hello,
i have new dedicated linux web server.
my hosting provider give me a setup of apache server with php on it.
when i open url in browser called with ip, ie: http://xxx.yyy.zzz.vvv/test.php, i get executed php script, and it works fine. so, everything works fine in that case.
problem occur if i call https in a browser, like https://xxx.yyy.zzz.vvv/test.php
in that case, i get browsers option Save as, and all i can do is save php file on my pc.
so, it looks to me that there is some misconfiguration with apache.
providers support told me that this will work ok when i build certificate in apache server. but, i'm not sure in that.
can you tell me if providers support is right.
also, on server is installed plesk. plesk made a lots of problems in the past. could it be that plesk made that problem?
if you can help me to solve this. thank you in advance!
-
Hi,
your host lies, if there's no certificate you will get a bad certificate message not a source code download. My guess is that your https settings are too way strict avoiding script from being executed. I'm sending a copy of a proper configurated https .conf file:
NameVirtualHost domain.tld:80 <VirtualHost your_server_ip:80> ServerAdmin webmaster@domain.tld DocumentRoot /path/to/site/root/ ServerName domain.tld ScriptAlias /cgi-bin/ "/path/to/site/root/" </VirtualHost> NameVirtualHost domain.tld:443 <VirtualHost your_server_ip:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/path/to/your/file.crt" SSLCertificateKeyFile "/path/to/your/file.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "logs/domain.tld-ssl-request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" DocumentRoot /path/to/domain/root ServerName domain.tld ServerAdmin webmaster@domain.tld ScriptAlias /cgi-bin/ "/path/to/domain/cgi-bin/" </VirtualHost>At your's httpd.conf you might want to include/check for this:
<IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin Include /etc/httpd/conf/ssl/*.conf </IfModule>In my case i have separated files for domains with ssl certificates, so i include them on the statement above.
And finally make sure you have the
OpenSSLpack installed on your server.That's it, you can generate self signed certificates to test it out.
From Rodrigo
0 comments:
Post a Comment