ASF Artifacts Distribution Platform
-
Directory
-
Directory
apache_1.3.27-win32-x86-no_src.exe
Download apache_1.3.27-win32-x86-no_src.exe (5.15 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.27-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.27-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.27-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.27-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.27-win32-x86-no_src.exe.asc apache_1.3.27-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.27-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.27-win32-x86-no_src.msi
Download apache_1.3.27-win32-x86-no_src.msi (2.09 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.27-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.27-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.27-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.27-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.27-win32-x86-no_src.msi.asc apache_1.3.27-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.27-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.27-win32-x86-src.msi
Download apache_1.3.27-win32-x86-src.msi (3.32 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.27-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.27-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.27-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.27-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.27-win32-x86-src.msi.asc apache_1.3.27-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.27-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.28-win32-x86-no_src.exe
Download apache_1.3.28-win32-x86-no_src.exe (5.25 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.28-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.28-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.28-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.28-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.28-win32-x86-no_src.exe.asc apache_1.3.28-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.28-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.28-win32-x86-no_src.msi
Download apache_1.3.28-win32-x86-no_src.msi (2.19 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.28-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.28-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.28-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.28-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.28-win32-x86-no_src.msi.asc apache_1.3.28-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.28-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.28-win32-x86-src.msi
Download apache_1.3.28-win32-x86-src.msi (3.45 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.28-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.28-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.28-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.28-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.28-win32-x86-src.msi.asc apache_1.3.28-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.28-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.29-win32-x86-no_src.exe
Download apache_1.3.29-win32-x86-no_src.exe (5.29 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.29-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.29-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.29-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.29-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.29-win32-x86-no_src.exe.asc apache_1.3.29-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.29-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.29-win32-x86-src.exe
Download apache_1.3.29-win32-x86-src.exe (3.49 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.29-win32-x86-src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.29-win32-x86-src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.29-win32-x86-src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.29-win32-x86-src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.29-win32-x86-src.exe.asc apache_1.3.29-win32-x86-src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.29-win32-x86-src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.29-win32-x86-src.msi
Download apache_1.3.29-win32-x86-src.msi (2.24 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.29-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.29-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.29-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.29-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.29-win32-x86-src.msi.asc apache_1.3.29-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.29-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.31-win32-x86-no_src.exe
Download apache_1.3.31-win32-x86-no_src.exe (5.34 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.31-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.31-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.31-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.31-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.31-win32-x86-no_src.exe.asc apache_1.3.31-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.31-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.31-win32-x86-no_src.msi
Download apache_1.3.31-win32-x86-no_src.msi (2.29 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.31-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.31-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.31-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.31-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.31-win32-x86-no_src.msi.asc apache_1.3.31-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.31-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.31-win32-x86-src.msi
Download apache_1.3.31-win32-x86-src.msi (3.58 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.31-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.31-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.31-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.31-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.31-win32-x86-src.msi.asc apache_1.3.31-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.31-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.33-win32-x86-no_src.exe
Download apache_1.3.33-win32-x86-no_src.exe (4.92 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.33-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.33-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.33-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.33-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.33-win32-x86-no_src.exe.asc apache_1.3.33-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.33-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.33-win32-x86-no_src.msi
Download apache_1.3.33-win32-x86-no_src.msi (1.76 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.33-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.33-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.33-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.33-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.33-win32-x86-no_src.msi.asc apache_1.3.33-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.33-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.33-win32-x86-src.msi
Download apache_1.3.33-win32-x86-src.msi (2.83 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.33-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.33-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.33-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.33-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.33-win32-x86-src.msi.asc apache_1.3.33-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.33-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.34-win32-x86-no_src.exe
Download apache_1.3.34-win32-x86-no_src.exe (4.91 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.34-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.34-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.34-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_1.3.34-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.34-win32-x86-no_src.exe.asc apache_1.3.34-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.34-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.34-win32-x86-no_src.msi
Download apache_1.3.34-win32-x86-no_src.msi (1.75 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.34-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.34-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.34-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.34-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.34-win32-x86-no_src.msi.asc apache_1.3.34-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.34-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.34-win32-x86-src.msi
