helpt with ssl/cert
Posted by: lupinlicious (---.ita.chalmers.se)
Date: August 14, 2024 07:31AM

Hello,

Sorry, I tried and followed a few guides on how to enable ssl. I'm running 3.3.5 and wampserver is ready to support https and localhost is also enable for https.

I have requested cert from an external provider, but where do I provide them?


I also changed the following in the httpd-ssl.conf

DocumentRoot "${INSTALL_DIR}/www/project1"
ServerName www.FQDN:443


SSLCertificateFile "${SRVROOT}/conf/ssl/FQDN.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/FQDN.key"
SSLCertificateChainFile "${SRVROOT}/conf/ssl/FQDN.pem"

restarted all service, wamp is green

Would love some guidance in this matter and thanks for a wonderful tool smiling smiley

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: Otomatic (Moderator)
Date: August 14, 2024 02:14PM

Hi,

> I'm running 3.3.5
Update to 3.3.6 to have updated help files.

Right-Click -> Help -> Wampserver 'automatic' HTTPS mode help
Right-Click -> Help -> Wampserver 'manual' HTTPS mode help

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: lupinlicious (---.ita.chalmers.se)
Date: August 15, 2024 09:22AM

Sorry, it's a little tricky to follow, this is what I have done

--------------------------------------------------------------

httpd.conf

enabled the following:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

--------------------------------------------------------------


httpd-vhosts.conf

## BEGIN OF SSL VIRTUAL HOST my-domain.internal CONTEXT
Define SERVERNAMEVHOSTSSL mydomain.se
Define DOCUMENTROOTVHOSTSSL C:\wamp64\www\project1
<VirtualHost *:443>
ServerName ${SERVERNAMEVHOSTSSL}
DocumentRoot "${DOCUMENTROOTVHOSTSSL}"
SSLEngine on
SSLCertificateFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}.pem"
SSLCertificateKeyFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}.pem"
<Directory "${DOCUMENTROOTVHOSTSSL}/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
Require local
</Directory>
CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
## END OF SSL VIRTUAL HOST my-domain.internal CONTEXT

--------------------------------------------------------------

httpd-ssl.conf

#
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
#
Listen 0.0.0.0:443 https
Listen [::0]:443 https

# Where the certificates are
Define CERTIFS ${INSTALL_DIR}/bin/Certs
Define CERTIFICATS ${INSTALL_DIR}/bin/certificats

Protocols h2 h2c http/1.1
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; preload"
</IfModule>
SSLSessionCache shmcb:${INSTALL_DIR}/tmp/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
# SSL Protocol support:
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
# SSL Cipher Suite:
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
# Encryptions TLSv1.3
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp521r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1

## Never modify these four lines
## BEGIN OF SSL VIRTUAL HOST CONTEXT
## END OF SSL VIRTUAL HOST CONTEXT
## To be repeated for another SSL VirtualHost

# Do not remove these lines UnDefine
UnDefine SERVERNAMEVHOSTSSL
UnDefine DOCUMENTROOTVHOSTSSL


--------------------------------------------------------------


WAMP is orange and tells me

>>> SSLCertificateFile: file 'C:/wamp64/bin/apache/apache2.4.59/${CERTIFICATS}/mydomain.se.pem' does not exist or is empty .
>>> AH00526: Syntax error on line 8 of C:/wamp64/bin/apache/apache2.4.59/conf/extra/httpd-vhosts.conf:

--------------------------------------------------------------

${CERTIFICATS} what does this mean? I tried to place the .pem directly under C:\wamp64\bin\apache\apache2.4.59 and also C:\wamp64\bin\apache\apache2.4.59\CERTIFICATES but the error remians.

Thanks!

