|
PHP - Apache Https [ssl] Setup
Apache https setup!
Okay so i made my own SSL certificate for my localhost using these commands
OpenSSL: ( CMD > c:\xampp\apache\bin\openssl )
req -config c:\xampp\php\extras\ssl\openssl.cnf -new -out jobnow.csr -keyout jobnow.pem rsa -in jobnow.pem -out c:\jobnow.key x509 -in jobnow.csr -out jobnow.crt -req -signkey c:\jobnow.key -days 369when asked for common name type your ip address. Then i install import the certificate to certmgr.msc Restate Apache https//192.168.0.14 - Doesnt work 192.168.0.14 - Works fine Apache error log: [Wed Sep 10 12:05:41.299000 2014] [ssl:warn] [pid 7840:tid 260] AH01909: RSA certificate configured for localhost:80 does NOT include an ID which matches the server name [Wed Sep 10 12:05:41.301000 2014] [ssl:warn] [pid 7840:tid 260] AH01909: RSA certificate configured for 192.168.0.14:443 does NOT include an ID which matches the server name [Wed Sep 10 12:05:41.301000 2014] [ssl:warn] [pid 7840:tid 260] AH01915: Init: (localhost:80) You configured HTTPS(443) on the standard HTTP(80) port! [Wed Sep 10 12:05:41.373000 2014] [co warn] [pid 7840:tid 260] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Wed Sep 10 12:05:41.616000 2014] [ssl:warn] [pid 7840:tid 260] AH01909: RSA certificate configured for localhost:80 does NOT include an ID which matches the server name [Wed Sep 10 12:05:41.617000 2014] [ssl:warn] [pid 7840:tid 260] AH01909: RSA certificate configured for 192.168.0.14:443 does NOT include an ID which matches the server name [Wed Sep 10 12:05:41.617000 2014] [ssl:warn] [pid 7840:tid 260] AH01915: Init: (localhost:80) You configured HTTPS(443) on the standard HTTP(80) port! [Wed Sep 10 12:05:41.659000 2014] [mpm_winnt:notice] [pid 7840:tid 260] AH00455: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.9 configured -- resuming normal operations [Wed Sep 10 12:05:41.659000 2014] [mpm_winnt:notice] [pid 7840:tid 260] AH00456: Apache Lounge VC11 Server built: Nov 21 2013 20:13:01 [Wed Sep 10 12:05:41.659000 2014] [co notice] [pid 7840:tid 260] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache' [Wed Sep 10 12:05:41.661000 2014] [mpm_winnt:notice] [pid 7840:tid 260] AH00418: Parent: Created child process 7032 [Wed Sep 10 12:05:42.319000 2014] [ssl:warn] [pid 7032:tid 272] AH01909: RSA certificate configured for localhost:80 does NOT include an ID which matches the server name [Wed Sep 10 12:05:42.321000 2014] [ssl:warn] [pid 7032:tid 272] AH01909: RSA certificate configured for 192.168.0.14:443 does NOT include an ID which matches the server name [Wed Sep 10 12:05:42.321000 2014] [ssl:warn] [pid 7032:tid 272] AH01915: Init: (localhost:80) You configured HTTPS(443) on the standard HTTP(80) port! [Wed Sep 10 12:05:42.645000 2014] [ssl:warn] [pid 7032:tid 272] AH01909: RSA certificate configured for localhost:80 does NOT include an ID which matches the server name [Wed Sep 10 12:05:42.646000 2014] [ssl:warn] [pid 7032:tid 272] AH01909: RSA certificate configured for 192.168.0.14:443 does NOT include an ID which matches the server name [Wed Sep 10 12:05:42.646000 2014] [ssl:warn] [pid 7032:tid 272] AH01915: Init: (localhost:80) You configured HTTPS(443) on the standard HTTP(80) port! [Wed Sep 10 12:05:42.688000 2014] [mpm_winnt:notice] [pid 7032:tid 272] AH00354: Child: Starting 150 worker threads. [Wed Sep 10 12:05:54.589000 2014] [authz_co error] [pid 7032:tid 1652] [client 192.168.0.14:3112] AH01630: client denied by server configuration: C:/xampp/htdocs/ [Wed Sep 10 12:05:54.682000 2014] [authz_co error] [pid 7032:tid 1652] [client 192.168.0.14:3112] AH01630: client denied by server configuration: C:/xampp/htdocs/favicon.icoIt says my server name does not match, So i changed the server name to: ( httpd-ssl.conf ) around line 80 ServerName 192.168.0.14:443 DocumentRoot to my httpd.conf document root My .key is in apache/conf/ssl.key my crt is in apache/conf/ssl.crt I hope this helps someone else! i had to post this after how much trouble it was causing me! Similar TutorialsHi
I am not sure if this is the right area for my question, but here goes.
I have a generic script that reads in my wordpress posts and does some pagination.
