I did followed this site to created an unvalidated cert. Now what happened here is that cert is issued to "elliot.dev" and I tried to go to "mmc.exe" and "Disabled all purposed for this cert", and restarted my machine but it is still not work.
When I install that cert, I imported into
Local Machine >> Trusted Root Certification Authorities
and it caused my customized XAMPP local domain "elliot.dev" not working and no longer accessible to http://elliot.dev . Browser redirected me to https://elliot.dev and it is inaccessible as well because of untrust cert SSL error.
How should I completely remove it? Thanks.
After few hours of searching, found that this is because of the .dev domain is force redirected to https by default for most browser Chrome and Firefox. It is legit .dev gTLD and preloaded HSTS for most browsers.
Source:
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
https://stackoverflow.com/a/47726962/5802100
To remove a installed certificate, open MMC.exe and find your imported certificate(should be in Certificates/Trusted Root Certification Authorities/Certificates), right click on it, and select Delete.
You are redirected to https://* because you enabled it in your virtual host configurations:
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs"
ServerName site.test
ServerAlias *.site.test
SSLEngine on # <--- This line.
SSLCertificateFile "crt/site.test/server.crt"
SSLCertificateKeyFile "crt/site.test/server.key"
</VirtualHost>
Related
I'm lost with all informations about ssl, https....
Here the story : I build a laravel website at my work hosted on our windows server with laragon. Every computer go to this site with ip of the serveur, i.e. http://192.17.10.168/aurora/public/login
It works only with local computer and we want to keep that privacy (no need outside access).
But now I want to use tools that use https : http/2, progressive app...
How can I use https with that config ?
I succefully add openssl certificat to my aurora.test on serveur but http2 doesn't work, my config :
<VirtualHost *:443>
Protocols h2 http/1.1
DocumentRoot "${DOCROOT}/aurora2/public"
ServerName aurora.test:443
SSLEngine on
SSLCertificateKeyFile C:/laragon/ssl/app.dev.key
SSLCertificateFile C:/laragon/ssl/app.dev.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
I enable module on apache config.
How others local computers can access to my https site with aurora .test ?
Thank for your help !
Xcode Server that comes with Xcode 9 now automatically generates SSL certificates for communication between server and clients. It also uses this certificate when communicating with the Xcode Server REST API. Is there a way to specify or replace the autogenerated keys and use a certificate from a trusted third party (like LetsEncrypt)?
The apache configuration file located at
/Library/Developer/XcodeServer/Configuration/httpd_os_xcs.conf
contains this information:
Listen 443
<VirtualHost *:443>
# Xcode Server uses its own self-signed certificates
# only if no other SSL configurations for Apache have been found
<IfModule !ssl_module>
LoadModule ssl_module libexec/apache2/mod_ssl.so
SSLEngine on
SSLCertificateFile /Library/Developer/XcodeServer/Certificates/apache.crt
SSLCertificateKeyFile /Library/Developer/XcodeServer/Certificates/apache.key
</IfModule>
[...]
<IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyCheckPeerCN Off
ProxyPass /xcode/internal/api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /xcode/internal/api https://127.0.0.1:20343/api
ProxyPass /xcode/internal/socket.io https://127.0.0.1:20343/socket.io retry=0 timeout=30
ProxyPassReverse /xcode/internal/socket.io https://127.0.0.1:20343/socket.io
</IfModule>
[...]
</VirtualHost>
I believe the certificate is also part of the apache.keychain file found at
/Library/Developer/XcodeServer/Keychains/apache.keychain
but I haven't been able to verify that.
Every time the Xcode Server service is started in Xcode, the apache.{crt/key} files as well as the httpd_os_xcs.conf files are overwritten, so simple replacing/modifying these files does not appear to be an option.
The only way forward I can see is to implement some other SSL configuration as suggested in the http_os_xcs.conf file, but I can't seem to get that to work either.
Any suggestions or solutions are greatly appreciated.
This is what worked for me on macOS Mojave (10.14).
Installing the certificate via the Server app
Install the "Server" app from the App Store (version 5.8)
Generate a server certificate request from the Server app for your domain
Send the request file to certificate provider to obtain a certificate
From the Server app import the certificate and set it in the dropdown "Secure services using"
These steps could be done in some other way, but initially I wanted to use a "blessed" macOS way, and then the problems started :)
I wanted to use this certificate directly by the system Apache (which is what serves the https://example.com/xcode page), but the documentation is lacking, the only thing I've found is this migration guide
where they speak about mod_secure_transport, which should be used instead of mod_ssl.
This guide assumes that it is already configured, but mod_secure_transport is not present in the default Mojave Apache configs (those reside in /etc/apache2).
So let's do it manually the old-school way:
Preparing the Apache certificate files manually
Copy your certificate file to /etc/apache2/server.crt
Find your certificate in Keychain app, and export your certificate private key in p12 format from there.
Convert your private key to the format expected by Apache:
openssl pkcs12 -in exported_private_key.p12 -nodes -out server.key -nocerts
Copy server.key to /etc/apache2/server.key
Configuring Apache manually
In /etc/apache2/httpd.conf :
Uncomment these lines:
LoadModule ssl_module libexec/apache2/mod_ssl.so
...
