Ask Question Forum:
Model Library:2025-02-08:A.I. model is online auto reply
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by duncanb7
at 2024-05-14 05:30:51
Point:500 Replies:15 POST_ID:828555USER_ID:11059
Topic:
PHP Scripting Language;Linux;Apache Web Server
After install xampp on my window-xp, I am able to surf http:localhost:80 in my browser
But when I am setting up and using openSSL and setup up self-signed SSL
certification to my localhost site , surfing links such as http://localhost and https://localhost
both are not working and browsers give me the disconnection error message .
Setting up for enabling openssl, I modified some code in http.conf as follows
-taking out "#" in #LoadModule ssl_module modules/mod_ssl.so
and Include "conf/extra/httpd-ssl.conf"
-and take out ";" in ;extension=php_openssl.dl in php.ini
Setting SSL self-sign Certfication, I follow this link at
-http://www.opencodez.com/apache/ssl-certificate-and-install-in-xampp.htm
-and get the crt and key file and put it in httpd-ssl.conf
SSLCertificateFile "c:/xampp/php/extras/openssl/server.crt"
SSLCertificateKeyFile "c:/xampp/php/extras/openssl/server.key"
-and set <VirualHOST> as follows
<VirtualHost localhost:443>
# General setup for the virtual host
DocumentRoot "C:/xampp/htdocs"
ServerName localhost:443
ServerAdmin webmaster@localhost
ErrorLog "logs/error.log"
<IfModule log_config_module>
CustomLog "logs/access.log" combined
</IfModule>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
..............
</</VirtualHost>
-stop xampp server and restart it for files update
But all is not working no matter I try http://localhost:80 or https:localhost:443 both are NOT working for surfing in browsers,Why?
Please advise where the setup is doing wrong ?
And I also attach those three modified files for your checking, httpd-ssl-conf, httpd-conf, php.ini
It tooks my time for that more than 2 days , please help on it
Please advise, thanks
Duncan
But when I am setting up and using openSSL and setup up self-signed SSL
certification to my localhost site , surfing links such as http://localhost and https://localhost
both are not working and browsers give me the disconnection error message .
Setting up for enabling openssl, I modified some code in http.conf as follows
-taking out "#" in #LoadModule ssl_module modules/mod_ssl.so
and Include "conf/extra/httpd-ssl.conf"
-and take out ";" in ;extension=php_openssl.dl in php.ini
Setting SSL self-sign Certfication, I follow this link at
-http://www.opencodez.com/apache/ssl-certificate-and-install-in-xampp.htm
-and get the crt and key file and put it in httpd-ssl.conf
SSLCertificateFile "c:/xampp/php/extras/openssl/server.crt"
SSLCertificateKeyFile "c:/xampp/php/extras/openssl/server.key"
-and set <VirualHOST> as follows
<VirtualHost localhost:443>
# General setup for the virtual host
DocumentRoot "C:/xampp/htdocs"
ServerName localhost:443
ServerAdmin webmaster@localhost
ErrorLog "logs/error.log"
<IfModule log_config_module>
CustomLog "logs/access.log" combined
</IfModule>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
..............
</</VirtualHost>
-stop xampp server and restart it for files update
But all is not working no matter I try http://localhost:80 or https:localhost:443 both are NOT working for surfing in browsers,Why?
Please advise where the setup is doing wrong ?
And I also attach those three modified files for your checking, httpd-ssl-conf, httpd-conf, php.ini
It tooks my time for that more than 2 days , please help on it
Please advise, thanks
Duncan
Attachment:php.inihttpd-ssl-conf.txthttpd-conf.txt
Author: duncanb7 replied at 2024-06-01 07:41:05
Thanks for your reply, I need new thread to continue this thread
Accepted Solution
Expert: arnold replied at 2024-05-17 10:34:20
167 points GOOD
Yes, the CA used to sign a certificate has to be known by the browser a user uses either by means of being a known CA that is included as trusted or the CA is added as trusted.
Passphrase deals with whether the apache server will start after reboot. If you are fine with the script providing the passphrase, that's fine.
Passphrase deals with whether the apache server will start after reboot. If you are fine with the script providing the passphrase, that's fine.
Author: duncanb7 replied at 2024-05-17 10:10:44
You need to add the CA you created to sign the certificate as trusted in your browser
You mean for all self-sign cert must set trusted cert in all browser , only users and I
cha nge browser security setting to relax in order to read the untrusted cert at the https://localhost
If I don't want users to relax or change any security on their browser , I must
need to buy a truseted Cert from third authority party like Versign or Geotrust.