Download apache_1.3.34-win32-x86-src.msi (2.83 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.34-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.34-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.34-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.34-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.34-win32-x86-src.msi.asc apache_1.3.34-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.34-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.35-win32-x86-no_src.msi
Download apache_1.3.35-win32-x86-no_src.msi (2.05 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.35-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.35-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.35-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.35-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.35-win32-x86-no_src.msi.asc apache_1.3.35-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.35-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.35-win32-x86-src.msi
Download apache_1.3.35-win32-x86-src.msi (3.12 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.35-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.35-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.35-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.35-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.35-win32-x86-src.msi.asc apache_1.3.35-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.35-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.37-win32-x86-no_src.msi
Download apache_1.3.37-win32-x86-no_src.msi (2.05 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.37-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.37-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.37-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.37-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.37-win32-x86-no_src.msi.asc apache_1.3.37-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.37-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.37-win32-x86-src.msi
Download apache_1.3.37-win32-x86-src.msi (3.12 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.37-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.37-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.37-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.37-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.37-win32-x86-src.msi.asc apache_1.3.37-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.37-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.39-win32-x86-no_src.msi
Download apache_1.3.39-win32-x86-no_src.msi (2.05 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.39-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.39-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.39-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.39-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.39-win32-x86-no_src.msi.asc apache_1.3.39-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.39-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.39-win32-x86-src.msi
Download apache_1.3.39-win32-x86-src.msi (3.13 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.39-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.39-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.39-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.39-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.39-win32-x86-src.msi.asc apache_1.3.39-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.39-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.41-win32-x86-no_src.msi
Download apache_1.3.41-win32-x86-no_src.msi (2.06 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.41-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.41-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.41-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.41-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.41-win32-x86-no_src.msi.asc apache_1.3.41-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.41-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_1.3.41-win32-x86-src.msi
Download apache_1.3.41-win32-x86-src.msi (3.13 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_1.3.41-win32-x86-src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_1.3.41-win32-x86-src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_1.3.41-win32-x86-src.msi.asc OR % pgp -ka httpd.txt % pgp apache_1.3.41-win32-x86-src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_1.3.41-win32-x86-src.msi.asc apache_1.3.41-win32-x86-src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_1.3.41-win32-x86-src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.40-win32-x86-no_ssl.exe
Download apache_2.0.40-win32-x86-no_ssl.exe (6.28 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.40-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.40-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.40-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.40-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.40-win32-x86-no_ssl.exe.asc apache_2.0.40-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.40-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.40-win32-x86-no_ssl.msi
Download apache_2.0.40-win32-x86-no_ssl.msi (3.22 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.40-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.40-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.40-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.40-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.40-win32-x86-no_ssl.msi.asc apache_2.0.40-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.40-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.42-win32-x86-no_ssl.exe
Download apache_2.0.42-win32-x86-no_ssl.exe (6.52 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.42-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.42-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.42-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.42-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.42-win32-x86-no_ssl.exe.asc apache_2.0.42-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.42-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.42-win32-x86-no_ssl.msi
Download apache_2.0.42-win32-x86-no_ssl.msi (3.46 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.42-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.42-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.42-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.42-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.42-win32-x86-no_ssl.msi.asc apache_2.0.42-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.42-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.43-win32-x86-no_ssl.exe
Download apache_2.0.43-win32-x86-no_ssl.exe (6.69 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.43-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.43-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.43-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.43-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.43-win32-x86-no_ssl.exe.asc apache_2.0.43-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.43-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.43-win32-x86-no_ssl.msi
Download apache_2.0.43-win32-x86-no_ssl.msi (3.63 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.43-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.43-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.43-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.43-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.43-win32-x86-no_ssl.msi.asc apache_2.0.43-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.43-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.44-win32-x86-no_ssl.exe
Download apache_2.0.44-win32-x86-no_ssl.exe (7.83 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.44-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.44-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.44-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.44-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.44-win32-x86-no_ssl.exe.asc apache_2.0.44-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.44-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.44-win32-x86-no_ssl.msi
Download apache_2.0.44-win32-x86-no_ssl.msi (4.77 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.44-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.44-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.44-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.44-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.44-win32-x86-no_ssl.msi.asc apache_2.0.44-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.44-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.44-win9x-x86-apr-patch.zip
