Welcome Guest. Please Login or Register  


You are here: Index > AMPPS > General Support > Topic : SSL in AMPPS

1


Threaded Mode | Print  

 SSL in AMPPS, SSL in AMPPS? (25 Replies, Read 35980 times)
sluiting
Group: Member
Post Group: Working Newbie
Posts: 98
Status:
Hi, I tried to find somewhere in ampps where I could create a https SSL option for a domain and was unsuccessful.

I see that openSSL is installed in Apache but I had to create a cert manually with the help of our IT person. We then had to figure out what to write and where to put the code that would allow the server to recognize SSL after the key was generated. (basicaLLy copying the VHost code from httpd-vhosts.conf
and adding a few lines.

I modified this file: Ampps\apache\conf\extra\httpd-ssl.conf by adding

NameVirtualHost yourwebsite.com:443
<VirtualHost yourwebsite.com:443>
    <Directory "c:/program files (x86)/ampps/www/yourwebsite.com">
        Options FollowSymLinks Indexes
        AllowOverride All
        Order deny,allow
        allow from All
    </Directory>
    ServerName yourwebsite.com
    ServerAliasyourwebsite.com
    ScriptAlias /cgi-bin/ "c:/program files (x86)/ampps/www/yourwebsite.com/cgi-bin/"
    DocumentRoot "c:/program files (x86)/ampps/www/yourwebsite.com"
    ErrorLog "C:/Program Files (x86)/Ampps/apache/logs/yourwebsite.com.err"
    CustomLog "C:/Program Files (x86)/Ampps/apache/logs/yourwebsite.com.log" combined
    SSLEngine On
    SSLCertificateFile conf/ssl/my-server.cert
    SSLCertificateKeyFile conf/ssl/my-server.key
</VirtualHost>

Is their a better way to do this? Can ampps do this or I was I simply unable to find the script or app? Could this functionality be added?

IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Quote From : sluiting December 1, 2011, 3:44 pm
Hi, I tried to find somewhere in ampps where I could create a https SSL option for a domain and was unsuccessful.

I see that openSSL is installed in Apache but I had to create a cert manually with the help of our IT person. We then had to figure out what to write and where to put the code that would allow the server to recognize SSL after the key was generated. (basicaLLy copying the VHost code from httpd-vhosts.conf
and adding a few lines.

I modified this file: Ampps\apache\conf\extra\httpd-ssl.conf by adding

NameVirtualHost yourwebsite.com:443
<VirtualHost yourwebsite.com:443>
    <Directory "c:/program files (x86)/ampps/www/yourwebsite.com">
        Options FollowSymLinks Indexes
        AllowOverride All
        Order deny,allow
        allow from All
    </Directory>
    ServerName yourwebsite.com
    ServerAliasyourwebsite.com
    ScriptAlias /cgi-bin/ "c:/program files (x86)/ampps/www/yourwebsite.com/cgi-bin/"
    DocumentRoot "c:/program files (x86)/ampps/www/yourwebsite.com"
    ErrorLog "C:/Program Files (x86)/Ampps/apache/logs/yourwebsite.com.err"
    CustomLog "C:/Program Files (x86)/Ampps/apache/logs/yourwebsite.com.log" combined
    SSLEngine On
    SSLCertificateFile conf/ssl/my-server.cert
    SSLCertificateKeyFile conf/ssl/my-server.key
</VirtualHost>

Is their a better way to do this? Can ampps do this or I was I simply unable to find the script or app? Could this functionality be added?

Hi,

We have replied to your ticket. Please let us know if you need any further information.


-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
I am in need of the same. Before I can obtain a certificate I need to produce a CSR - a request file - I once knew how to do this in IIS. How do I do this wich apache under Windows? Thanks for your help
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
so I tried openssl.exe and it wants to read a config file from /usr/local/ssl/... needless to say, this is located somewhere else under apache\conf...
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Hi Ikoz,

We have added SSL support in AMPPS 1.7 i.e now AMPPS will be able to generate dummy certificates and SSL entries in your vhost file for your domain and localhost. You can update your AMPPS to latest version from http://www.ampps.com/download

Note: Please take a backup of whole Ampps folder before updating.

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
This was bad advise. I just "upgraded" with the result, that I cannot log on to AMPS control panel anymore because it won't recognize my password - it did remember the user id (probably cookie). The application is not reachable anymore from outside or inside. Database connection error (2) Could not connect to MySQL. My entire configuration with vhosts is ignored...  httpd.conf is overwritten..

I do not know where to start!!!
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Hi,

Just follow this post to solve the Login problem.
http://www.softaculous.com/board/index.php?tid=2626&title=Securing_AMPPS_results_in_lock-out#p9640

Please open a ticket so that we can look into this issue.
http://www.ampps.com/support

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
OK, the softpanel.php solved the admin problem...
The database connection issue stems from the fact that your copied the databases but not the mysql users and their privileges. These have to be recreated. So 3 things that would help in an upgrade scenario:

1. Install softpanel.php automatically
2. Keep the security settings for phpMyAdmin (e.g. http for auth_)
3. Keep the MySQL users (including root password and other users)

Thanks
-Iko

P.S. Let's see how the SSL works ;-)
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
Oh, btw, I found the following users added to my mysql user list:

Any
drup127
joom251
mw966
oxwa153
vtig323
wp92

Anyone know where they come from? I have WordPress, Drupal, and Joomla on that box. Are these from spiders, right after you install MySQL and the pw was reset?

