SSL Online wamp 3.2
Posted by: amilaudana (116.206.245.---)
Date: December 21, 2019 06:27PM

# Don't modify this line - Instead modify Require of VirtualHost in httpd-vhost.conf
Require local

How to get online the SSL port 443 without changing this in httpd.conf ?

My solution was changing to
Require all granted

If this is not recommended

Where to do the change? In Previous version there was a online or offline icon and in virtual host it worked but same is not working in wamp 3.2

Options: ReplyQuote
Re: SSL Online wamp 3.2
Posted by: Otomatic (Moderator)
Date: December 21, 2019 06:35PM

Hi,

As explained in the Apache documentation, to use SSL, you must have two VirtualHosts, the first on port 80 in httpd-vhosts.conf and the second on port 443 in httpd-ssl.conf.
And it is in these two VirtualHosts that you allow access from the outside.

------------------------------------------------------------------------------------------------------------
Wampserver 3.2.2 32 bit - Apache 2.4.43 - PHP 7.4.7/7.3.19/..../5.6.40 - MySQL 5.7.30 - MariaDB 10.4.12
Wampserver 3.2.2 64 bit - Apache 2.4.43 - PHP 7.4.7/7.3.19/..../5.6.40 - MySQL 5.7.30/8.0.20 - MariaDB 10.4.12
PhPMyadmin 5.0.2 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »

Options: ReplyQuote
Re: SSL Online wamp 3.2
Posted by: amilaudana (116.206.245.---)
Date: December 21, 2019 06:39PM

Changes made on httpd-ssl.conf <Directory> is not working.

Options: ReplyQuote
Re: SSL Online wamp 3.2
Posted by: Otomatic (Moderator)
Date: December 21, 2019 07:00PM

Making random changes and hoping it works is not the right solution.

With Wampserver, you have installed a web server, a database server, PHP language and SQL queries.
Congratulations, that means you are now supposed to be:

- Network Administrator
- Web Server Administrator
- Database Administrator
- Developer
- Analyst
- Programmer.
- etc.

All of these roles normally occupy at least one person per area. These people are expected to know what they are doing before they start.
And the best way is to read and reread the documentation to learn on your own, not wait for it to fall into your mouth all roasted, without making any effort.

RTFM

Because I am far too kind, here is a procedure that works perfectly, but you still need to make some effort to read, understand and apply it.

-- Explained procedure for wampserver installed in j:\wamp and for apache 2.4.41
Modify the paths and version according to your installation
Note: This procedure works from Apache 2.4.27 to Apache 2.4.41 in 32 and 64 bit

-- Wampserver must be stopped, so services must be stopped.

-- Modification of file j:\wamp\bin\apache\apache2.4.41\conf\httpd.conf
Replace
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
by
# Secure (SSL/TLS) connections
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/extra/httpd-ssl.conf
</IfModule>
In this way, the conf/extra/httpd-ssl.conf file will only be loaded if the module ssl_module is enabled.

To activate https SSL, you must load both modules in httpd.conf:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
The loading of these modules will only be activated after completing the entire key creation procedure and ensuring that the VirtualHost works correctly in httpd port 80.

-- Replacement of the J:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file
To obtain information, read the comments in the original file.
Afterwards, you can review the information that will still be in the original file:
j:\wamp\bin\apache\apache2.4.41\conf\original\extra\httpd-ssl.conf
which has not been modified.

Replace the contents of the J:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file with :
#
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
#
Listen 0.0.0.0:443 https
Listen [::0]:443 https

#   SSL Cipher Suite:
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP
SSLHonorCipherOrder on
SSLCompression      off
SSLSessionTickets   on
#   SSL Protocol support:
SSLProtocol all -SSLv2 -TLSv1 -TLSv1.1 -SSLv3
#   Pass Phrase Dialog:
SSLPassPhraseDialog  builtin
#   Inter-Process Session Cache:
SSLSessionCache  "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

##
## SSL Virtual Host Context
##

<VirtualHost *:443>
	ServerName MYSITEname
  DocumentRoot "${INSTALL_DIR}/www/MYSITEdir"
  ServerAdmin webmaster@MYSITEname.net
	ErrorLog "${INSTALL_DIR}/logs/error.log"
	TransferLog "${INSTALL_DIR}/logs/access.log"
	SSLEngine on
	SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	SSLCertificateFile      "${SRVROOT}/conf/Certs/Site/MYSITEname.crt"
	SSLCertificateKeyFile   "${SRVROOT}/conf/Certs/Site/MYSITEname.key"
	SSLCACertificateFile    "${SRVROOT}/conf/Certs/Cacerts/Certificat.crt"
#
	SSLVerifyClient none
	SSLVerifyDepth  10

	<Directory "${INSTALL_DIR}/www/MYSITEdir/">
		Options +Indexes +Includes +FollowSymLinks +MultiViews
		AllowOverride all
		Require local
	</Directory>
	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
	CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
You must modify all the lines where there is MYSITE to put your own data and parameters.
The VirtualHost must already exist and be valid in http port 80, so exist in the file :
J:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-vhosts.conf


-- Replace all the contents of the file J:\wamp\bin\apache\apache2.4.41\conf\openssl.cnf
by
#============ openssl.cnf =============#
[ ca ]
default_ca = CA_default

[ CA_default ]
dir              = ./Certs
certs            = $dir/Cacerts
new_certs_dir    = $dir/NewCerts
private_dir      = $dir/Private
database         = $dir/Other/index.txt
serial           = $dir/Other/serial.txt
certificate      = $certs/Certificat.crt
private_key      = $private_dir/Certificat.key
RANDFILE         = $private_dir/Certificat.rnd
default_days     = 1830
default_crl_days = 30
default_md       = md5
preserve         = no
policy           = policy_anything