Is that what you mean ? But if so, why you asking me to removing pass phrase
for What ?
Please advise
Duncan
You mean for all self-sign cert must set trusted cert in all browser , only users and I
cha nge browser security setting to relax in order to read the untrusted cert at the https://localhost
If I don't want users to relax or change any security on their browser , I must
need to buy a truseted Cert from third authority party like Versign or Geotrust.
Is that what you mean ? But if so, why you asking me to removing pass phrase
for What ?
Please advise
Duncan
Expert: arnold replied at 2024-05-17 10:04:12
No, the passphrase is limited to the system where the certificate is installed and is required for apache to load it so that it can communicate with visitors.
External users get the public certificate which their browser uses to encrypt the responses to your server. If your apache web server does not have access to the key, it can not decrypt the response and can not communicate with the visitors.
When you buy a certificate that is signed by a known entity: Verisign, Geotrust, Thwate, GoDaddy, etc. those CA certifcates are published and are often included as trusted on users computers. If you get a Certificate from a newly added issuers, the users will get the same message and will have to make a decision on whether to add the certificate as trusted.
An option could be to include the certificate chain in your cert file.
This way the browser will have a complete chain from the CA that signed your certificate and possibly not prompt the user with the warning but there is no guarantee for that.
External users get the public certificate which their browser uses to encrypt the responses to your server. If your apache web server does not have access to the key, it can not decrypt the response and can not communicate with the visitors.
When you buy a certificate that is signed by a known entity: Verisign, Geotrust, Thwate, GoDaddy, etc. those CA certifcates are published and are often included as trusted on users computers. If you get a Certificate from a newly added issuers, the users will get the same message and will have to make a decision on whether to add the certificate as trusted.
An option could be to include the certificate chain in your cert file.
This way the browser will have a complete chain from the CA that signed your certificate and possibly not prompt the user with the warning but there is no guarantee for that.
Author: duncanb7 replied at 2024-05-17 09:57:19
Be Reminded, no one wants the users to change browser security setting to
use my website Pass phrase saved in file might be one solution becoz
users might NOT know where the file is, RIght ?
use my website Pass phrase saved in file might be one solution becoz
users might NOT know where the file is, RIght ?
Assisted Solution
Expert: arnold replied at 2024-05-17 09:56:55
166 points GOOD
You need to add the CA you created to sign the certificate as trusted in your browser.
Author: duncanb7 replied at 2024-05-17 09:53:58
Warning===>When I type https://localhost, all broswers(chrome, IE, firefox) give me
the security warning, " the website shown the security cert is NOT from the
trusted cert unit issue and suggest to close the web page and Don't
continue to browser the site OR continue going to website
the security warning, " the website shown the security cert is NOT from the
trusted cert unit issue and suggest to close the web page and Don't
continue to browser the site OR continue going to website
Author: duncanb7 replied at 2024-05-17 09:51:15
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_27721692.html
I also open one thread for my issue.
It seems closing to solution but not too soon
Duncan
I also open one thread for my issue.
It seems closing to solution but not too soon
Duncan
Assisted Solution
Expert: arnold replied at 2024-05-17 09:49:05
167 points GOOD
You need to use openssl to strip the passphrase from the certificate.
http://www.openssl.org/related/binaries.html
Download and install.
you would then need to run
openssl rsa -in <current_passphrase_protected.key> -out new.key
you would then rename new.key to
Do the option you think is best.
I've not used that option. Securing the key initially or when moving it as a backup is one thing, maintaining a passphrase is unnecessary.
if someone gained access to copy the key, they have access to copy the script that provides the passphrase.
The security warning tells you what the error is?
Is it the name to which you are going not matching the name on the certificate?
Is the error deals with untrusted CA? i.e. your system does not trust the CA that signed the certificate.
You are not providing any information on which to base a suggestion. If this is a hostname issue, you have to make sure that you use a full hostname i.e. hostname.somedomain.com when creating the certificate.
If this is a self signed certificate, you need to add the CA you created to the trust list on this computer to avoid getting those warnings.
http://www.openssl.org/related/binaries.html
Download and install.
you would then need to run
openssl rsa -in <current_passphrase_protected.key> -out new.key
you would then rename new.key to
Do the option you think is best.
