Saturday, October 1, 2016

Apache - php executing on http is ok, but with https is not



i have new dedicated linux web server.



my hosting provider give me a setup of apache server with php on it.



when i open url in browser called with ip, ie: http://xxx.yyy.zzz.vvv/test.php, i get executed php script, and it works fine. so, everything works fine in that case.




problem occur if i call https in a browser, like https://xxx.yyy.zzz.vvv/test.php



in that case, i get browsers option Save as, and all i can do is save php file on my pc.



so, it looks to me that there is some misconfiguration with apache.



providers support told me that this will work ok when i build certificate in apache server. but, i'm not sure in that.



can you tell me if providers support is right.




also, on server is installed plesk. plesk made a lots of problems in the past. could it be that plesk made that problem?



if you can help me to solve this. thank you in advance!


Answer



your host lies, if there's no certificate you will get a bad certificate message not a source code download. My guess is that your https settings are too way strict avoiding script from being executed. I'm sending a copy of a proper configurated https .conf file:



NameVirtualHost domain.tld:80 
   
ServerAdmin webmaster@domain.tld   
DocumentRoot /path/to/site/root/  

ServerName domain.tld  
ScriptAlias /cgi-bin/ "/path/to/site/root/"  
  

NameVirtualHost domain.tld:443  
  
SSLEngine on  
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL  
SSLCertificateFile "/path/to/your/file.crt"  
SSLCertificateKeyFile "/path/to/your/file.key"  


  
    SSLOptions +StdEnvVars  
  
BrowserMatch ".*MSIE.*" \  
         nokeepalive ssl-unclean-shutdown \  
         downgrade-1.0 force-response-1.0  

CustomLog "logs/domain.tld-ssl-request_log" \  
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"  


DocumentRoot /path/to/domain/root  
ServerName domain.tld  
ServerAdmin webmaster@domain.tld  
ScriptAlias /cgi-bin/ "/path/to/domain/cgi-bin/"


At your's httpd.conf you might want to include/check for this:




  
SSLRandomSeed startup builtin  
SSLRandomSeed connect builtin  
Include /etc/httpd/conf/ssl/*.conf



In my case i have separated files for domains with ssl certificates, so i include them on the statement above.



And finally make sure you have the OpenSSL pack installed on your server.




That's it, you can generate self signed certificates to test it out.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...