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
Find "IfModule ssl_module" section and add:
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
Test the config:
sudo apachectl configtest
Restart:
sudo apachectl restart
If all is good, it is ready, and you can observe the result at https://example.com/xcode
I've got a very strange issue with Apache:
I'm running Apache/2.2.22 + with PHP 5.5.27 (dotdeb.org) under Debian 7.8.
I made an upgrade of PHP, I'm not sure if it's related but I restarted Apache and suddenly all HTTP stuff ceased to work, only HTTPS requests are correctly handled, VirtualHost config of port 80 is no more working correctly, it seems like Apache is not getting the right DocumentRoot (403 on / and file not found for subfolders and files) if I use a HTTP URL (OK for HTTPS stuff).
sites-available/default syntax is OK, suexec and open_basedir paths updates didn't help.
It's not related to IP (it's not fail2ban, checked on other devices)
It's not the permissions or an Apache running user problem (I tried everything).
I even uninstalled (purge) and reinstalled libapache2-mod-php5.
Nothing worked.
Any clue ?
Thanks
Ok I figured it out, it's not PHP, it's the virtualhosts I created using Virtualmin, here's the fix:
Disable the NameVirtualHost lines in /etc/apache2/apache2.conf
Replace <VirtualHost XX.XX.XX.XXX:80 [XXXX:XXXX:X:XXXX::]:80> by <VirtualHost *:80> in all /etc/apache2/backup/sites-available/ conf files
Add NameVirtualHost *:80 at the top of /etc/apache2/sites-available/default file
I am trying to call my xampp localhost from another computer's browser, I have changed host file at C:\Windows\System32\Drivers\etc by appending (192.168.1.105 localhost) at the end this file and save it and then restart computer, but I could not call my localhost from another computer.
Thanks
You need to access port forwarding in your router and forward port 80 only as TCP. Also, the host file code should look something like YOUR IP YOUR IP and not YOUR IP localhost. Furthermore, you need to edit httpd-vhosts.conf from apache folder in xampp instalation with something like that
<VirtualHost *:80>
ServerAdmin whatever#whatever.com
DocumentRoot "PATH TO YOUR FOLDER"
ServerName YOUR IP
ServerAlias YOUR IP
</VirtualHost>
After that you must restart apache in XAMPP control panel (MySQL not necessary)
THE SOLUTION ABOVE WILL LET YOU SEE YOUR CONTENT FROM ANYWHERE AS LONG AS YOUR LOCAL PC IS TURNED ON AND HAVE INTERNET CONNECTION. THE SOLUTION BELOW (I DIDN'T TEST IT, BUT I GUESS IT WILL WORK) WILL LET YOU ACCESS YOUR CONTENT FROM LOCAL NETWORK ONLY.
edit your httpd-xampp.conf file as following and after that you should probably need to perform a browser cache cleaning
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
#Allow from 127.0.0.0/8
Allow from all
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
When you add 192.168.1.105 localhost on the other PC (the one you want to use to view your website), it will look for a website on the same machine. Delete the entry from the hosts file and enter the IP address in your browser and it should work if the webserver is running.
I have an issue on my windows 7, I want to work on php so i tried everything but can not get it done. It always gives
Unable to connect
Firefox can't establish a connection to the server at nazar-studio:8080.
These are the things i had tried:
Installed WAMP
Installed XAMPP
Installed Apache
Installed IIS
stoped the http service
blocked anti-virus
un-installed anti-virus
stoped skype
Also tried this link
and there are many other things i had done, but invain.
When i check the port using netstat -an it shows the ports listening, i tried many different ports, but nothing works.
Can any one help me, I am really struck and frustrated due to it.
Have you tried connecting to localhost rather than 'nazar-studio'?
Are you sure its running on port 8080?
Is there possibly another process running on port 8080?
Have you checked the error logs? (in #apache install dir#/logs/)
To get Apache running on Windows 7 I did the following.
Switch to Administrator:
Open a command prompt as Admin, type net user Administrator /active:yes and then log off. At the log on screen you will see two options, log in as Administrator.
Install Apache.
Edit conf file to how you want.
Make sure you have set Listen to 8080 (I have mine left as 80).
Don't forget to LoadModule for PHP. Set the ServerName to localhost:8080 (again I have mine as 80).
Set DocumentRoot to the htdocs folder where you installed Apache - mine is C:\Program Files\Apache\2.0.40\htdocs. By connecting to localhost:80 you should be able to see the Apache welcome screen.
Add type info for PHP (AddType application/x-httpd-php .php .phtml .php3).
Create a virtual host. I am guessing yours would look like
<VirtualHost *:8080>
ServerName nazar-studio.localhost
DocumentRoot "C:/Develop/nazar/htdocs"
ServerAdmin webmaster#localhost
DirectoryIndex index.php index.html index.htm
ErrorLog logs/error.nazar.log
CustomLog logs/access.nazar.log combined
</VirtualHost>
Now Edit your hosts file in C:\Windows\System32\drivers\etc and add the subnets you have added:
127.0.0.1 localhost
127.0.0.1 nazar-studio.localhost
127.0.0.1 test.localhost
Open the command prompt and now type net user Administrator /active:no to disable the admin. Log off and reconnect as you.
Start Apache and you should be able to connect.