Ok, I'm sure someone is going to tell me this is a really dumb idea but please humor me.
I have a php site that is hosted using Lighttpd. I have multiple domains that resolve to my website (for example...mysite.com and mysite2.com). These sites need to use https.
When either mysite.com or mysite2.com are requested I want my php page to respond with the correct certificate. So, to clarify, when the browser gets the response from my php page it will not complain about the certificate because it will use the correct certificate.
Is this possible? How?
Thanks!
EV
By the time PHP is running the SSL handshake has already been completed by your web server, so there's no way it can do anything about the certificate.
If you're using name-based virtual hosting but you still want to use different SSL certificates, you can leverage on SNI (an extension on SSL and TLS) which is supported by most browsers and web servers (requires OpenSSL >= 0.9.8), including Lighttpd.
Related
I have a Windows 2008 R2 Server with IIS 7.5 installed and PHP 5.6.6.
I have a site set up that is using a SSL certificate which is working fine (domain1.com).
I am now trying to setup a second PHP site (domain2.com) which does not require SSL.
When I browse to domain2.com I get the following error in Chrome:
This server could not prove that it is domain2.com; its security certificate is from domain1.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Somewhere there is a setting that is forcing domain2.com to try and use SSL but I cannot see where and cannot find any solutions by searching the Internet.
Does anyone have any pointers?
Many thanks,
John
Used a wildcard certificate to resolve this in the end.
The website I currently created isn't using a ssl cert. If I decide to buy and use a ssl cert for my website do I need to change any code on my website? My website is written in html, php and it has a mysql backend.
Or can I just purchase a new ssl cert and not change any code?
Thanks
The SSL connection is handled by the web server, the code running on top of it has nothing much to do with it. Your code should continue to run as is if the web server is configured sensibly. If you are hardcoding links using http://... somewhere or are otherwise somehow depending on the presence or absence of HTTP/HTTPS in your code, you may need to change these specific parts.
Currently setting up a backup solution that sends a database dump and some other files from a Wordpress network to a NAS on my LAN, via WebDAV. I have installed PHP WebDAV on my web server and the basic code to get that that to work is:
webdav_connect('http://webdav.example.com/dav', 'davuser', 'davpassword');
webdav_put('/your/nice/thing.txt', $data);
webdav_close();
The issue is, my NAS requires this connection to be done via HTTPS, so in a web browser you'd see a warning which you can ignore, but PHP gives the following warning and the code fails:
Warning: webdav_put() [function.webdav-put]: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted in /var/www/vhosts/blah/blah/blah.php on line 5
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate? The domain name used for accessing the WebDAV service on my NAS is one provided by Dynamic DNS if that makes a difference.
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate?
I don't know which HTTP Layer PHP WebDAV uses (which extension are you using?), but often it's possible to configure the underlying layer to ignore certificate errors.
If you need certificate verification for security reasons, you should obtain a valid certificate.
Just for completeness as I don't like leaving things un-answered. I've decided to access my WebDAV service via SMEStorage. They provide an API which developers can use for this sort of thing:
http://smestorage.com/?p=static&page=for_developers
I'm trying to use OpenID on my site but I get this error:
Protocol https not supported or
disabled in libcurl
Can anyone please tell what does it mean? My website is running on shared linux hosting.
I use this script: http://gitorious.org/lightopenid
Thanks in advance
It means exactly what is says! Your Open ID implementation (lightopenid) wants to communicate securely with an Open ID server over HTTPS - HTTPS is an optional feature in PHP/Curl and your web host has not enabled this feature. Your options are to ask your hosting provider to enable this feature or to find an alternative which doesn't use Curl. For the latter option, you'll probably find that alternatives also don't have the HTTPS option enabled.
Finally, you may be able to tell lightopenid to not use HTTPS, thus sidestepping this problem, however this doesn't seem like a very robust solution to me, use this only on dev sites, never with real users' accounts.
I was wondering if any of you know if it is possible in javascript or php to test if a client has a specific client certificate installed in the browser.
The thing is that we have a server certificate installed but to be recognized by the clients, they need 2 client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these 2 certificates, if there are not there, we want to propose the client to download them before to enter in https mode...
Anybody can help? Please detail your answer if you know one.
You can do it client side by using javascript to request a known file from a secured (https) source. if the request fails then it means the client refused to accept your certificate (or another network error) at this point you could popup a message to ask the user to install the root certificate with a link to the root certificate.
This must be done from a non secure page. otherwise the user may refuse your certificate and never load the page to start with and therefore your javascript never runs
It can't be done in PHP because php (which is server side) cannot determine whether the client browser has a particular root ca installed
I however would not do this. get a proper certificate instead.
You appear to have insufficient understanding of how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.
DC
to learn about sending and receiving http responses with javascript read this page..
http://www.w3schools.com/XML/xml_http.asp
It can be used to send and receive any text data, not just xml. It is real easy to implement but you must be aware of browser version issues.
DC
what about a warning message that will be hidden by a javascript which will be loaded from your https site.
in the warning message you can link the windows update site or wherever the updated root certifcates can be downloaded to their browser.
PHP is a server side language. If you really want to test this then you need to do it with JavaScript and then send back an AJAX request to PHP.
But I think there is another solution to your problem. Normally when a CA change their name etc. they have usually new "Intermediate Certificates" you can use. (If you have an apache httpd server then you can search for "ca bundle" on their website as well.) With this bundle you can send the new CA certificate along with your certificate.
Forcing your users to download and install a homegrown CA certificate is ugly and hateful. Instead, show them the love and pay the $30 US to get an SSL certificate signed by a reputable, already trusted, CA.