Download apache_2.0.44-win9x-x86-apr-patch.zip (56.06 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.44-win9x-x86-apr-patch.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.44-win9x-x86-apr-patch.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.44-win9x-x86-apr-patch.zip.asc OR % pgp -ka httpd.txt % pgp apache_2.0.44-win9x-x86-apr-patch.zip.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.44-win9x-x86-apr-patch.zip.asc apache_2.0.44-win9x-x86-apr-patch.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.44-win9x-x86-apr-patch.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.45-win32-x86-no_ssl.exe
Download apache_2.0.45-win32-x86-no_ssl.exe (8.41 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.45-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.45-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.45-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.45-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.45-win32-x86-no_ssl.exe.asc apache_2.0.45-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.45-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.45-win32-x86-no_ssl.msi
Download apache_2.0.45-win32-x86-no_ssl.msi (5.35 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.45-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.45-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.45-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.45-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.45-win32-x86-no_ssl.msi.asc apache_2.0.45-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.45-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.46-win32-x86-no_src.exe
Download apache_2.0.46-win32-x86-no_src.exe (8.82 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.46-win32-x86-no_src.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.46-win32-x86-no_src.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.46-win32-x86-no_src.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.46-win32-x86-no_src.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.46-win32-x86-no_src.exe.asc apache_2.0.46-win32-x86-no_src.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.46-win32-x86-no_src.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.46-win32-x86-no_src.msi
Download apache_2.0.46-win32-x86-no_src.msi (5.77 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.46-win32-x86-no_src.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.46-win32-x86-no_src.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.46-win32-x86-no_src.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.46-win32-x86-no_src.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.46-win32-x86-no_src.msi.asc apache_2.0.46-win32-x86-no_src.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.46-win32-x86-no_src.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.47-win32-x86-no_ssl.exe
Download apache_2.0.47-win32-x86-no_ssl.exe (8.87 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.47-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.47-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.47-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.47-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.47-win32-x86-no_ssl.exe.asc apache_2.0.47-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.47-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.47-win32-x86-no_ssl.msi
Download apache_2.0.47-win32-x86-no_ssl.msi (5.81 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.47-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.47-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.47-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.47-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.47-win32-x86-no_ssl.msi.asc apache_2.0.47-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.47-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.48-win32-x86-no_ssl.exe
Download apache_2.0.48-win32-x86-no_ssl.exe (8.79 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.48-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.48-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.48-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.48-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.48-win32-x86-no_ssl.exe.asc apache_2.0.48-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.48-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.48-win32-x86-no_ssl.msi
Download apache_2.0.48-win32-x86-no_ssl.msi (5.73 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.48-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.48-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.48-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.48-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.48-win32-x86-no_ssl.msi.asc apache_2.0.48-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.48-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.49-win32-x86-no_ssl.exe
Download apache_2.0.49-win32-x86-no_ssl.exe (8.87 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.49-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.49-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.49-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.49-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.49-win32-x86-no_ssl.exe.asc apache_2.0.49-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.49-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.49-win32-x86-no_ssl.msi
Download apache_2.0.49-win32-x86-no_ssl.msi (5.81 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.49-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.49-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.49-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.49-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.49-win32-x86-no_ssl.msi.asc apache_2.0.49-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.49-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.50-win32-x86-no_ssl.exe
Download apache_2.0.50-win32-x86-no_ssl.exe (9.27 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.50-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.50-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.50-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.50-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.50-win32-x86-no_ssl.exe.asc apache_2.0.50-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.50-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.50-win32-x86-no_ssl.msi
Download apache_2.0.50-win32-x86-no_ssl.msi (6.21 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.50-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.50-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.50-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.50-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.50-win32-x86-no_ssl.msi.asc apache_2.0.50-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.50-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.51-win32-x86-no_ssl.exe
Download apache_2.0.51-win32-x86-no_ssl.exe (9.3 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.51-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.51-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.51-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.51-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.51-win32-x86-no_ssl.exe.asc apache_2.0.51-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.51-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.51-win32-x86-no_ssl.msi
Download apache_2.0.51-win32-x86-no_ssl.msi (6.24 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.51-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.51-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.51-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.51-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.51-win32-x86-no_ssl.msi.asc apache_2.0.51-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.51-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.52-win32-x86-no_ssl.exe
Download apache_2.0.52-win32-x86-no_ssl.exe (9.46 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.52-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.52-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.52-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.52-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.52-win32-x86-no_ssl.exe.asc apache_2.0.52-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.52-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.52-win32-x86-no_ssl.msi
Download apache_2.0.52-win32-x86-no_ssl.msi (6.4 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.52-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.52-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.52-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.52-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.52-win32-x86-no_ssl.msi.asc apache_2.0.52-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.52-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.53-win32-x86-no_ssl.exe
