Windows postinstall generates localhost and %COMPUTERNAME% certificates.
The localhost ones are used in the default ssl.conf. So far so good.

The current form of the script fails to generate the localhost pair though. It has been passing accidentally, because many machines actually have their computer name set to localhost.

The bug is somewhat related to these if exists checks, but I've failed to determine how. It's weird.

The attached patch works though: postinstall.httpd.bat.patch. It

• exports OPENSSL_CONF so as openssl can find the config file (works, unlike the command line argument)
• it removes tese if-exists checks and goto; it is not necessary to have them anyway
• it pimps up key length to 2048

Please, consider looking into it.