Basically facebook scraper (https://developers.facebook.com/tools/debug/og/object/) tells that:
Curl Error : SSL_CACERT SSL certificate problem: unable to get local issuer certificate
Tested my site's url here:
https://whatsmychaincert.com/?mysite.com
and this tells:
my site is misconfigured. This is the chain it should be using.
I'm scared to download the chain file from this site as I guess I already have it all from GoDaddy.
Coming back to my facebook scraper problem. I did google search and found that the Curl error is due to PHP version. As I checked, I have latest PHP running. But I still downloaded cacert.pem from official site and added in the same folder where my ssl certs reside(/etc/ssl/certs). Then edited php.ini located /opt/bitnami/php/etc.
so it reads:
curl.cainfo ="/etc/ssl/certs/cacert.pem"
Restarted apache still the issue persisted. So I focused on fixing the SSL cert issue.
This is how my default-ssl.conf looks like:
SSLCertificateFile /etc/ssl/certs/a639a4be86615af.crt
SSLCertificateKeyFile /etc/ssl/certs/mysite.key
SSLCertificateChainFile /etc/ssl/certs/mysite.com.chain.crt (downloaded from https://whatsmychaincert.com/)
SSLCACertificateFile /etc/ssl/certs/a639a4be86615af.pem
Bytheway my site shows https connection. But in Firefox I dont see any images loaded. Could that related to the (unable to get local issuer certificate)
What's wrong with my configuration? How do I fix it?
EDIT:
I'm using wordpress bitnami set.So I edited two paths for the ssl config. /etc/apache2/sites-available/default-ssl.conf and /opt/bitnami/apache2/conf/extra/httpd-ssl.conf
My latest SSL config file:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin hello#mysite.com
ServerName mysite.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/b8ad60af28cd1745.crt
SSLCertificateKeyFile /etc/ssl/private/mysite.key
SSLCertificateChainFile /etc/ssl/certs/b8ad60af28cd1745.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Unlike browsers PHP Curl doesn't reconstruct the certificate tree from other sources. So if your cert tree is incomplete, CURL cannot verify your site certificate.
Your VirtualHost configuration should have following:
SSLCertificateFile - your site certificate
SSLCertificateKeyFile - key for the CertificateFile
SSLCertificateChainFile - file containing all intermediate certificates from leaf to root (so curl can connect your certificate to the one in /etc/ssl/certs/cacert.pem)
Since 2.4.8 you can put all certificates from leaf to root into SSLCertificateFile (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile)
You can test your SSL configuration using https://www.ssllabs.com/ssltest/index.html which also reports incomplete certificate tree.
Related
I am trying to run a Site WEB on "Private Network" or by "Public Network via HTTPS (SSL) on XAMPP. I flow this etaps:
1- "C:\xampp\apache\makecert.bat" to make the Certificate.
2- httpd.conf Remove (#) form LoadModule ssl_module modules/mod_ssl.so
3- php.ini Remove (;) from extension=php_openssl.dll
Restart apache and chrome!
localhost uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER
https://192.168.1.100 Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
Open your "apache/conf/httpd.conf" file and add the following lines (right after closing </Directory> tag):
<VirtualHost *:443>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost:443
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\xampp\htdocs">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
then restart your "Apache" and check back again "https://localhost".
I have a problem with .htaccess configuration. My webserver is Apache2, and my website was coded by PHP. But, I have some trouble with .htaccess.
While I'm accessing it via non-ssl (http://mywebsite.dev), my .htaccess was work. I use .htaccess for URL Rewrite and handling error by custom template. But, when I access it via SSL (https://mywebsite.dev), for Index page was work. But, when I access https://mywebsite.dev/page/about, it's display 404 Not Found (displaying default 404 Not Found page, not my custom page. It's mean, my .htaccess code not load).
For my URL structure, it was http://mywebsite.dev/?load=page&page=about. If I access http://mywebsite.dev/page/about, it works. But, not via SSL. What is problem? Btw, my /etc/apache2/sites-available/website.conf code is:
<VirtualHost *:80>
ServerName mydomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/website/
<Directory /var/www/html/website>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# enabled or disabled at a global level, it is possible to
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
And, my .htaccess code is:
RewriteEngine On
RewriteRule ^page/([A-Za-z0-9-]+)/?$ index.php?load=page&page=$1 [NC]
ErrorDocument 404 /public/404.html
I'm developing it with in Windows using Laragon. And for Production env is: Ubuntu 16, PHP 7, and Apache2. Thanks.
Sorry for grammar mistakes, or you don't understand what I mean. Thank you very much was reading my question :)
The line <VirtualHost *:80> tells apache that this configuration only applies for traffic coming on all interfaces (*) but only on the port 80 (:80). The AllowOverride All isn't applied on https (port 443) since it doesn't match.
To fix this, you need an other virtual host, <VirtualHost *:443>. You can either duplicate the content in the two virtual hosts or use an include, see this server fault answer.
I am trying to get Xampp to work in https, but I am having a few issues.