Thanks
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
And one more item I forgot in my list of things that should be preserved or backed-up, when upgrading, that is the httpd.conf file. I had an entry for vhost files with a different name, and the new conf file set that back the default vhosts... Thx
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Hi,

Quote
The database connection issue stems from the fact that your copied the databases but not the mysql users and their privileges. These have to be recreated. So 3 things that would help in an upgrade scenario:

1. Install softpanel.php automatically
2. Keep the security settings for phpMyAdmin (e.g. http for auth_)
3. Keep the MySQL users (including root password and other users)


Quote
Oh, btw, I found the following users added to my mysql user list:

Any
drup127
joom251
mw966
oxwa153
vtig323
wp92

Anyone know where they come from? I have WordPress, Drupal, and Joomla on that box. Are these from spiders, right after you install MySQL and the pw was reset?
Strange, because in update package we don't provide mysql database. Still we will recheck it. In case we have left any users after finalizing the test. Thanks for reporting all the issues. we will surely look into this.

Quote
And one more item I forgot in my list of things that should be preserved or backed-up, when upgrading, that is the httpd.conf file. I had an entry for vhost files with a different name, and the new conf file set that back the default vhosts... Thx
Also we don't provide httpd.conf in the update package. Also if you have noticed, AMPPS doesn't use any vhost entries in httpd.conf file. It uses in httpd-vhost.conf.

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
I went thru the process of generating a CSR using openssl.exe. It will still throw an error that it cannot find the openssl.cnf file (with a nix path). In your req command you will have to specify option

-config "C:\AMPPS\Ampps\apache\conf\openssl.cnf"

I have not yet received the certificate just yet, but will report if it's working...
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Quote From : Ikoz April 13, 2012, 6:29 pm
I went thru the process of generating a CSR using openssl.exe. It will still throw an error that it cannot find the openssl.cnf file (with a nix path). In your req command you will have to specify option

-config "C:\AMPPS\Ampps\apache\conf\openssl.cnf"

I have not yet received the certificate just yet, but will report if it's working...
Hi,

Go to "Add Domain" in Enduser Panel.

Enter the details and check to generate SSL entries, by doing this. AMPPS will generate certificate for you in "path/to/Ampps/apache/conf/ssl_crt" folder, csr & key files are generated in ssl_csr & ssl_key folder respectively.

If you still want to create your own cert file, you will have to create a OPENSSL_CONF environment variable and add a "path/to/Ampps/apache/conf/openssl.cnf" value to it. This will solve your /usr/local/ssl/.... issue and yes -config option in the command should also work.

Edited by tidus : April 13, 2012, 6:40 pm

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
I did not know you could do it from the panel. I added all my domains manually in a my-vhost file that I import in httpd.conf. When I first inquired about multiple domains in this forum, I was given the "recipe"to add entries to the vhosts file.

Reagrading SQL: you did not create a new copy of MySQL, but you added some users and removed some users I already had... which created the reported issues.

Thanks
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Quote From : Ikoz April 14, 2012, 3:19 am
I did not know you could do it from the panel. I added all my domains manually in a my-vhost file that I import in httpd.conf. When I first inquired about multiple domains in this forum, I was given the "recipe"to add entries to the vhosts file.
Yes. Now in new version, AMPPS will be taking care of your domains. Don't change anything in httpd-vhosts.conf because it rebuilds every time a new domain is added. So all the changes you have made in httpd-vhosts.conf manually will be lost.

Also if you want to do any changes in httpd.conf file please do it from AMPPS Application i.e (AMPPS Application -> Apache Tab -> Configuration File) do your changes in it and save the file. Don't make any changes directly into httpd.conf file.

Quote
Reagrading SQL: you did not create a new copy of MySQL, but you added some users and removed some users I already had... which created the reported issues.
Will are looking into this.

Thanks

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
After submitting my CSR, I just got my crt files from Network Solutions. Three of them.

1. www.mysite.com.crt
2. AddTrustExternalCARoot.crt
3. NetworkSolutionsDVServerCA.crt

I know which param the first one belongs to, but I am uncertain about the others. My experiments in vhost (my-vhosts.conf) have been unsuccessful. Let me show my excerpt. (Note: httpd-ssl.conf has been disabled, but my-vhosts.conf is loaded, and works for my non-SSL sites. I put all active params from httpd-ssl.conf into my-vhosts)

PHP Code

 Listen 443
AddType application
/x-x509-ca-cert .crt
AddType application
/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        
"shmcb:{$path}/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex 
default

NameVirtualHost *:443 
<VirtualHost *.com:443
    <
Directory "c:AMPPSAmppswwwjoomla"
        
Options FollowSymLinks Indexes 
        AllowOverride All 
        Order deny
,allow 
        allow from All 
    