Download apache_2.0.53-win32-x86-no_ssl.exe (7.73 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.53-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.53-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.53-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.53-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.53-win32-x86-no_ssl.exe.asc apache_2.0.53-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.53-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.53-win32-x86-no_ssl.msi
Download apache_2.0.53-win32-x86-no_ssl.msi (4.58 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.53-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.53-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.53-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.53-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.53-win32-x86-no_ssl.msi.asc apache_2.0.53-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.53-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.54-win32-x86-no_ssl.exe
Download apache_2.0.54-win32-x86-no_ssl.exe (7.82 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.54-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.54-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.54-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.54-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.54-win32-x86-no_ssl.exe.asc apache_2.0.54-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.54-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.54-win32-x86-no_ssl.msi
Download apache_2.0.54-win32-x86-no_ssl.msi (4.66 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.54-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.54-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.54-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.54-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.54-win32-x86-no_ssl.msi.asc apache_2.0.54-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.54-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.55-win32-x86-no_ssl.exe
Download apache_2.0.55-win32-x86-no_ssl.exe (7.36 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.55-win32-x86-no_ssl.exe
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.55-win32-x86-no_ssl.exe.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.55-win32-x86-no_ssl.exe.asc OR % pgp -ka httpd.txt % pgp apache_2.0.55-win32-x86-no_ssl.exe.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.55-win32-x86-no_ssl.exe.asc apache_2.0.55-win32-x86-no_ssl.exe
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.55-win32-x86-no_ssl.exe: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.55-win32-x86-no_ssl.msi
Download apache_2.0.55-win32-x86-no_ssl.msi (4.21 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.55-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.55-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.55-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.55-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.55-win32-x86-no_ssl.msi.asc apache_2.0.55-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.55-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.58-win32-x86-no_ssl.msi
Download apache_2.0.58-win32-x86-no_ssl.msi (4.23 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.58-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.58-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.58-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.58-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.58-win32-x86-no_ssl.msi.asc apache_2.0.58-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.58-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.59-win32-x86-no_ssl.msi
Download apache_2.0.59-win32-x86-no_ssl.msi (4.23 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.59-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.59-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.59-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.59-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.59-win32-x86-no_ssl.msi.asc apache_2.0.59-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.59-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.59-win32-x86-openssl-0.9.7j.msi
Download apache_2.0.59-win32-x86-openssl-0.9.7j.msi (4.76 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.59-win32-x86-openssl-0.9.7j.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.59-win32-x86-openssl-0.9.7j.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.59-win32-x86-openssl-0.9.7j.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.59-win32-x86-openssl-0.9.7j.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.59-win32-x86-openssl-0.9.7j.msi.asc apache_2.0.59-win32-x86-openssl-0.9.7j.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.59-win32-x86-openssl-0.9.7j.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.61-win32-x86-no_ssl.msi
Download apache_2.0.61-win32-x86-no_ssl.msi (4.16 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.61-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.61-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.61-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.61-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.61-win32-x86-no_ssl.msi.asc apache_2.0.61-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.61-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.61-win32-x86-openssl-0.9.7m.msi
Download apache_2.0.61-win32-x86-openssl-0.9.7m.msi (4.7 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.61-win32-x86-openssl-0.9.7m.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.61-win32-x86-openssl-0.9.7m.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.61-win32-x86-openssl-0.9.7m.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.61-win32-x86-openssl-0.9.7m.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.61-win32-x86-openssl-0.9.7m.msi.asc apache_2.0.61-win32-x86-openssl-0.9.7m.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.61-win32-x86-openssl-0.9.7m.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.63-win32-x86-no_ssl.msi
Download apache_2.0.63-win32-x86-no_ssl.msi (4.18 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.63-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.63-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.63-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.63-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.63-win32-x86-no_ssl.msi.asc apache_2.0.63-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.63-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.0.63-win32-x86-openssl-0.9.7m.msi
Download apache_2.0.63-win32-x86-openssl-0.9.7m.msi (4.72 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.0.63-win32-x86-openssl-0.9.7m.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.0.63-win32-x86-openssl-0.9.7m.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.0.63-win32-x86-openssl-0.9.7m.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.0.63-win32-x86-openssl-0.9.7m.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.0.63-win32-x86-openssl-0.9.7m.msi.asc apache_2.0.63-win32-x86-openssl-0.9.7m.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.0.63-win32-x86-openssl-0.9.7m.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.10-win32-x86-no_ssl.msi
Download apache_2.2.10-win32-x86-no_ssl.msi (4.62 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.10-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.10-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.10-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.10-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.10-win32-x86-no_ssl.msi.asc apache_2.2.10-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.10-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.10-win32-x86-openssl-0.9.8i.msi
Download apache_2.2.10-win32-x86-openssl-0.9.8i.msi (5.25 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.10-win32-x86-openssl-0.9.8i.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.10-win32-x86-openssl-0.9.8i.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.10-win32-x86-openssl-0.9.8i.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.10-win32-x86-openssl-0.9.8i.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.10-win32-x86-openssl-0.9.8i.msi.asc apache_2.2.10-win32-x86-openssl-0.9.8i.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.10-win32-x86-openssl-0.9.8i.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.11-win32-x86-no_ssl.msi
Download apache_2.2.11-win32-x86-no_ssl.msi (4.56 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.11-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.11-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.11-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.11-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc apache_2.2.11-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.11-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.11-win32-x86-openssl-0.9.8i.msi