[ policy_match ]
countryName            = match
stateOrProvinceName    = match
localityName           = match
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
default_bits       = 4096
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
attributes         = req_attributes

#===========================#
[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = FR
countryName_min                = 2
countryName_max                = 2
stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Ile de France
localityName                   = Locality Name (eg, city)
localityName_default           = Paris
0.organizationName             = Organization Name (eg, company)
0.organizationName_default     = Otomatic & Cie
organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName                     = Common Name (eg, your website’s domain name)
commonName_max                 = 64
emailAddress                   = Email Address
emailAddress_default           = webmaster@aviatechno.net
emailAddress_max               = 40

[ req_attributes ]
challengePassword     = A challenge password
challengePassword_min = 4
challengePassword_max = 20

#===========================#
[ x509v3_extensions ]
basicConstraints=CA:TRUE
nsComment			= "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
#===========================#
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#===========================#
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true

Open a "as administrator" command window
And in this window type the following lines.
You can copy/paste in blocks of several lines.
Never close the command window before the procedure is completed, otherwise the environment variables previously declared by set would be lost.
Rem Wampserver installation variables
Rem To be modified according to your installation
set installdir=e:\wamp
set apachever=2.4.41
Rem
Rem Vérification et création éventuelle des dossiers
cd /D %installdir%\bin\apache\apache%apachever%\conf
if not exist Certs md Certs
cd Certs
if not exist Private md Private
if not exist Cacerts md Cacerts
if not exist Server md Server
if not exist Site md Site
cd..
cd..
cd bin

Rem We are in the folder %installdir%\bin\apache\apache%apachever%\bin
Rem Declaration of variables - Imperative
set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs
Rem +-+-+-+-+-+-+-+ Creation of the self-signed certificate +-+-+-+-+-+
Rem 1- Generation of a random number. (Seed 1351 can be replaced)
openssl rand -out %DIRCERTS%/Private/Certificat.rnd -base64 1351
Rem 2- RSA private key.
openssl genrsa -out %DIRCERTS%/Private/Certificat.key -rand %DIRCERTS%/Private/Certificat.rnd 4096
Rem 3- Request for signature.
Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town
Rem /O=Otomatic & Cie : Organisation -- /CN=Otomatic & Cie : Division
openssl req -new -sha256 -key %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=Otomatic & Cie"
Rem 4- Self-signed certificate.
openssl x509 -req -days 1830 -sha256 -in %DIRCERTS%/Cacerts/Certificat.csr -signkey %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.crt
Rem 5- Public key extraction.
openssl rsa -in %DIRCERTS%/Private/Certificat.key -pubout -out %DIRCERTS%/Private/Certificat.pbc
Rem +-+-+-+-+ End of the creation of the self-signed certificate +-+-+-+-+

Rem +-+-+-+-+-+-++ Certificates and server keys for a local site +-+-+-+-+-+
Rem 6- ServerName of the local site for which you want the keys
set SERVLOCAL=aviatechno
Rem 7- Random number (Different seed - 1677 may be changed)
openssl rand -out %DIRCERTS%/Server/Server.rnd -base64 1677
Rem 8- Private RSA key.
openssl genrsa -out %DIRCERTS%/Server/Server.key -rand %DIRCERTS%/Server/Server.rnd 4096
Rem 9- Signing request for ServerName certificate
Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town
Rem /O=Otomatic & Cie : Organisation -- /CN=name of the local site
openssl req -new -sha256 -key %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=%SERVLOCAL%"
Rem 10- Signature request for server certificate.
openssl x509 -req -days 4383 -sha256 -in %DIRCERTS%/Server/Server.csr -CA %DIRCERTS%/Cacerts/Certificat.crt -CAkey %DIRCERTS%/Private/Certificat.key -CAcreateserial -out %DIRCERTS%/Server/Server.crt
Rem 11- Client certificate.
Rem Nota : A password will be requested unless final option is -password pass:MyPass
openssl pkcs12 -nodes -export -in %DIRCERTS%/Server/Server.crt -inkey %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.pfx -clcerts -descert -name "Client %SERVLOCAL% Certificate" -password pass:MyPass
Rem 12- Copy of keys
copy %DIRCERTS%\Server\Server.crt %DIRCERTS%\Site\%SERVLOCAL%.crt
del %DIRCERTS%\Server\Server.crt
copy %DIRCERTS%\Server\Server.key %DIRCERTS%\Site\%SERVLOCAL%.key
del %DIRCERTS%\Server\Server.key

- For another local site, only repeat from 6 to 12 by changing the ServerName SERVLOCAL
The command window must be positioned on the wamp/bin/apache/apache/apache2.4.41/bin/ folder and it is imperative to create the environment variables (Change path and version if necessary) before running commands 6 to 12
set installdir=j:\wamp
set apachever=2.4.41
set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs

------------------------------------------------------------------------------------------------------------
Wampserver 3.2.2 32 bit - Apache 2.4.43 - PHP 7.4.7/7.3.19/..../5.6.40 - MySQL 5.7.30 - MariaDB 10.4.12
Wampserver 3.2.2 64 bit - Apache 2.4.43 - PHP 7.4.7/7.3.19/..../5.6.40 - MySQL 5.7.30/8.0.20 - MariaDB 10.4.12
PhPMyadmin 5.0.2 - MysqlDumper 1.24.5 on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL -  Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »

Options: ReplyQuote


Sorry, only registered users may post in this forum.