I've not used that option. Securing the key initially or when moving it as a backup is one thing, maintaining a passphrase is unnecessary.
if someone gained access to copy the key, they have access to copy the script that provides the passphrase.
The security warning tells you what the error is?
Is it the name to which you are going not matching the name on the certificate?
Is the error deals with untrusted CA? i.e. your system does not trust the CA that signed the certificate.
You are not providing any information on which to base a suggestion. If this is a hostname issue, you have to make sure that you use a full hostname i.e. hostname.somedomain.com when creating the certificate.
If this is a self signed certificate, you need to add the CA you created to the trust list on this computer to avoid getting those warnings.
Author: duncanb7 replied at 2024-05-17 09:10:43
Dear arnold,
After try the link, it still not work because
every comand input and return and computer will
ask you pass pharse again same as before
So why you say it could moving a passphrase ?
I look at this new link about saving the pas phrase into batach file
and call in httpd-ssl-conf. with setting SSLPassPhraseDialog exec:C:/xampp/apache/conf/passphrase.bat
http://www.devx.com/opensource/Article/20085/1763/page/2
It seems better than your suggestion or more reason but
it still Not working.
I am using XAMPP 1.7.7 any comment for letting me
typing https://localhost without browser security warning.
The crt file is sign-cert from my own
Please
advise
Duncan
After try the link, it still not work because
every comand input and return and computer will
ask you pass pharse again same as before
So why you say it could moving a passphrase ?
I look at this new link about saving the pas phrase into batach file
and call in httpd-ssl-conf. with setting SSLPassPhraseDialog exec:C:/xampp/apache/conf/passphrase.bat
http://www.devx.com/opensource/Article/20085/1763/page/2
It seems better than your suggestion or more reason but
it still Not working.
I am using XAMPP 1.7.7 any comment for letting me
typing https://localhost without browser security warning.
The crt file is sign-cert from my own
Please
advise
Duncan
Expert: arnold replied at 2024-05-15 05:53:51
Youhave to use OpenSSL to strip the password from the certificate.
http://www.mnxsolutions.com/apache/removing-a-passphrase-from-an-ssl-key.html
http://www.mnxsolutions.com/apache/removing-a-passphrase-from-an-ssl-key.html
Author: duncanb7 replied at 2024-05-14 23:13:32
I read the access.log file, and found the error
[Tue May 15 12:48:12 2012] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/xampp/php/extras/openssl/server.key)
and apache can not start because it can not httpd.pid at apachelogs dir
so it seems that related SSL code let apache not start, RIght, any Comment ?
When I add back "#"
#LoadModule ssl_module modules/mod_ssl.so in httpd-conf file that
will back to normal and but only http://localhost works and https://localhost,
of course, not working.
Be Reminded, I generated the crt file already as sign-sign CA following from the example
tutorial link in previous post
Please advise
Duncan
[Tue May 15 12:48:12 2012] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/xampp/php/extras/openssl/server.key)
and apache can not start because it can not httpd.pid at apachelogs dir
so it seems that related SSL code let apache not start, RIght, any Comment ?
When I add back "#"
#LoadModule ssl_module modules/mod_ssl.so in httpd-conf file that
will back to normal and but only http://localhost works and https://localhost,
of course, not working.
Be Reminded, I generated the crt file already as sign-sign CA following from the example
tutorial link in previous post
Please advise
Duncan
Expert: arnold replied at 2024-05-14 21:58:25
What is the error when you start apache?
The issues likely that the certificate can not be verified at which point apache exits. Comment out the include for httpd-ssl.conf and start apache to see if the functionality returns.
The issues likely that the certificate can not be verified at which point apache exits. Comment out the include for httpd-ssl.conf and start apache to see if the functionality returns.
Author: duncanb7 replied at 2024-05-14 21:49:40
SSLCertificateFile "c:/xampp/php/extras/openssl/server.crt" is
aleady included in httpd-ssl.conf so I already included SL certification
Why you said it is missing ?
The error is can not connect to website
Duncan
aleady included in httpd-ssl.conf so I already included SL certification
Why you said it is missing ?
The error is can not connect to website
Duncan
Expert: arnold replied at 2024-05-14 19:03:07
You are missing the certificate information I.e. where the private key is and the certificate.
The certificate has to be within the virtualhost block.
What is the source of the certificate?
What is the error entry when you try to start apache?
The certificate has to be within the virtualhost block.
What is the source of the certificate?
What is the error entry when you try to start apache?