Download apache_2.2.11-win32-x86-openssl-0.9.8i.msi (5.19 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.11-win32-x86-openssl-0.9.8i.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.11-win32-x86-openssl-0.9.8i.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.11-win32-x86-openssl-0.9.8i.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.11-win32-x86-openssl-0.9.8i.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.11-win32-x86-openssl-0.9.8i.msi.asc apache_2.2.11-win32-x86-openssl-0.9.8i.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.11-win32-x86-openssl-0.9.8i.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.13-win32-x86-no_ssl.msi
Download apache_2.2.13-win32-x86-no_ssl.msi (5.11 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.13-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.13-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.13-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.13-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.13-win32-x86-no_ssl.msi.asc apache_2.2.13-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.13-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.13-win32-x86-openssl-0.9.8k.msi
Download apache_2.2.13-win32-x86-openssl-0.9.8k.msi (5.76 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.13-win32-x86-openssl-0.9.8k.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.13-win32-x86-openssl-0.9.8k.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.13-win32-x86-openssl-0.9.8k.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.13-win32-x86-openssl-0.9.8k.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.13-win32-x86-openssl-0.9.8k.msi.asc apache_2.2.13-win32-x86-openssl-0.9.8k.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.13-win32-x86-openssl-0.9.8k.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.14-win32-x86-no_ssl.msi
Download apache_2.2.14-win32-x86-no_ssl.msi (5.12 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.14-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.14-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.14-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.14-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.14-win32-x86-no_ssl.msi.asc apache_2.2.14-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.14-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.14-win32-x86-openssl-0.9.8k.msi
Download apache_2.2.14-win32-x86-openssl-0.9.8k.msi (5.76 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.14-win32-x86-openssl-0.9.8k.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc apache_2.2.14-win32-x86-openssl-0.9.8k.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- apache_2.2.14-win32-x86-openssl-0.9.8k.msi.md5 weak!
- apache_2.2.14-win32-x86-openssl-0.9.8k.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.14-win32-x86-openssl-0.9.8k.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.2-win32-x86-no_ssl.msi
Download apache_2.2.2-win32-x86-no_ssl.msi (4.22 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.2-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.2-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.2-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.2-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.2-win32-x86-no_ssl.msi.asc apache_2.2.2-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.2-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.4-win32-x86-no_ssl.msi
Download apache_2.2.4-win32-x86-no_ssl.msi (4.24 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.4-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.4-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.4-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.4-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.4-win32-x86-no_ssl.msi.asc apache_2.2.4-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.4-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.4-win32-x86-openssl-0.9.8d.msi
Download apache_2.2.4-win32-x86-openssl-0.9.8d.msi (4.86 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.4-win32-x86-openssl-0.9.8d.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.4-win32-x86-openssl-0.9.8d.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.4-win32-x86-openssl-0.9.8d.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.4-win32-x86-openssl-0.9.8d.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.4-win32-x86-openssl-0.9.8d.msi.asc apache_2.2.4-win32-x86-openssl-0.9.8d.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.4-win32-x86-openssl-0.9.8d.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.6-win32-x86-no_ssl.msi
Download apache_2.2.6-win32-x86-no_ssl.msi (4.12 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.6-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.6-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.6-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.6-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.6-win32-x86-no_ssl.msi.asc apache_2.2.6-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.6-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.6-win32-x86-openssl-0.9.8e.msi
Download apache_2.2.6-win32-x86-openssl-0.9.8e.msi (4.74 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.6-win32-x86-openssl-0.9.8e.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.6-win32-x86-openssl-0.9.8e.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.6-win32-x86-openssl-0.9.8e.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.6-win32-x86-openssl-0.9.8e.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.6-win32-x86-openssl-0.9.8e.msi.asc apache_2.2.6-win32-x86-openssl-0.9.8e.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.6-win32-x86-openssl-0.9.8e.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.8-win32-x86-no_ssl.msi
Download apache_2.2.8-win32-x86-no_ssl.msi (4.18 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.8-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.8-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.8-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.8-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.8-win32-x86-no_ssl.msi.asc apache_2.2.8-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.8-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.8-win32-x86-openssl-0.9.8g.msi
Download apache_2.2.8-win32-x86-openssl-0.9.8g.msi (4.81 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.8-win32-x86-openssl-0.9.8g.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.8-win32-x86-openssl-0.9.8g.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.8-win32-x86-openssl-0.9.8g.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.8-win32-x86-openssl-0.9.8g.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.8-win32-x86-openssl-0.9.8g.msi.asc apache_2.2.8-win32-x86-openssl-0.9.8g.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.8-win32-x86-openssl-0.9.8g.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.9-win32-x86-no_ssl-r2.msi
Download apache_2.2.9-win32-x86-no_ssl-r2.msi (4.54 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.9-win32-x86-no_ssl-r2.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.9-win32-x86-no_ssl-r2.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.9-win32-x86-no_ssl-r2.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.9-win32-x86-no_ssl-r2.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.9-win32-x86-no_ssl-r2.msi.asc apache_2.2.9-win32-x86-no_ssl-r2.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.9-win32-x86-no_ssl-r2.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi
Download apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi (5.16 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc OR % pgp -ka httpd.txt % pgp apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc OR % gpg --import httpd.txt % gpg --verify apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.0.64-win32-x86-no_ssl.msi
Download httpd-2.0.64-win32-x86-no_ssl.msi (4.82 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.0.64-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.0.64-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.0.64-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.0.64-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.0.64-win32-x86-no_ssl.msi.asc httpd-2.0.64-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.0.64-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.0.64-win32-x86-openssl-0.9.8o.msi
Download httpd-2.0.64-win32-x86-openssl-0.9.8o.msi (5.47 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.0.64-win32-x86-openssl-0.9.8o.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.asc httpd-2.0.64-win32-x86-openssl-0.9.8o.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.md5 weak!
