Welcome Guest. Please Login or Register  


You are here: Index > AMPPS > General Support > Topic : SSL in AMPPS

2


Threaded Mode | Print  

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
After submitting my CSR, I just got my crt files from Network Solutions. Three of them.

1. www.mysite.com.crt
2. AddTrustExternalCARoot.crt
3. NetworkSolutionsDVServerCA.crt

I know which param the first one belongs to, but I am uncertain about the others. My experiments in vhost (my-vhosts.conf) have been unsuccessful. Let me show my excerpt. (Note: httpd-ssl.conf has been disabled, but my-vhosts.conf is loaded, and works for my non-SSL sites. I put all active params from httpd-ssl.conf into my-vhosts)

PHP Code

 Listen 443
AddType application
/x-x509-ca-cert .crt
AddType application
/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        
"shmcb:{$path}/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex 
default

NameVirtualHost *:443 
<VirtualHost *.com:443
    <
Directory "c:AMPPSAmppswwwjoomla"
        
Options FollowSymLinks Indexes 
        AllowOverride All 
        Order deny
,allow 
        allow from All 
    
</Directory

    
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    ServerName mysite
.com 
    ServerAlias www
.mysite.com 
    DocumentRoot 
"c:/AMPPS/Ampps/www/joomla" 
    
ErrorLog "C:/AMPPS/Ampps/apache/logs/joomla.err" 
    
CustomLog "C:/AMPPS/Ampps/apache/logs/joomla.com.log" combined 
    SSLEngine On 
    SSLCertificateFile 
"C:/AMPPS/Ampps/apache/conf/ssl_crt/WWW.MYSITE.COM.crt" 
    
SSLCertificateKeyFile "C:/AMPPS/Ampps/apache/conf/ssl_key/kgv_server.key" 
    
SSLCertificateChainFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/AddTrustExternalCARoot.crt"
    
SSLCACertificatePath "C:/AMPPS/Ampps/apache/conf/ssl_crt"
    
SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"

    
BrowserMatch ".*MSIE.*" 
         
nokeepalive ssl-unclean-shutdown 
         downgrade
-1.0 force-response-1.0    
</VirtualHost


Any idea what could be wrong?

Thanks
IP: --   

SSL in AMPPS
tidus
Group: AMPPS Team
Post Group: Super Member
Posts: 1089
Status:
Hi,

I would recommend you to add a Domain from AMPPS Enduser Panel.

Domain Name : mysite.com
Domain Path : c:/Ampps/www/joomla
Enable SSL
Enable Host Entry

A crt file will be generated in ssl_crt folder, just replace it with your crt file make sure the name is same i.e mysite.com.

We won't be able to help you much on manual adding of SSL entries. Although we fond some mistakes in your current my-vhost file,

Quote
SSLSessionCache        "shmcb:{$path}/apache/logs/ssl_scache(512000)"
should be
Code
SSLSessionCache        "shmcb:path/to/Ampps/apache/logs/ssl_scache(512000)"
Quote
<Directory "c:AMPPSAmppswwwjoomla">
should be
Code
<Directory "c:/AMPPS/Ampps/www/joomla">
(I don't get why there is two "AMPPS" in the path)

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
The 2 ampps folders stem from the first install. So thats in the folder structure.

So I went ahead and removed my-vhosts file, and had the control panel write the vhosts file, as you suggested. But now I have the issue, that when I call my web site I end in the root folder /www from where all web sites descend.

Any ideas?
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
OK, I found the solution/answers:

#1 - landing in root
When the ampps control panel writes the httpd-vhosts.conf file the entry for <VirtualHost 127.0.0.1:80> and <VirtualHost 127.0.0.1:443>  respectively. When you come in from outside with 192.168.1.x (which is port forwarded from an external maskable IP address) the section is ignored and you land in the root.

When you put <VirtualHost *:80> and <VirtualHost *:443> instead, the section is found and the request lands on the correct web page.

#2 - disable the root
To disable the root directory, you must take away the <VirtualHost 127.0.0.1:80><Directory "C:\AMPPS\Ampps/www"> section. The control panel does not allow you to remove the PRIMARY domain, so you have to do it in the vhosts file manually.

#3 - control panel / domain manager needs more options
Depending on your setup, you may have multiple IP addresses, one for each domain, one IP with multiple host headers, etc. You should provide a field in which you can specify the IP address or * to have better control.

#4 - editing vhosts file manually
at this point, its not possible to get the settings correct without editing the vhosts file by hand.

The certificate I got from Network Solutions works, the only thing that does not show is who "signed the certificate". There must be an additional SSL cert type to show exactly this information. I'll figure it out.

Hope this helps someone else...

Idea: user documentation "how to ;-)"

Thanks

IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
Last one for today:

The following certificate entry will verify the signing authority for the certificate

SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"


IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
hi how long will the dummy certificate last do i have to replace it lets say for 1 year or 2 years because i'm planning to use it on my office thank you. I tried creating new openssl certificate and replaced the dummy certificate but apache server won't start, can you please help me. Thank you
IP: --   

SSL in AMPPS
tidus
Group: AMPPS Team
Post Group: Super Member
Posts: 1089
Status:
Hi,

Certificate will expire in One Year.

Try to start Apache from command line and paste the error details here.

On which OS are you using AMPPS ?

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
im using win 7 thanks
IP: --   

SSL in AMPPS
tidus
Group: AMPPS Team
Post Group: Super Member
Posts: 1089
Status:
Quote From : kevinleijh July 15, 2012, 2:44 am
im using win 7 thanks
Hi,

Can you open a ticket ? We will look into it.

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
I'm new here how can I open a ticket thank you!

If SSL is good only for one year is it possible to extend for say 2 years 3 years or any years I  like
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
by the way I found the solution in case I have to renew SSL I can delete the domain name and add it again with SSL..
IP: --   

« Previous    Next »

Threaded Mode | Print  

2


Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is August 23, 2014, 5:39 am.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:1.352