WampServer

I'm running Win Server 2016,
Wamp 3.1.6
Apache 2.4.37
PHP 7.3
MYSQL 8.013

I am unable to use port 443 for ssl in a virtual host even though it is open on the firewall for SSL to allow incoming requests. I am UNABLE to ADD an additional Listen Port through the WAMP interface and it gives the error message below. Below is both the error message from WAMP and the virtual host settings from the VHOSTs file. Seems like a common basic problem but I'm surely stumped. Thanks

ERROR MSG:

"In the httpd-vhost.conf file: The Port used (443) for the VirtualHost dailymarkettrends.com:443 is not a Listen port"


VHOSTs Config:

Listen 443

<VirtualHost 23.98.128.174:443>
DocumentRoot "${INSTALL_DIR}/www/dailymarkettrends"
ServerName dailymarkettrends.com
ServerAlias www.dailymarkettrends.com
ServerAdmin support@baysidesoftware.com
ErrorLog "${INSTALL_DIR}/www/dailymarkettrends/ssllogs/error.log"
SSLEngine on
SSLCertificateFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/www_dailymarkettrends_com.crt"
SSLCertificateKeyFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/www_dailymarkettrends_com.key"
SSLCertificateChainFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/DigiCertCA.crt"
<Directory "${INSTALL_DIR}/www/dailymarkettrends/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Hi,

Wampserver does not support the automatic addition of port 443 in VirtualHost declared in httpd-vhosts.conf nor does it support the automatic addition of a Listenport 443.

To properly separate http mode from https port 443 mode you must use the file

wamp(64)\bin\apache\apache2.4.3x\conf\extra\httpd-ssl.conf

to declare ListenPort 443 and VirtualHost SSL and uncomment Include conf/extra/httpd-ssl.conf in httpd.conf.

Example of a file httpd-ssl.conf

#
# This is the Apache server configuration file providing SSL support.
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
#          socache_shmcb_module (for default value of SSLSessionCache)

# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 0.0.0.0:443
Listen [::0]:443

#   SSL Cipher Suite:
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP

#   User agents such as web browsers are not configured for the user's
#   own preference of either security or performance, therefore this
#   must be the prerogative of the web server administrator who manages
#   cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
SSLCompression      off
SSLSessionTickets   on

#   SSL Protocol support:
#   List the protocol versions which clients are allowed to connect with.
#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
#   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
#   protocol or later should remain in use.
SSLProtocol all -SSLv2 -TLSv1 -TLSv1.1 -SSLv3

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is an internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
SSLSessionCache        "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

## SSL Virtual Host Context

<VirtualHost *:443>
	ServerName aviatechno
  DocumentRoot "G:/www/aviatechno"
  ServerAdmin webmaster@aviatechno.net
	ErrorLog "${INSTALL_DIR}/logs/error.log"
	TransferLog "${INSTALL_DIR}/logs/access.log"
	SSLEngine on
	SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	SSLCertificateFile      "${SRVROOT}/conf/Certs/Site/aviatechno.crt"
	SSLCertificateKeyFile   "${SRVROOT}/conf/Certs/Site/aviatechno.key"
	SSLCACertificateFile    "${SRVROOT}/conf/Certs/Cacerts/Ca.crt"
#
	SSLVerifyClient none
	SSLVerifyDepth  10

	<Directory "G:/www/aviatechno/">
		Options +Indexes +Includes +FollowSymLinks +MultiViews
		AllowOverride all
		Require local
	</Directory>
	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
	CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Thank you for your reply.

I applied the changes as you suggested. WAMP came up green and the pages are displayed in HTTPS as expected when accessed locally from the server. However, Apache DOES NOT display ANY pages from the internet side. Internet users receive a "Time Out" message and pages don't load at all. I noticed that you placed a "REQUIRE LOCAL" directive on the website folder. Changing this to "ALL GRANTED" still does not allow Internet users to see the pages. Are there other parameters in the code that would prevent access from the Internet side that would also need to be changed?

Thx

Thank you for your reply.

I applied the changes as you suggested. WAMP came up green and the pages display in HTTPS just as expected but only when accessed locally from the server. However, Internet users DO NOT see any pages and are shown a "Time Out" message that the page took too long to load. I noticed you included a "Require Local" directive on the folder containing the website. I changed this to "Require All Granted" but the pages still do not load for Internet users.

Are there other elements in the code that need to be changed to allow Internet users to see SSL pages?

Thx

Did you open up port 443 in your router?

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Yes, I have the port open and have Inbound Firewall Rules to allow TCP access.

Hi Gamattox,

I just copied the example conf to a new httpd-ssl.conf and changed what was needed to meet my needs and all is working. You are right that the Require local needs to be changed to Require all granted to make it work.

Have you also uncommented the following in the httpd.conf?

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Kind regards

HVN

Hi,

> Include conf/extra/httpd-ssl.conf

Instead of directly uncommenting the line, I slightly modified the httpd.conf file:
Replace :

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

by

# Secure (SSL/TLS) connections
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/extra/httpd-ssl.conf
</IfModule>

In this way, the SSL configuration file will only be loaded if the module ssl_module is loaded.