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: Otomatic (Moderator)
Date: August 15, 2024 10:05AM

> ${CERTIFICATS} what does this mean?
This is an Apache variable declared in the httpd-ssl.conf file:
Define CERTIFICATS ${INSTALL_DIR}/bin/certificats

> AH00526: Syntax error on line 8 of C:/wamp64/bin/apache/apache2.4.59/conf/extra/httpd-vhosts.conf:
This means that you have modified the original file since line 8 should be: "AllowOverride All" which is part of the localhost VirtualHost. You put back the original file to which you add your own VirtualHost. A copy of the original file exists in:
wamp64\bin\apache\apache2.4.59\conf\original\wampserver\

You should consider upgrading to Apache 2.4.62

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: lupinlicious (---.ita.chalmers.se)
Date: August 15, 2024 11:07AM

So from this

Define CERTIFS ${INSTALL_DIR}/bin/Certs
Define CERTIFICATS ${INSTALL_DIR}/bin/certificats


I created the following folders 'Certs' and 'certificates' in this dir C:\wamp64\bin\apache\apache2.4.59\bin\
and placed the pem file in both folders but the logs tell me

Help message for error code 1066 is:The service has returned a service-specific error code.
>>> SSLCertificateFile: file 'C:/wamp64/bin/apache/apache2.4.59/${CERTIFICATS}/mydomin.se.pem' does not exist or is empty .
>>> AH00526: Syntax error on line 10 of C:/wamp64/bin/apache/apache2.4.59/conf/extra/httpd-vhosts.conf:

After that I replaced the original httpd.conf and enabled

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf


Best regards

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: Otomatic (Moderator)
Date: August 15, 2024 11:50AM

> I created the following folders 'Certs' and 'certificates'

It is 'certificats' not 'certificates'

> After that I replaced the original httpd.conf and enabled
httpd-vhosts.conf and not httpd.conf.

What is the contents of httpd-vhosts.conf

I would point out, as indicated in the help files, that even for a manual installation, using Right-Click -> Wamp Settings -> Wampserver ready to support https creates the files and folders and makes the necessary changes automatically.

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: lupinlicious (---.ita.chalmers.se)
Date: August 15, 2024 12:37PM

Sorry, I misspelled it here in the forum, but it's correct in the system.

In my httpd-vhosts, i have the following.

----------------------------------------------------------------------

## BEGIN OF SSL VIRTUAL HOST my-domain.internal CONTEXT
Define SERVERNAMEVHOSTSSL mydomain.se
Define DOCUMENTROOTVHOSTSSL C:\wamp64\www\project1
<VirtualHost *:443>
ServerName ${SERVERNAMEVHOSTSSL}
DocumentRoot "${DOCUMENTROOTVHOSTSSL}"
SSLEngine on
SSLCertificateFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}-certonly.pem"
SSLCertificateKeyFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}-privatekey.pem"
<Directory "${DOCUMENTROOTVHOSTSSL}/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
Require local
</Directory>
CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

----------------------------------------------------------------------


If I have these lines, i get the error

SSLCertificateFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}-certonly.pem"
SSLCertificateKeyFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}-privatekey.pem"


EXIT error code:1066
Help message for error code 1066 is:The service has returned a service-specific error code.
>>> SSLCertificateFile: file 'C:/wamp64/bin/apache/apache2.4.59/${CERTIFICATS}/mydomain.se-certonly.pem' does not exist or is empty .
>>> AH00526: Syntax error on line 9 of C:/wamp64/bin/apache/apache2.4.59/conf/extra/httpd-vhosts.conf: .

So shorten it down to

SSLCertificateFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}.pem"
SSLCertificateKeyFile "${CERTIFICATS}/${SERVERNAMEVHOSTSSL}.pem"

shows correct mydomain.se.pem

My pem exists in C:\wamp64\bin\apache\apache2.4.59\bin\certificats and is (7kb).



Edited 1 time(s). Last edit at 08/15/2024 12:39PM by lupinlicious.

Options: ReplyQuote
Re: helpt with ssl/cert
Posted by: Otomatic (Moderator)
Date: August 15, 2024 03:25PM

You want to go much too fast! You read diagonally without paying attention to the terms and file names and then you do anything!

The quickest way is to go slowly!

The httpd-vhosts.conf file contains VirtualHosts in http mode and must not be modified to switch VirtualHosts to https mode. So, restore the original httpd-vhosts.conf file and then add your own VirtualHosts which - before anything else - must be functional in http mode. Once this has been done, never touch the httpd-vhosts.conf file again, except to add another VirtualHost.

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote


Sorry, only registered users may post in this forum.