This code works well on my server (php version 5.2.17):
http://torontomissis...es.com/kath.php
Here is the pdf of the php.ini info: http://torontomissis.../php-5-2-17.pdf
However when I copied it over to another server, the pagination code does not display (php version 5.3.10)
http://blueshiftdesi...g/blog/kath.php
Here is the pdf of the php.ini file info: http://torontomissis...om/php5-3-10.pd
There shouldn't be any reason for this to happen, so I tried to compare the php.ini file from both servers
and there are some differences, one in particular which in the 5.2.17 version
disable_functions is set to "no value" in the 5.2.17 (which works)
and in the 5.3.10 version disable_functions contains a large string of data.
I don't have much experience with the php.ini file so any help is appreciated.
so i have a number of websites on a server all work fine but when i put https://
in front of the other sites on the website's it redirects to another site on the server without changing domain name.
example:
http://www.example.com
works fine
https://www.example.com
shows another site on the server
how can i stop this?
i tryed mod rewrites in htaccess but somehow isnt working?
Hi Guys, Just in the process of learning PHP and I am wandering if I need to learn more when finished to complete a certain process. I apologise if this explanation is pretty naff but I cant think of how to word it, but here goes: So what I am looking at doing with a script is creating a place to display information about games, So what I am thinking is there will be a backend where I can kind of add a new game then inside there I can add news articles, videos, images etc. The one thing I cant wrap my head around is if I were to display like trophies for the games like the PS4 trophies, how this would work. So I imaging the backend to be like 'add a game button' then when I click that I get a setup page where I can enter the title, developer, age rating and so on. With the trophies obviously what I am thinking is a text are that will say how many trophies does the game have? So in there I enter let's say 20 then this will add me 20 slots in which I can enter the trophy title, description and points. So my question is when you are creating a form like this where it works off an action like me entering 20 and it producing 20 slots can all this be done with PHP or do I need to be using other code also? Hope that explanation is decent enough. Huge thank you for any advice in advance. So far, my company has been using Apache (Linux)-based web hosts for our hosting needs. Ever since the Heartbleed bug was found in OpenSSL, which is common to open source software, including Apache HTTP Server, I was wondering if Microsoft's IIS was any more secure than Apache. Opinions?
My arguement is that although IIS is a closed-source system, it is also a widely targeted platform (Windows) so that may be of concern. My argument for Apache is that it is open source, so exploits can be implemented using the source code as well, which is available for free download.
So, the question really is which HTTP server platform is more secure?
Hello,
I cannot work out this one.
I am loading a css file on an https page as:
<link rel="stylesheet" type="text/css" href="/assets/fa687e60/jui/css/base/jquery-ui.css" />
But using the chrome element tool I see this error:
The page at 'https://mysite.com/deal/create' was loaded over HTTPS, but displayed insecure content from 'http://mysite.com/cs...bf9ee_1x400.png': this content should also be loaded over HTTPS.
Now I went in the css file and the code is like that:
.ui-state-highlight, .ui-widget-content .ui-state-highlight, I'm trying to determine the best way to provide HTTPS access to a web application that I'm building. I know that you can use the following code to redirect anyone manually accessing the http version of an https page: Code: [Select] if($_SERVER["HTTPS"] != "on") { header("HTTP/1.1 301 Moved Permanently"); header("Location: "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]); exit(); } I have also heard that you could use mod_rewrite in Apache to achieve similar results. The entire web application should use https so I just want to make sure that I'm setting this up correctly. Feedback on the best approach or other suggestions would be very helpful. Thanks in advance. Anyone know how to force URL with SSL with www.
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions><add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.site.com/{R:0}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
Please check the sample.I want to convert this url www.2aek.com/userprofile.php?username=zac1987 into www.2aek.com/zac1987 How to do that? I google search "dns setup vanity url" but I can't find any result. After I change it to vanity url, the php get method still can function without any problem? Hello guys, im new here , hope i meet great and friendly people here. Anyway, i need some help with a new Post back setup and hope anyone here could help me. This old script work but have problem to put in the new post back, here is it. Code: [Select] include("includes.php"); $subid = $_REQUEST['subid']; $survey = $_REQUEST['survey']; $earn = $_REQUEST['earn']; $pdtshow = $_REQUEST['pdtshow']; //$query_getuserid = mysql_query("SELECT id from members WHERE username= '".$subid."'") or die(mysql_error()); //foreach(mysql_fetch_array($query_getuserid) as $userid); $query_checkRef = mysql_query("SELECT referral_ID from members WHERE username= '".$subid."'") or die(mysql_error()); foreach(mysql_fetch_array($query_checkRef) as $ref_id_user); if ($ref_id_user>=1) { mysql_query("UPDATE members SET points=points+".$pdtshow." WHERE username='".$subid."'"); mysql_query("UPDATE members SET completed_surveys=completed_surveys+1 WHERE username ='".$subid."'"); mysql_query("UPDATE members SET points=points+".$refer_points." WHERE id ='".$ref_id_user."'"); mysql_close(); echo "Success: ".$subid." earned ".$pdtshow." points\n and is referred by".$ref_id_user; }else { mysql_query("UPDATE members SET points=points+".