx, but we're in the process of developing an application for another department and due to the requirements around this project, we'll be handing the code off to them to deploy. They don't have any experience with Linux or web servers other than IIS, so I recently took up the challenge of figuring out how to run Django applications on Windows Server 2012 with IIS.

Based on the dated or complete lack of information around this I'm assuming it's not something that's very common in the wild, so I thought I'd share what I came up with in case others need to do this.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Assumptions and CaveatsThe operating system is Windows Server 2012 R2, 64-bit. If another variant of the operating system is being used, these instructions may not work properly.All of the soft…

Fixing DPI Scaling Issues in Skype for Business on Windows 10

My setup for my day job these days is a Surface Pro 4 and either an LG 34UC87M-B or a Dell P2715Q monitor, depending on where I'm working. This is a fantastic setup, but some applications have trouble dealing with the high pixel density and don't scale appropriately.
One case in point is Skype for Business. For some reason it scales correctly as I move between the Surface screen and the external monitor when I use the Dell, but on the LG monitor Skype is either massive on the external monitor, or tiny on the Surface screen.
After a big of digging around I came across a solution that worked for me, which is to change a setting in Skype's manifest file (who knew there was one?). On my machine the file is here: C:\Program Files\Microsoft Office\Office16\LYNC.EXE.MANIFEST
And the setting in question is this:
Which I changed to this: <dpiAware>False/PM</dpiAware>
Note that you'll probably have to edit the file as administr…