</Directory

    
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    ServerName mysite
.com 
    ServerAlias www
.mysite.com 
    DocumentRoot 
"c:/AMPPS/Ampps/www/joomla" 
    
ErrorLog "C:/AMPPS/Ampps/apache/logs/joomla.err" 
    
CustomLog "C:/AMPPS/Ampps/apache/logs/joomla.com.log" combined 
    SSLEngine On 
    SSLCertificateFile 
"C:/AMPPS/Ampps/apache/conf/ssl_crt/WWW.MYSITE.COM.crt" 
    
SSLCertificateKeyFile "C:/AMPPS/Ampps/apache/conf/ssl_key/kgv_server.key" 
    
SSLCertificateChainFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/AddTrustExternalCARoot.crt"
    
SSLCACertificatePath "C:/AMPPS/Ampps/apache/conf/ssl_crt"
    
SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"

    
BrowserMatch ".*MSIE.*" 
         
nokeepalive ssl-unclean-shutdown 
         downgrade
-1.0 force-response-1.0    
</VirtualHost


Any idea what could be wrong?

Thanks
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Hi,

I would recommend you to add a Domain from AMPPS Enduser Panel.

Domain Name : mysite.com
Domain Path : c:/Ampps/www/joomla
Enable SSL
Enable Host Entry

A crt file will be generated in ssl_crt folder, just replace it with your crt file make sure the name is same i.e mysite.com.

We won't be able to help you much on manual adding of SSL entries. Although we fond some mistakes in your current my-vhost file,

Quote
SSLSessionCache        "shmcb:{$path}/apache/logs/ssl_scache(512000)"
should be
Code
SSLSessionCache        "shmcb:path/to/Ampps/apache/logs/ssl_scache(512000)"
Quote
<Directory "c:AMPPSAmppswwwjoomla">
should be
Code
<Directory "c:/AMPPS/Ampps/www/joomla">
(I don't get why there is two "AMPPS" in the path)

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
The 2 ampps folders stem from the first install. So thats in the folder structure.

So I went ahead and removed my-vhosts file, and had the control panel write the vhosts file, as you suggested. But now I have the issue, that when I call my web site I end in the root folder /www from where all web sites descend.

Any ideas?
IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
OK, I found the solution/answers:

#1 - landing in root
When the ampps control panel writes the httpd-vhosts.conf file the entry for <VirtualHost 127.0.0.1:80> and <VirtualHost 127.0.0.1:443>  respectively. When you come in from outside with 192.168.1.x (which is port forwarded from an external maskable IP address) the section is ignored and you land in the root.

When you put <VirtualHost *:80> and <VirtualHost *:443> instead, the section is found and the request lands on the correct web page.

#2 - disable the root
To disable the root directory, you must take away the <VirtualHost 127.0.0.1:80><Directory "C:\AMPPS\Ampps/www"> section. The control panel does not allow you to remove the PRIMARY domain, so you have to do it in the vhosts file manually.

#3 - control panel / domain manager needs more options
Depending on your setup, you may have multiple IP addresses, one for each domain, one IP with multiple host headers, etc. You should provide a field in which you can specify the IP address or * to have better control.

#4 - editing vhosts file manually
at this point, its not possible to get the settings correct without editing the vhosts file by hand.

The certificate I got from Network Solutions works, the only thing that does not show is who "signed the certificate". There must be an additional SSL cert type to show exactly this information. I'll figure it out.

Hope this helps someone else...

Idea: user documentation "how to ;-)"

Thanks

IP: --   

SSL in AMPPS
Ikoz
Group: Member
Post Group: Newbie
Posts: 19
Status:
Last one for today:

The following certificate entry will verify the signing authority for the certificate

SSLCACertificateFile "C:/AMPPS/Ampps/apache/conf/ssl_crt/NetworkSolutionsDVServerCA.crt"


IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
hi how long will the dummy certificate last do i have to replace it lets say for 1 year or 2 years because i'm planning to use it on my office thank you. I tried creating new openssl certificate and replaced the dummy certificate but apache server won't start, can you please help me. Thank you
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Hi,

Certificate will expire in One Year.

Try to start Apache from command line and paste the error details here.

On which OS are you using AMPPS ?

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
im using win 7 thanks
IP: --   

SSL in AMPPS
tidus
Group: Member
Post Group: Super Member
Posts: 1123
Status:
Quote From : kevinleijh July 15, 2012, 2:44 am
im using win 7 thanks
Hi,

Can you open a ticket ? We will look into it.

-----------------------
Follow AMPPS on,
Twitter : https://twitter.com/AMPPS_Stack
Facebook :  http://www.facebook.com/softaculousampps
Google+ : https://plus.google.com/+AmppsStack
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
I'm new here how can I open a ticket thank you!

If SSL is good only for one year is it possible to extend for say 2 years 3 years or any years I  like
IP: --   

SSL in AMPPS
kevinleijh
Group: Member
Post Group: Newbie
Posts: 6
Status:
by the way I found the solution in case I have to renew SSL I can delete the domain name and add it again with SSL..
IP: --   

« Previous    Next »

Threaded Mode | Print  

1


Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is October 22, 2017, 6:37 am.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.698