What I have done so far:
mod_ssl.so is loaded
php_openssl.dll is loaded
DocumentRoot in httpd-ssl.conf was changed from C:/xampp/htdocs to C:/xampp/ as this is where all of the directories of my sites are.
Do I need to change the server name in httpd-ssl.conf?
Edit: do I need to add virtual host in httpd-vhosts.conf on port 443 as well as 80? Also, do Xampp come with a built in SSL cert etc.?
I think the best way is creating a VirtualHost for each project you're developing.
Otherwise, you would need change the DocumentRoot for the project you're developing at the time.
So, you can change "httpd-vhosts.conf" file and create a VH for port 80 redirecting all the requests to a VH for port 443 (if you want to disable HTTP only), like this:
• HTTP
<VirtualHost *:80>
ServerName yoursite.your.domain
Redirect / https://yoursite.your.domain/
</VirtualHost>
• HTTPS
<VirtualHost *:443>
ServerName yoursite.your.domain:443
#in your case you're not using htdocs, so DocumentRoot be like
DocumentRoot "C:\xampp\yourproject"
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, PUT, GET, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type"
</IfModule>
#the same here
<Directory "C:\xampp\yourproject">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
#check your absolute path bellow
SSLEngine on
SSLCertificateFile "C:\xampp\apache\conf\ssl.crt\server.crt"
SSLCertificateKeyFile "C:\xampp\apache\conf\ssl.key\server.key"
</VirtualHost>
About the certificate, I think XAMPP actually come with a built in SSL certificate, but, even it didn't came, you can generate it using his tools. You can see a lot of tutorials in the internet about this.
Context: production server with SSL installed. Running apache server. PHP.
Problem: for an specific url like (for example: www.domain.com/whatever/edit/*) I want to ask users to use their certificate in order to authenticate them for an specific task.
I have read that this way of authentication is called two-way authentication SSL. I don't know whether I am right or not.
What I have tried on server configuration is the following
<VirtualHost _default_:433>
ServerAdmin webmaster#localhost
DocumentRoot /Applications/MAMP/htdocs/smartdataprotection/web/
Options FollowSymLinks
Options Indexes FollowSymLinks MultiViews
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /Applications/MAMP/htdocs/certificates/server.cer
SSLCertificateKeyFile /Applications/MAMP/htdocs/certificates/server.key
SSLOptions +StdEnvVars
# Below for 2 way ssl
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /Applications/MAMP/htdocs/certificates/ca.cer
What I would like to get is something similar to the following screen capture:
Thank you very much in advanced any help will be very welcome and highly appreciate.
Regards.
I think that you're missing SSLCipherSuite directive . In apache documentation:
This complex directive uses a colon-separated cipher-spec string
consisting of OpenSSL cipher specifications to configure the Cipher
Suite the client is permitted to negotiate in the SSL handshake phase.
Also normally you want to login in a site with certificate in specific location not directly in www.yourdomain.com, for example in a button link with goes to wwww.yourdomain.com/yourApp/loginCert so you have to configure <Location> inside the <VirtualHost>.
Finally check the file indicated in the SSLCACertificateFile directive, this file is a concatenation of CA certificates in a PEM format, which issues the certificates allowed to login in your site, if your certificate is not issued by one of the CAs inside this file they will be not showed up in the browser popup.
The configuration could looks like:
<VirtualHost _default_:433>
...
<Location /yourApp/loginCert>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient required
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
Hope this helps,
I have created a Laravel application on my local Ubuntu machine. But I want to use HTTPS on all of its wild card sub-domains. How can I do this locally? By the way, I have added my site URL on etc/hosts so I don't need to type localhost but instead www.mysite.loc.
Answer in this question How can I install SSL on localhost in Ubuntu?, I think will only work on the main domain.
No, the answer with this question How can I install SSL on localhost in Ubuntu? is working fine. But you need to modify few lines of code in your conf file.
I manage to try it now and works fine but I got this irritating message from my browser that the site I am accessing is not secure. Though it's okay, since it is just self signed certificate.
In my /etc/hosts I added several sub domains for my local site since it will not work even you configured your virtual host properly because the site your developing is not yet accessible online.
Say, www.mydomain.com, hello.mydomain.com, world.mydomain.com
Now, we need to enable SSL module
sudo a2enmod ssl
Restart Apache
sudo service apache2 restart
Create a folder for Self-signed SSL Certificates
sudo mkdir /etc/apache2/ssl
Generate key and other stuffs for SSL
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Answer questions their and use your domain say mydomain.com as Common name
Now I edited the conf file of my virtual host which resides in /etc/apache2/sites-available/mydomain.com.conf
This is the what's inside
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
ServerName www.mydomain.com
ServerAlias mydomain.com *.mydomain.com
DocumentRoot /home/me/projects/www/mysite_folder
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/home/me/projects/www/mysite_folder">
SSLOptions +StdEnvVars
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
AllowOverride All
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
If you already enable your virtual host, you need to skip this step. Else, type
sudo a2ensite mydomain.com.conf
Lastly, you need to restart Apache again by
sudo service apache2 restart
Hope it helps you! You can now access your site using https
Ex. https://www.mydomain.com, https://hello.mydomain.com, https://world.mydomain.com