Thursday, January 27, 2011

Apache - php executing on http is ok, but with https is not

hello,

i have new dedicated linux web server.

my hosting provider give me a setup of apache server with php on it.

when i open url in browser called with ip, ie: http://xxx.yyy.zzz.vvv/test.php, i get executed php script, and it works fine. so, everything works fine in that case.

problem occur if i call https in a browser, like https://xxx.yyy.zzz.vvv/test.php

in that case, i get browsers option Save as, and all i can do is save php file on my pc.

so, it looks to me that there is some misconfiguration with apache.

providers support told me that this will work ok when i build certificate in apache server. but, i'm not sure in that.

can you tell me if providers support is right.

also, on server is installed plesk. plesk made a lots of problems in the past. could it be that plesk made that problem?

if you can help me to solve this. thank you in advance!

  • Hi,

    your host lies, if there's no certificate you will get a bad certificate message not a source code download. My guess is that your https settings are too way strict avoiding script from being executed. I'm sending a copy of a proper configurated https .conf file:

    NameVirtualHost domain.tld:80 
    <VirtualHost your_server_ip:80>   
    ServerAdmin webmaster@domain.tld   
    DocumentRoot /path/to/site/root/  
    ServerName domain.tld  
    ScriptAlias /cgi-bin/ "/path/to/site/root/"  
    </VirtualHost>  
    
    NameVirtualHost domain.tld:443  
    <VirtualHost your_server_ip:443>  
    SSLEngine on  
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL  
    SSLCertificateFile "/path/to/your/file.crt"  
    SSLCertificateKeyFile "/path/to/your/file.key"  
    
    <FilesMatch "\.(cgi|shtml|phtml|php)$">  
        SSLOptions +StdEnvVars  
    </FilesMatch>  
    BrowserMatch ".*MSIE.*" \  
             nokeepalive ssl-unclean-shutdown \  
             downgrade-1.0 force-response-1.0  
    
    CustomLog "logs/domain.tld-ssl-request_log" \  
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"  
    
    DocumentRoot /path/to/domain/root  
    ServerName domain.tld  
    ServerAdmin webmaster@domain.tld  
    ScriptAlias /cgi-bin/ "/path/to/domain/cgi-bin/"  
    </VirtualHost>  
    

    At your's httpd.conf you might want to include/check for this:

    <IfModule ssl_module>  
    SSLRandomSeed startup builtin  
    SSLRandomSeed connect builtin  
    Include /etc/httpd/conf/ssl/*.conf  
    </IfModule>
    

    In my case i have separated files for domains with ssl certificates, so i include them on the statement above.

    And finally make sure you have the OpenSSL pack installed on your server.

    That's it, you can generate self signed certificates to test it out.

    From Rodrigo

0 comments:

Post a Comment