This also makes it easy to disable SSL by disabling the loading of the ssl_module module.

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Thanks for the reply.

Yes. I have edited my httpd.conf file to uncomment the following:
Line 186: LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Line 188: LoadModule ssl_module modules/mod_ssl.so
Line 564: Include conf/extra/httpd-ssl.conf

Is there anything special I need to do with the hosts file on the server to allow Internet users access? Anything special to setup for LocalHost?

Right now I can access the WAMP LocalHost dashboard just fine and it shows no errors. At the bottom of the WAMP LocalHost dashboard I can see my Project Name and clicking on it will refresh the LocalHost dashboard. Under Virtual Hosts I can see LocalHost and clicking on it will also refresh the WAMP LocalHost dashboard. Is that the expected functionality?

If I input the following URL from a browser on the server I can display my website in SSL as desired.
[dailymarkettrends.com]
If I input the following URL from a browser on the server I can display my Wordpress Admin Screen.
[dailymarkettrends.com]
However, if I input the following URL from a browser on a remote PC I get a timeout error.
[dailymarkettrends.com]

Thanks for your help

If I ping your domain I also get nothing but timeouts.

Something somewhere is not allowing things through to your Apache.

Check Router:
- Port 80 and 443 is open
- Port forwarding of port 80 and 443 is also setup correctly


Your WAMPServer PC:
- Has a static IP Address and is the one used on the port forwarding
- Your firewall is setup to allow incoming to 80 and 443

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Thanks again for your replies.

I have rebuilt the inbound firewall rules on the server and I am now able to receive https pages as desired. Therefore keying in the URL: [mysite.com] now correctly displays my website in SSL mode.

However when entering the URL without the https prefix I get the message: Forbidden, you do not have permission to access this server...Port 80.

Summary...from a remote computer on the internet:

The URL: [www.mysite.com] correctly uses the alias and correctly displays [mysite.com]
The URL: [mysite.com] correctly displays the website in SSL
The URL: mysite.com returns the message Forbidden you do not have permission...port 80

Could this be a problem with my .htaccess rewrite rules? My .htaccess content is below

# BEGIN rlrssslReallySimpleSSL rsssl_version[3.1.3]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ []%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Thanks



Edited 1 time(s). Last edit at 01/30/2019 12:11PM by RiggsFolly.

Do you guys have any thoughts on this?

I still can't get to my site from the internet side by using "mysite.com" and have it translate to `https: //mysite.com`.

It continues to tell me I am Forbidden to access on port 80. I can only access the site in SSL by typing the full `https: //mysite.com`.

The secure site works fine when typing in the full URL but fails it I omit the "https".

Any ideas would be GREATLY appreciated. Probably something simple, I just can't stumble onto it.

Thx



Edited 2 time(s). Last edit at 02/01/2019 12:36PM by RiggsFolly.

Ok,

Lets see your httpd-vhost.conf file and your httpd-ssl.conf

It sounds like you have made a mistake in one of them.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Thanks,

httpd-vhosts.conf: ---------------------------------------------------
# Virtual Hosts

<VirtualHost *:80>
DocumentRoot "${INSTALL_DIR}/www"
ServerName localhost
ServerAlias localhost
<Directory "${INSTALL_DIR}/www">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>


httpd-ssl.conf: --------------------------------------------------------------------
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:[httpd.apache.org];
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)

#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512


#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
##-------------------------
Listen 0.0.0.0:443
Listen [::0]:443
#Listen 443
##----------------------

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate,
# and that httpd will negotiate as the client of a proxied server.
# See the OpenSSL documentation for a complete list of ciphers, and
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
#SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
##--------------------------------------
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP
##---------------------------------------------------------
#SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the
# kRSA ciphers do not offer forward secrecy. These changes inhibit
# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
# non-browser tooling) from successfully connecting.
#
# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
# those protocols which do not support forward secrecy, replace
# the SSLCipherSuite and SSLProxyCipherSuite directives above with
# the following two directives, as soon as practical.
# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA

# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
##-----------------------------
SSLCompression off
SSLSessionTickets on
##--------------------------------

# SSL Protocol support:
# List the protocol versions which clients are allowed to connect with.
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2
# protocol or later should remain in use.
#SSLProtocol all -SSLv3
##------------------------------
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 TLSv1.2
##---------------------------------
#SSLProxyProtocol all -SSLv3

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:${SRVROOT}/logs/ssl_scache"
#SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
##--------------------------------------------
SSLSessionCache "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
##-------------------------------------------------
SSLSessionCacheTimeout 300

# OCSP Stapling (requires OpenSSL 0.9.8h or later)
#
# This feature is disabled by default and requires at least
# the two directives SSLUseStapling and SSLStaplingCache.
# Refer to the documentation on OCSP Stapling in the SSL/TLS
# How-To for more information.
#
# Enable stapling for all SSL-enabled servers:
#SSLUseStapling On

