push certificate to webapplication, but how.

Problems with the Windows version of XAMPP, questions, comments, and anything related.

push certificate to webapplication, but how.

Postby thehazzard » 25. November 2022 14:44

Hi all,

We are facing some issues with the following.

We are running several server
1 domain controller (srv-dc01, used for AD-DS)
1 2d domain controller (srv-dc02, used for replication dc01, CA server, dhcp etc)
1 web application (srv-idoit, used for i-doit, xamp)

We have installed the i-doit + xamp on the last server. And it works, we have installed it and we can login, activate the licenses.
But when it comes to security, the problem is that the connection https is not secured,

so what did we do, first of all we followed some youtube links regarding create or requesting an certificate.
Also saw some youtube videos for the XAMP how to use makecrt.bat file etc, and to configurate the httpd-vhosts

But still not working, so i dont know if i need to be on the server part or still in XAMP part.


if someone can explain it to me?
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby Nobbie » 25. November 2022 20:06

You need to get a certificate from a known SSL provider and must install it using their configuration tool.

Actually, that is a quite sophisticated task. The makecrt.bat is only for fake SSLs certificate for localhost. You need an official granted SSL certificate from an official provider. "Letsencrypt" offers trusted certificates for free. But you still have to follow their installation procedure (what is not easy at all). Xampp is only for local development, not for public servers.
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04

Re: push certificate to webapplication, but how.

Postby thehazzard » 28. November 2022 06:17

Hello,

Thank you for the reply.

We only need it internally that the connection is safe.
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby thehazzard » 28. November 2022 09:01

So we tried to run the makecrt.bat file, filled in everything. Created a host and located the certification path as well.
When you surf to the website, you see everything we filled in the makecrt.bat file but still it says in IE connection error.
And not secured on other browsers.

what do i wrong at this moment?
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby thehazzard » 28. November 2022 11:54

Hello all,

so i tried several things in the meantime to get it working.
Somehow now in IE it shows it is encrypted, what is good right?

What i did was: Added this in httpd-xamp
<VirtualHost *:80>
DocumentRoot "C:\xampp\htdocs"
ServerName srv-idoit.domainname
ServerAlias *.srv-idoit.domainname
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:\xampp\htdocs"
ServerName srv-idoit.domainname
ServerAlias *.srv-idoit.domainname
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>

In system32/extra/etc/hosts file i added
172.0.0.1 and the server url.

Now in IE it shows, but in Chrome it still does show (NOT Secure)
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby Nobbie » 28. November 2022 13:33

Chrome probably does not accept self signed certificates. You may google for "self signed certificate for chrome", there should be an option to configure chrome to accept such certificates, but i dont remember how.

In system32/extra/etc/hosts file i added
172.0.0.1 and the server url.


Oups - that looks like a typo (either here or already in /etc/hosts). You probably meant 127.0.0.1 instead of 172.0.0.1
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04

Re: push certificate to webapplication, but how.

Postby thehazzard » 28. November 2022 14:46

Hello,

So it works now on the current server where xamp is installed, indeed changed the IP address in hosts file.
When I go to the link in IE it gives me this website is encrypted with the details I added in the certificate, so i assume its good.

But when I go to a other server and try to run the Https it does not work.
So somehow I need to get it working on the server as well?

We use several servers. On our dc02 we have installed CA + DNS etc
On our 3d server the web application is running.
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby thehazzard » 29. November 2022 08:11

Just an extra thing:

I tried the win.acme part to generate an LetsEncrypt certificate.
Since our DC's do not have internet access, the commandline will not see the bindings.
I tried it on a client machine where we have administrator rights and internet, but each time it fails.

I assume in the DNS of our registar we need to do something: But this part i am not part of or allowed to change, modify.
And the person in charge of that is also not there.

So is there an internal solution for this one?

3 Servers, each server does serve as its own purpose.
The 3d machine is the web application where XAMP is installed. and the software i-doit.
2d server is the DC02 where the CA (Certificate Authority) is installed.
1st server is the DC01 for the AD-DS


One more thing, i forget to change the hdocs in XAMP to for example idoit, will this impact something?
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby Nobbie » 29. November 2022 13:24

thehazzard wrote:So is there an internal solution for this one?


I dont know.

Actually, all this stuff is far beyond the scope of this forum. This forum is meant for Xampp Installation Problems on Windows (for privat people at home), not for "general and free of cost" Server configuration. Either wait for your admin coming back or hire a professional. We cannot maintain your infrastructure here.
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04

Re: push certificate to webapplication, but how.

Postby thehazzard » 01. December 2022 07:53

Nobbie wrote:
thehazzard wrote:So is there an internal solution for this one?


I dont know.

Actually, all this stuff is far beyond the scope of this forum. This forum is meant for Xampp Installation Problems on Windows (for privat people at home), not for "general and free of cost" Server configuration. Either wait for your admin coming back or hire a professional. We cannot maintain your infrastructure here.



Its not maintaining it is just giving advise, since we started to use XAMPP in our environment, but only for internal use, not external (business)

I wanted to use the win-acme, that generates a LetsEncrypt certificate. But since the server(virtual) will not be connected to the internet vlan, that means we need to generate each time a certificate, to open the network each 90 days.
This will not be a real great solution.

Our question is, what kind of certificate for example from our Root CA (Certificate Authority) server we need to have to apply in XAMPP/Apache.
Because when i read some documentation, you have 3 folders ssl.server/ssl.key/ssl.something
And you need to modify the httpd-vhost with a 443 rule with extra line.
thehazzard
 
Posts: 15
Joined: 25. November 2022 14:38
XAMPP version: v3.3.0
Operating System: Server 2019 Datacenter

Re: push certificate to webapplication, but how.

Postby Nobbie » 01. December 2022 12:52

There is no "Xampp / Apache ", there is only Apache. Xampp is only an abbreveation for a distribution. There is no special advice for SSL certificates, follow the Apache documentation for SSL. You may put the certificates whereever you want, httpd-ssl.conf only shows an example, you may or may not do it the same way.

As i personally also did not like to renew the SSL certificate every 3 months, i got mine from a cheap registrar (simply google for cheap ssl certificate, there are lots of). Anyway, you have to renew it every year, due to common thinking about security, most trusted SSL are only valid for one year.
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 140 guests