I have a Windows 2008 R2 Server with IIS 7.5 installed and PHP 5.6.6.
I have a site set up that is using a SSL certificate which is working fine (domain1.com).
I am now trying to setup a second PHP site (domain2.com) which does not require SSL.
When I browse to domain2.com I get the following error in Chrome:
This server could not prove that it is domain2.com; its security certificate is from domain1.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Somewhere there is a setting that is forcing domain2.com to try and use SSL but I cannot see where and cannot find any solutions by searching the Internet.
Does anyone have any pointers?
Many thanks,
John
Used a wildcard certificate to resolve this in the end.
Related
I have a offline website installed on my localhost PC , I am using xampp with apache. I installed everything and I can access the website from browsers normally. But when I am trying to send any PHP POST or GET requests to this localhost from anywhere like PostMan or any other online website I got connection Refused Error. Also its happen with file_get_contents.
I don't have much experience in Windows firewall or apache configuration so I need advice for what can I do?
it was a CSF firewall error from the online server side. it was not allow me to send the requests outside the server without whitelisted the requested server :)
Thanks
I've been running a php file-server from behind an apache 2.2 reverse proxy for several years with no issues.
The wan-facing server is SSL'd [https://], the proxied server (on our LAN) that hosts the app isn't.
I'm trying to provision a replacement front-end server, with apache 2.4.
In testing the replacement server, the php auth hangs when proxied from sites-enabled/default-ssl, even though it works fine from sites-enabled/000-default [non-SSL].
Not finding any clues in logs or conf files.
Appreciate any insights or guesses as to where the issue may lie.
Thanks!
Well, this is embarrassing ... I omitted two crucial steps, which are both present in the current live front-end server:
a2enmod headers
and
RequestHeader set X-Forwarded-Proto "https" to default-ssl.conf
Bingo.
I've built a website (PHP5, HTML5, CSS3, node.js, MySQL 5) that works fine - it requires SSL - I coded it to reload users with https if they're not already using it. I have deployed this site successfully to many linux servers before - I know how to do that but - I need to deploy this to a VPS that has WHM on it.
I studied WHM. What i've done so far at a high level:
added an account for say xyz - with shell access
ssh/ftp into that account using the ip-address of the VPS
install code in /home/xyz/public_html with 755/644 permissions
built a custom php.ini in /home/xyz/public_html with needed settings
mysql -u root - set root password and added database/user xyz and grant all on xyz to user xyz
MySQL Workbench into the VPS using SSL user xyz - set up database xyz
pointed the xyz domain at the IP address of the VPS
The website works for http but for https all I get is 404 Not Found. I expect it's looking in the directory where WHM is installed for those assets. I cannot see the apache logs to confirm this.
From what I know about SSL you can only have 1 website on a server that uses SSL. WHM is the one website on this server that is already using SSL.
This dawned on me - a duh moment when I got my first 404.
I've searched everywhere and found nothing - what i've managed to guess so far is that I will have to do this thru WHM - I need to:
add an IP-address in WHM - I see where to do that but do I just make one up? do I have to call GoDaddy and get them to give me one? or buy one?
move my xyz account to that IP address in WHM - I see where to do that
and then somehow get DNS servers to go to that IP instead of the IP of the VPS. This is where it gets over my head
I've searched for days and all I can find anywhere is tons of articles on installing SSL certificates. I'll get to that point eventually but for now I just want my website to work. Am I moving in the right direction?
I apologize for the long question I'm trying to demonstrate that I have researched this and tried everything I know. Thanks.
Usually, in a WHM server, the logs for a domain/s are located in the /usr/local/apache/domlogs directory. Check those.
Generic error logs for Apache are in the /usr/local/apache/logs/ dir.
With WHM you can install SSL certificates as much as you want. It has SNI enabled by default.
I cannot guess what your problem is without access, so you should start with your log files and go from there.
I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.
I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:
phpCAS::setNoCasServerValidation();
is the enabled one. I think I should use instead:
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:
could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]
The cas server provided me two .crt files:
MYCASRootCA.crt
MYCASLinuxSUBCA.crt
And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:
/usr/share/ca-certificates/lut/MYCASRootCA.crt
/usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt
So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?
I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).
I am a little bit lost with certificates as you can see.
I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).
Any ideas would be appreciated...
I have found the solution asking in the github library: https://github.com/Jasig/phpCAS/issues/119
The reason is that the curl binary used by PHP in my xampp installation is different from the system's curl binary. The system one has access to /etc/ssl/certs/ certificates, but the xampp curl does not have (unless you don't indicate it, of course). By default, it searches in a special certificate-bundle-file.
Finally I have found the real certificate for my cas-server and I am using it, however maybe you want to use other proposed solution at the end of the discussion thread if you are having a similar problem.
Ok, I'm sure someone is going to tell me this is a really dumb idea but please humor me.
I have a php site that is hosted using Lighttpd. I have multiple domains that resolve to my website (for example...mysite.com and mysite2.com). These sites need to use https.
When either mysite.com or mysite2.com are requested I want my php page to respond with the correct certificate. So, to clarify, when the browser gets the response from my php page it will not complain about the certificate because it will use the correct certificate.
Is this possible? How?
Thanks!
EV
By the time PHP is running the SSL handshake has already been completed by your web server, so there's no way it can do anything about the certificate.
If you're using name-based virtual hosting but you still want to use different SSL certificates, you can leverage on SNI (an extension on SSL and TLS) which is supported by most browsers and web servers (requires OpenSSL >= 0.9.8), including Lighttpd.