Softaculous


Topic : SSL in AMPPS


2

Posted By: Ikoz on April 14, 2012, 5:58 am | Post: 15
After submitting my CSR, I just got my crt files from Network Solutions. Three of them.

1. www.mysite.com.crt
2. AddTrustExternalCARoot.crt
3. NetworkSolutionsDVServerCA.crt

I know which param the first one belongs to, but I am uncertain about the others. My experiments in vhost (my-vhosts.conf) have been unsuccessful. Let me show my excerpt. (Note: httpd-ssl.conf has been disabled, but my-vhosts.conf is loaded, and works for my non-SSL sites. I put all active params from httpd-ssl.conf into my-vhosts)

PHP Code

 Listen 443
AddType application
/x-x509-ca-cert .crt
AddType application
/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        
"shmcb:{$path}/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex 
default

NameVirtualHost *:443 
<VirtualHost *.com:443
    <
Directory "c:AMPPSAmppswwwjoomla"
        
Options FollowSymLinks Indexes 
        AllowOverride All 
        Order deny
,allow 
        allow from All 
    
</Directory

    
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    ServerName mysite
.com 
    ServerAlias www
.mysite.com 
    DocumentRoot 
"c:/AMPPS/Ampps/www/joomla" 
    
ErrorLog "C:/AMPPS/Ampps/apache/logs/joomla.err" 
    
CustomLog "C:/AMPPS/Ampps/apache/logs/joomla.com.log" combined 
    SSLEngine On 
    SSLCertificateFile 
"C:/AMPPS/Ampps/apache/conf/ssl_crt/WWW.MYSITE.COM.crt" 
    
SSLCertificateKeyFile "C:/AMPPS/Ampps/apache/conf/ssl_key/kgv_server.key" 
    
SSLCertificateChainFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/AddTrustExternalCARoot.crt"
    
SSLCACertificatePath "C:/AMPPS/Ampps/apache/conf/ssl_crt"
    
SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"

    
BrowserMatch ".*MSIE.*" 
         
nokeepalive ssl-unclean-shutdown 
         downgrade
-1.0 force-response-1.0    
</VirtualHost



Any idea what could be wrong?

Thanks

Posted By: tidus on April 14, 2012, 6:58 am | Post: 16
Hi,

I would recommend you to add a Domain from AMPPS Enduser Panel.

Domain Name : mysite.com
Domain Path : c:/Ampps/www/joomla
Enable SSL
Enable Host Entry

A crt file will be generated in ssl_crt folder, just replace it with your crt file make sure the name is same i.e mysite.com.

We won't be able to help you much on manual adding of SSL entries. Although we fond some mistakes in your current my-vhost file,

Quote
SSLSessionCache        "shmcb:{$path}/apache/logs/ssl_scache(512000)"
should be
Code
SSLSessionCache        "shmcb:path/to/Ampps/apache/logs/ssl_scache(512000)"


Quote
<Directory "c:AMPPSAmppswwwjoomla">

should be
Code
<Directory "c:/AMPPS/Ampps/www/joomla">
(I don't get why there is two "AMPPS" in the path)

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack

Posted By: Ikoz on April 14, 2012, 4:19 pm | Post: 17
The 2 ampps folders stem from the first install. So thats in the folder structure.

So I went ahead and removed my-vhosts file, and had the control panel write the vhosts file, as you suggested. But now I have the issue, that when I call my web site I end in the root folder /www from where all web sites descend.

Any ideas?

Posted By: Ikoz on April 14, 2012, 5:26 pm | Post: 18
OK, I found the solution/answers:

#1 - landing in root
When the ampps control panel writes the httpd-vhosts.conf file the entry for <VirtualHost 127.0.0.1:80> and <VirtualHost 127.0.0.1:443>  respectively. When you come in from outside with 192.168.1.x (which is port forwarded from an external maskable IP address) the section is ignored and you land in the root.

When you put <VirtualHost *:80> and <VirtualHost *:443> instead, the section is found and the request lands on the correct web page.

#2 - disable the root
To disable the root directory, you must take away the <VirtualHost 127.0.0.1:80><Directory "C:\AMPPS\Ampps/www"> section. The control panel does not allow you to remove the PRIMARY domain, so you have to do it in the vhosts file manually.

#3 - control panel / domain manager needs more options
Depending on your setup, you may have multiple IP addresses, one for each domain, one IP with multiple host headers, etc. You should provide a field in which you can specify the IP address or * to have better control.

#4 - editing vhosts file manually
at this point, its not possible to get the settings correct without editing the vhosts file by hand.

The certificate I got from Network Solutions works, the only thing that does not show is who "signed the certificate". There must be an additional SSL cert type to show exactly this information. I'll figure it out.

Hope this helps someone else...

Idea: user documentation "how to ;-)"

Thanks


Posted By: Ikoz on April 14, 2012, 5:33 pm | Post: 19
Last one for today:

The following certificate entry will verify the signing authority for the certificate

SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"



Posted By: kevinleijh on July 13, 2012, 11:02 pm | Post: 20
hi how long will the dummy certificate last do i have to replace it lets say for 1 year or 2 years because i'm planning to use it on my office thank you. I tried creating new openssl certificate and replaced the dummy certificate but apache server won't start, can you please help me. Thank you

Posted By: tidus on July 14, 2012, 9:31 am | Post: 21
Hi,

Certificate will expire in One Year.

Try to start Apache from command line and paste the error details here.

On which OS are you using AMPPS ?

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack

Posted By: kevinleijh on July 15, 2012, 2:44 am | Post: 22
im using win 7 thanks

Posted By: tidus on July 16, 2012, 6:03 am | Post: 23
Quote From : kevinleijh July 15, 2012, 2:44 am
im using win 7 thanks


Hi,

Can you open a ticket ? We will look into it.

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack

Posted By: kevinleijh on July 20, 2012, 4:06 am | Post: 24
I'm new here how can I open a ticket thank you!

If SSL is good only for one year is it possible to extend for say 2 years 3 years or any years I  like

Posted By: kevinleijh on July 20, 2012, 4:07 am | Post: 25
by the way I found the solution in case I have to renew SSL I can delete the domain name and add it again with SSL..

Posted By: adgilcan on November 13, 2018, 4:06 pm | Post: 26
Hi

I see that it is now possible to setup a domain with SSL, which is great news.

However, how can I add it to a domain I already have setup?  Must I setup a new domain with SSL and then transfer my site over to that?

Many thanks for the help


Duncan

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.