- httpd-2.0.64-win32-x86-openssl-0.9.8o.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.0.64-win32-x86-openssl-0.9.8o.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.0.65-win32-x86-no_ssl.msi
Download httpd-2.0.65-win32-x86-no_ssl.msi (4.84 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.0.65-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.0.65-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.0.65-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.0.65-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.0.65-win32-x86-no_ssl.msi.asc httpd-2.0.65-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.0.65-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.0.65-win32-x86-openssl-0.9.8y.msi
Download httpd-2.0.65-win32-x86-openssl-0.9.8y.msi (5.5 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.0.65-win32-x86-openssl-0.9.8y.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc httpd-2.0.65-win32-x86-openssl-0.9.8y.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.md5 weak!
- httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.0.65-win32-x86-openssl-0.9.8y.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.15-win32-x86-no_ssl.msi
Download httpd-2.2.15-win32-x86-no_ssl.msi (5.11 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.15-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.15-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.15-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.15-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.15-win32-x86-no_ssl.msi.asc httpd-2.2.15-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.15-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
Download httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi (5.76 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.asc httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.md5 weak!
- httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.15-win32-x86-openssl-0.9.8m.msi
Download httpd-2.2.15-win32-x86-openssl-0.9.8m.msi (5.75 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.15-win32-x86-openssl-0.9.8m.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.asc httpd-2.2.15-win32-x86-openssl-0.9.8m.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.md5 weak!
- httpd-2.2.15-win32-x86-openssl-0.9.8m.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.15-win32-x86-openssl-0.9.8m.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.16-win32-x86-no_ssl.msi
Download httpd-2.2.16-win32-x86-no_ssl.msi (5.12 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.16-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.16-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.16-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.16-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.16-win32-x86-no_ssl.msi.asc httpd-2.2.16-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.16-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.16-win32-x86-openssl-0.9.8o.msi
Download httpd-2.2.16-win32-x86-openssl-0.9.8o.msi (5.77 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.16-win32-x86-openssl-0.9.8o.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.asc httpd-2.2.16-win32-x86-openssl-0.9.8o.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.md5 weak!
- httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.16-win32-x86-openssl-0.9.8o.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.17-win32-x86-no_ssl.msi
Download httpd-2.2.17-win32-x86-no_ssl.msi (5.15 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.17-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.17-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.17-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.17-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.17-win32-x86-no_ssl.msi.asc httpd-2.2.17-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.17-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.17-win32-x86-openssl-0.9.8o.msi
Download httpd-2.2.17-win32-x86-openssl-0.9.8o.msi (5.8 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.17-win32-x86-openssl-0.9.8o.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.asc httpd-2.2.17-win32-x86-openssl-0.9.8o.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.md5 weak!
- httpd-2.2.17-win32-x86-openssl-0.9.8o.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.17-win32-x86-openssl-0.9.8o.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.18-win32-x86-no_ssl-r2.msi
Download httpd-2.2.18-win32-x86-no_ssl-r2.msi (5.45 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.18-win32-x86-no_ssl-r2.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.18-win32-x86-no_ssl-r2.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.18-win32-x86-no_ssl-r2.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.18-win32-x86-no_ssl-r2.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.18-win32-x86-no_ssl-r2.msi.asc httpd-2.2.18-win32-x86-no_ssl-r2.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.18-win32-x86-no_ssl-r2.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.18-win32-x86-no_ssl.msi
Download httpd-2.2.18-win32-x86-no_ssl.msi (5.45 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.18-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.18-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.18-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.18-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.18-win32-x86-no_ssl.msi.asc httpd-2.2.18-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.18-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi
Download httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi (6.1 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.asc httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.md5 weak!
- httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.18-win32-x86-openssl-0.9.8r-r2.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.18-win32-x86-openssl-0.9.8r.msi
Download httpd-2.2.18-win32-x86-openssl-0.9.8r.msi (6.1 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.18-win32-x86-openssl-0.9.8r.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.asc httpd-2.2.18-win32-x86-openssl-0.9.8r.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.md5 weak!
- httpd-2.2.18-win32-x86-openssl-0.9.8r.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.18-win32-x86-openssl-0.9.8r.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.19-win32-x86-no_ssl.msi
Download httpd-2.2.19-win32-x86-no_ssl.msi (4.9 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.19-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.19-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.19-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.19-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.19-win32-x86-no_ssl.msi.asc httpd-2.2.19-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.19-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
Download httpd-2.2.19-win32-x86-openssl-0.9.8r.msi (5.56 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.asc httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.md5 weak!
- httpd-2.2.19-win32-x86-openssl-0.9.8r.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.19-win32-x86-openssl-0.9.8r.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.20-win32-x86-no_ssl.msi
Download httpd-2.2.20-win32-x86-no_ssl.msi (4.91 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.20-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.20-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.20-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.20-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.20-win32-x86-no_ssl.msi.asc httpd-2.2.20-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.20-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.20-win32-x86-openssl-0.9.8r.msi
Download httpd-2.2.20-win32-x86-openssl-0.9.8r.msi (5.56 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.20-win32-x86-openssl-0.9.8r.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.asc httpd-2.2.20-win32-x86-openssl-0.9.8r.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.md5 weak!
- httpd-2.2.20-win32-x86-openssl-0.9.8r.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.20-win32-x86-openssl-0.9.8r.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.21-win32-x86-no_ssl.msi
Download httpd-2.2.21-win32-x86-no_ssl.msi (4.91 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.21-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.21-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.21-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.21-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.21-win32-x86-no_ssl.msi.asc httpd-2.2.21-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.21-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.21-win32-x86-openssl-0.9.8r.msi
Download httpd-2.2.21-win32-x86-openssl-0.9.8r.msi (5.57 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.21-win32-x86-openssl-0.9.8r.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.asc httpd-2.2.21-win32-x86-openssl-0.9.8r.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.md5 weak!
- httpd-2.2.21-win32-x86-openssl-0.9.8r.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.21-win32-x86-openssl-0.9.8r.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.22-win32-x86-no_ssl.msi
Download httpd-2.2.22-win32-x86-no_ssl.msi (5.42 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.22-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.22-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.22-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.22-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.22-win32-x86-no_ssl.msi.asc httpd-2.2.22-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.22-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
Download httpd-2.2.22-win32-x86-openssl-0.9.8t.msi (6.07 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.asc httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.md5 weak!
- httpd-2.2.22-win32-x86-openssl-0.9.8t.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.25-win32-x86-no_ssl.msi
Download httpd-2.2.25-win32-x86-no_ssl.msi (5.49 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.25-win32-x86-no_ssl.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.25-win32-x86-no_ssl.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.25-win32-x86-no_ssl.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.25-win32-x86-no_ssl.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.25-win32-x86-no_ssl.msi.asc httpd-2.2.25-win32-x86-no_ssl.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.25-win32-x86-no_ssl.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
Download httpd-2.2.25-win32-x86-openssl-0.9.8y.msi (6.14 MBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
- The httpd release signing key list: httpd.txt
- The detached signature file: httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.asc OR % pgp -ka httpd.txt % pgp httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.asc OR % gpg --import httpd.txt % gpg --verify httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.asc httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
- httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.md5 weak!
- httpd-2.2.25-win32-x86-openssl-0.9.8y.msi.sha1 weak!
Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: httpd-2.2.25-win32-x86-openssl-0.9.8y.msi: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_fcgid-2.3.4-win32-x86.zip
Download mod_fcgid-2.3.4-win32-x86.zip (108.73 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_fcgid-2.3.4-win32-x86.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_fcgid-2.3.4-win32-x86.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_fcgid-2.3.4-win32-x86.zip.asc OR % pgp -ka httpd.txt % pgp mod_fcgid-2.3.4-win32-x86.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_fcgid-2.3.4-win32-x86.zip.asc mod_fcgid-2.3.4-win32-x86.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_fcgid-2.3.4-win32-x86.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_fcgid-2.3.5-win32-x86.zip
Download mod_fcgid-2.3.5-win32-x86.zip (113.52 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_fcgid-2.3.5-win32-x86.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_fcgid-2.3.5-win32-x86.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_fcgid-2.3.5-win32-x86.zip.asc OR % pgp -ka httpd.txt % pgp mod_fcgid-2.3.5-win32-x86.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_fcgid-2.3.5-win32-x86.zip.asc mod_fcgid-2.3.5-win32-x86.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_fcgid-2.3.5-win32-x86.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_fcgid-2.3.6-win32-x86.zip
Download mod_fcgid-2.3.6-win32-x86.zip (115.89 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_fcgid-2.3.6-win32-x86.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_fcgid-2.3.6-win32-x86.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_fcgid-2.3.6-win32-x86.zip.asc OR % pgp -ka httpd.txt % pgp mod_fcgid-2.3.6-win32-x86.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_fcgid-2.3.6-win32-x86.zip.asc mod_fcgid-2.3.6-win32-x86.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_fcgid-2.3.6-win32-x86.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_ftp-0.9.6-beta-win32-x86.zip
Download mod_ftp-0.9.6-beta-win32-x86.zip (153.93 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_ftp-0.9.6-beta-win32-x86.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_ftp-0.9.6-beta-win32-x86.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_ftp-0.9.6-beta-win32-x86.zip.asc OR % pgp -ka httpd.txt % pgp mod_ftp-0.9.6-beta-win32-x86.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_ftp-0.9.6-beta-win32-x86.zip.asc mod_ftp-0.9.6-beta-win32-x86.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_ftp-0.9.6-beta-win32-x86.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_isapi-CVE-2010-0425.zip
Download mod_isapi-CVE-2010-0425.zip (71.33 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_isapi-CVE-2010-0425.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_isapi-CVE-2010-0425.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_isapi-CVE-2010-0425.zip.asc OR % pgp -ka httpd.txt % pgp mod_isapi-CVE-2010-0425.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_isapi-CVE-2010-0425.zip.asc mod_isapi-CVE-2010-0425.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_isapi-CVE-2010-0425.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.
mod_proxy_http-CVE-2010-2068.zip
Download mod_proxy_http-CVE-2010-2068.zip (44.15 KBytes)Useful references:
- Release notes, with important information about known issues
- Changelog
How to verify this release
Each official software release at the ASF is digitally signed with a detached PGP signature, as well as accompanying checksum files for extra verification. You can verify the PGP signatures using PGP or GPG.
Verifying the PGP signature
To verify the PGP signature, you will need the following files:
- The release artifact itself: mod_proxy_http-CVE-2010-2068.zip
- The httpd release signing key list: httpd.txt
- The detached signature file: mod_proxy_http-CVE-2010-2068.zip.asc
Make sure you get these files from the official apache.org release distribution service, rather than from a mirror, as we cannot verify the authenticity of mirrors.
Once you have all the needed files, you can verify the release artifact as follows:
% pgpk -a httpd.txt % pgpv mod_proxy_http-CVE-2010-2068.zip.asc OR % pgp -ka httpd.txt % pgp mod_proxy_http-CVE-2010-2068.zip.asc OR % gpg --import httpd.txt % gpg --verify mod_proxy_http-CVE-2010-2068.zip.asc mod_proxy_http-CVE-2010-2068.zip
Verifying the checksum files
If you're unable to verify the PGP signatures, you can instead verify the checksums on the files. However, PGP signatures are superior to checksums, and we recommend you verify using PGP whenever possible.
The following checksum files are available for this release:
When multiple checksums are available, we recommend you use the strongest checksum algorithm found. In order of strength, they are: sha512, sha256, sha1, md5Verifying SHA1, SHA256, and SHA512 checksums
Most Unix systems have a program called shasum included in their core distribution, which can be used here. To verify a checksum file, download it to the same directory as the relase artifact you downloaded, and run: shasum -c [checksum-filename]
The shasum program should emit the following response: mod_proxy_http-CVE-2010-2068.zip: OK. If the program indicates any errors or warnings, there may be authenticity issues with the artifact, and you should let us know at security@apache.org.
On Windows you can use the following command in a command line window to generate a checksum for the artifact, for instance: certutil -hashfile <filename> SHA512.
You can then compare this checksum value to the value in the checksum file.
Verifying MD5 checksums
Some older artifacts may only have an MD5 checksum file associated with it. As MD5 is now considered a weak algorithm, we strongly advise that users verify such artifacts using the PGP method described above. Should you have a need to verify the MD5 checksum file, you can use the Unix program md5sum in a similar manner to how SHA checksums are verified: md5sum -c [checksum-filename]. The response from the md5sum program is similar to that of the shasum program, and an OK response should always be expected.