$pdtshow." WHERE username='".$subid."'"); mysql_query("UPDATE members SET completed_surveys=completed_surveys+1 WHERE username ='".$subid."'"); mysql_close(); echo "Success: ".$subid." earned ".$pdtshow." points\n and is referred by nobody"; } ?> Here is the new postback i should insert. Code: [Select] cvid ip name status sid And it should seem like this: http://example.com/postback.php?txid=1234&ip=123.123.123.123&name=Unlocker+#1&status=1&sid=abc Can anyone help me out ? Maybe insert it for me and send it over to me -Trizocy Okay, I am going to try to explain this the best I can, I appreciate and thank you for your help in advance! Okay, this is what I am wanting to do. I want to create a user area on my website. I don't need a common page that every user see's but each user to have there own unique page that they are brought to once they log-in, where they will have there own content that I will change and update often. As for the usernames and passwords, I will be creating these when needed and giving them to the corresponding user, so I am not in need of a registration option. I am needing assistance on how to setup the MySQL database and the PHP coding for this. Remember, I am going to need to be able to add new users w/ passwords when needed. Thanks for your help! I'm trying to run a process using shell_exec, however the program i'm trying to run must communicate with a process that is not a system process, and everytime i run it, it fails, does anyone know how to make a apache server run active windows not in the system process? hey guys i have apache installed but im sure my .htaccess file isnt being read...is there something in the config file i have to do please?...thank you It seems to me that this should be easy, but I can't find it in the manual or the on the web, and the values in $_SERVER don't suggest anything. Context: script A loads script B using HTTPS. Now script B has to load resources (images, style sheets, etc). Browsers often object to HTTP references from a script run by an HTTPS request, so script B should generate URLs that use HTTPS. Thus it has to know that it was loaded with HTTPS. I can do this by brute force if I have to (defining a "protocol" constant in the script itself), but I'd rather make the test automatic. This is a two part question... my previous post was surrounding an issue with Sessions, now I was told that it may be a server side issue so I contacted my host provider who said to me that sessions cookies REQUIRE https?? now this can't be valid because I've had no issues with sessions prior to this week - second part of this is, is there something I'm missing with maybe an updated versions?
PS: yes, i'm new and simply trying to learn... I want to make sure that a specific page (login.php) only has stuff from my https and none from my (or other) http sites. How can I do this? Should I always use HTTPS when users are inputting credit card numbers & billing info? Do you know any sites that don't use HTTPS? I just want to know if it's a total no-no for web applications. Discuss. Not sure if my title line was worded correctly, but here is what I am trying to understand... I need to hook my website up to a payment gateway to accept credit cards. After I package up the customer's payment details and send the payment gateway an XML string, their server supposedly sends back a request for more information OR it indicates a Pass/Fail message. This is where I am getting lost. If I send data over HTTPS using POST, then how am I supposed to receive a message back from them? It's not like we are on the telephone and there is a "live" link between my web server and theirs?! Can someone please explain how this works? Thanks, Debbie (Trying to get my brain back into this old problem which I fixed but want to re-code a better way...) So I was having problems with getting some browser error when people would go to checkout because the page logo was coming from an HTTP source and the page was an HTTPS page. I created a "config" file and had this code... Code: [Select] <?php define('ENVIRONMENT', 'development'); //define('ENVIRONMENT', 'production'); // Secure Web Server Root define('SECURE_WEB_ROOT', ENVIRONMENT === 'development' ? 'http://local.dev3/' : 'https://www.mysite.com/'); ?> Then in my page I had... Code: [Select] <div id="header"> <a href="<?php echo WEB_ROOT ?>index.php"> <img id="logo" src="<?php echo SECURE_WEB_ROOT ?>images/mylogo_200x50.png" width="200" alt="My Logo" /> </a> </div> Is there a better way to do this and eliminate my Config file which is no longer needed since I learned how to create a "Virtual Server"? Debbie Hi guys.. i am not very sure where to post about this issue but im giving a try and hope to get some ideeas where this might come maybe. So i have a small website with a members database.. the website itself it has SSL and works properly on a https connection. The problem comes when a member tries to access via http. Unfortunetaly on a page i have to keep it http due to some ads that i display there and dont work on https. If a member logs in and surfs the website via https everything is working perfectly.. but when he changes and tries to access via http he automatically gets logged out.. if he tries to login via http he also cant and gets an error with an invalid token. So basically i think my database cant connect when accessed by http.. Any of you ever encountered this issue ? Or maybe have some ideeas where this issue is coming from ?
Thanks and any ideea or help very appreciated Hello I have problem on redirecting the site to https when it comes to "www.site.com".
I made this
<rules>
<rule name="Redirect site.com to www" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="site.co" />
</conditions>
<action type="Redirect" url="https://www.site.co/{R:0}" />
</rule>
</rules>
In this sample when I try to access the site through "site.com" it redirect to " https://www.site.com " but when I access the site to www.site.com the https doesn't appear.
|
|||||||