# Define a relatively small cache for OCSP Stapling using
# the same mechanism that is used for the SSL session cache
# above. If stapling is used with more than a few certificates,
# the size may need to be increased. (AH01929 will be logged.)
#SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(32768)"

# Seconds before valid OCSP responses are expired from the cache
#SSLStaplingStandardCacheTimeout 3600

# Seconds before invalid OCSP responses are expired from the cache
#SSLStaplingErrorCacheTimeout 600

##
## SSL Virtual Host Context
##

#---------------------------------- Virtual Host Added 1/28/19 ----------------------

<VirtualHost _default_:443>
ServerName dailymarkettrends.com
ServerAlias www.dailymarkettrends.com
ServerAdmin support@baysidesoftware.com

DocumentRoot "${INSTALL_DIR}/www/dailymarkettrends"
ErrorLog "${INSTALL_DIR}/logs/error.log"
TransferLog "${INSTALL_DIR}/logs/access.log"

SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/www_dailymarkettrends_com.crt"
SSLCertificateKeyFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/www_dailymarkettrends_com.key"
SSLCertificateChainFile "${INSTALL_DIR}/DMT_bin/Wamp64/Certs/DigiCertCA.crt"
SSLVerifyClient none
SSLVerifyDepth 10

<Directory "${INSTALL_DIR}/www/dailymarkettrends/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

#----------------------------------------------------------------------------------------

#<VirtualHost _default_:443>

# General setup for the virtual host
#DocumentRoot "${SRVROOT}/htdocs"
#ServerName www.example.com:443
#ServerAdmin admin@example.com
#ErrorLog "${SRVROOT}/logs/error.log"
#TransferLog "${SRVROOT}/logs/access.log"

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
#SSLEngine on

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
#SSLCertificateFile "${SRVROOT}/conf/server.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
#SSLCertificateKeyFile "${SRVROOT}/conf/server.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key"

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "${SRVROOT}/conf/ssl.crt"
#SSLCACertificateFile "${SRVROOT}/conf/ssl.crt/ca-bundle.crt"

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded).
# The CRL checking mode needs to be configured explicitly
# through SSLCARevocationCheck (defaults to "none" otherwise).
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath "${SRVROOT}/conf/ssl.crl"
#SSLCARevocationFile "${SRVROOT}/conf/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# TLS-SRP mutual authentication:
# Enable TLS-SRP and set the path to the OpenSSL SRP verifier
# file (containing login information for SRP user accounts).
# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
# detailed instructions on creating this file. Example:
# "openssl srp -srpvfile ${SRVROOT}/conf/passwd.srpv -add username"
#SSLSRPVerifierFile "${SRVROOT}/conf/passwd.srpv"

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "${SRVROOT}/cgi-bin">
# SSLOptions +StdEnvVars
#</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
#BrowserMatch "MSIE [2-5]" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
#CustomLog "${SRVROOT}/logs/ssl_request.log" \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#</VirtualHost>


Thanks again for you help.

Gary

Hi

Right, well as you have no domain specified listening on port 80, only the one listening on 443 (https)

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Hi gamattox,

Have you resolved the issue ? I have exact the same version of OS and WAMP as you have. If the issue is resolved, would you please share what changes you made in httpd-ssl.conf and httpd-vhosts.conf ? Much appreciated.

Right now I can access [mywebsite]. However, when I use [mywebsite] using Chrome, I will get this error message.

This site can’t provide a secure connection mywebsite sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

And when I click Your VirtualHosts-> mywebsite:443in WAMPSERVER 3.1.7 menu, I will get the error message>

The Port used (443) for the VirtualHost mywebsite:443 is not a Listen port

Thanks

Hello

I am also affected by this issue.

This morning I started an upgrade process from wampserver 3.1.0x64 + apache 2.4.27 to the current wampserver 3.1.9x64 with apache 2.4.39. I need to use PHP 7.2 so I would like to update wampserver.

With wampserver 3.1.0x64 + apache 2.4.27 I was able to see my SSL enabled website using my WAN IP on the router side.

Using wampserver 3.1.9x64 with apache 2.4.39 with the same configuration as I had before I can access my website on port 80 using both my LAN IP and my WAN IP.

However I cannot access my website with SSL if I use my WAN IP. The connection times out as if Apache is not listening to port 443.

If I modify my host file to map my website fqdn to my LAN IP I can access it using SSL...

The same issue occurs if I disable the .htaccess file in my website filesystem.

Using "Require all granted" in the <Directory /> directive under the <VirtualHost *:443> entry does not fix it.

Any help would be sincerely appreciated

Vincent

WAN IP: .... Did you open port 443 in your firewall?

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

@RiggsFolly Yes.

If I revert back to 3.1.0x64 + apache 2.4.27 with the same configuration in httpd-ssl.conf and in httpd-vhosts.conf it works from the WAN ip on the router side. With 3.1.9x64 + apache 2.4.39 it does not work from the WAN ip.

Thanks for helping

Also using 3.1.9x64 + apache 2.4.39 if I change my host file to map the fqdn of my website to my local LAN ip then I can see my website with SSL.