SSL

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Re: SSL

Postby Wiedmann » 16. April 2009 22:44

It works when I don't encrypt. (many sad faces).

Just a question:
You know what the directive SSLPassPhraseDialog is doing?
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Re: SSL

Postby kheng » 16. April 2009 23:01

You know what the directive SSLPassPhraseDialog is doing?


Sorry, I don't quite understand the question.

my httpd-ssl.conf has the line: "SSLPassPhraseDialog builtin" I think this is the default for an XAMPP installation...?

What this line does, however, I don't know. I'm guessing the xampp installation has an apache mod with a builtin pass phrase filter? if not, I guess it's directing apache to the a passphrase filter that is pre-installed in windows (which I will need to install manually first - hence my error).

but I'm just guessing here :) I would be grateful for any enlightenment! :D
kheng
 
Posts: 9
Joined: 16. April 2009 19:09
Location: Australia

Re: SSL

Postby Wiedmann » 16. April 2009 23:34

What this line does, however, I don't know.

How want you write a how to, if you don't know how this directive work and what you can change with its parameters?

Well, you have no problems with your cert. You can use RSA or DSA. PEM is just the encoding from the cert files (like MIME for mails).

The best is: Just read the Docu from your CA, how to create the private/public key and cert request for an Apache server together with this CA. (bassically it's always the same steps). In the Apache manual, there is also an FAQ how to do this.

I'm guessing the xampp installation has an apache mod with a builtin pass phrase filter? if not, I guess it's directing apache to the a passphrase filter that is pre-installed in windows (which I will need to install manually first - hence my error).

And now the thing with the passphrase.

If your server cert includes your key (and passphrase), you must:
a) enter the passphrase at server startup (apache builtin, reads from STDIN).
b) or you can configure a programm/shell script, which just writes the passphrase to STDOUT

That is, what you can configure with SSLPassPhraseDialog. But a) is not really possible with XAMPP (or an Apache service on Windows at all). This can only work if you start Apache yourself from the shell.

And there is a 3rd option. You can remove your key (and passphrase) from the server cert. If you are doing this, you must not enter the passphrase at server startup.
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Re: SSL

Postby kheng » 17. April 2009 00:20

Hi Wiedmann,

I appreciate your assistance, and respect your knowledge.

The problems that occured here though were due (in my humble opinion) to the following factors:
1) I installed Apache as a service, as I want it to start when my server starts.
2) There are no FAQ's explicidly stating that running Apache as a service with XAMPP, will mean that you will not be able to use a PEM and encrypt your Key.
3) Documentation from all of the CA's recommend encrypting your key, so when following their instructions, I encrypted my key.

Perhaps you can include in the FAQ, a question:
"Can I use an encrypted Key with my Apache Service" with the anwser being "no - the only way you can use an encrypted key, is if you want to start apache manually from a prompt"

Unfortunately, I'm using XAMPP because I'm not that technically savvy, and enjoy having a single package that integrates apache, php, and MySQL (without the need to configure/edit conf and ini files). The flow on for this, is that I (and many other XAMPP users) are here because we don't have a solid understanding of the config and ini files, hence need help from people like you, to get our installations to work.

The offer of putting together a "how to", was made because the exsisting documentation makes no mention of how to get SSL to work in what I thought would be a fairly common situation. I'm sorry if my ignorance offends you, but there is (to my knowledge) no documentation available yet that will help people like fyndler and myself.

If you have the ability to update the FAQ, that would be great, and will probably save alot of people alot of time. If you have the time to write a comprehensive set of instructions detailing the options available in a clear and understandable way, please, create it. Just remember to "dumb it down" so that people like me are able to understand it.

If your server cert includes your key (and passphrase), you must:
a) enter the passphrase at server startup (apache builtin, reads from STDIN).
b) or you can configure a programm/shell script, which just writes the passphrase to STDOUT

this for example is completely beyond my abilities, although it looks like something that would be very easy for you.

I'm not being ungrateful for your comments and assistance, I just want you to know that we're not all as smart as you are, and my offer to create a "tute" was to allow people less gifted, to be able to get more out of XAMPP. It's not that I don't think you can write a good tute, I just believe that coming from a less technical background, I would write something that less enlightened people would find easier to understand.
kheng
 
Posts: 9
Joined: 16. April 2009 19:09
Location: Australia

Re: SSL

Postby Wiedmann » 17. April 2009 02:50

2) There are no FAQ's explicidly stating that running Apache as a service with XAMPP,

It's a simular situation like autostarting Apache on Unix. (and the same solutions)

will mean that you will not be able to use a PEM and encrypt your Key.

The fileformat is allways PEM. Only the encryption of the private key is the problem.

"Can I use an encrypted Key with my Apache Service" with the anwser being "no - the only way you can use an encrypted key, is if you want to start apache manually from a prompt"

Or if you change the SSLPassPhraseDialog parameter.

b) or you can configure a programm/shell script, which just writes the passphrase to STDOUT

Put a batchfile (passphrase.bat) in \xampp\apache\bin
Code: Select all
@echo yourpassphrase


and change:
Code: Select all
SSLPassPhraseDialog builtin

to
Code: Select all
SSLPassPhraseDialog exec:/xampp/apache/bin/passphrase.bat


Well, have not test this yet, but should work.

But instead of writing your passphrase into a batchfile, it seems be more simply, to remove the passphrase from the key:
Code: Select all
copy server.key server.key.org
openssl.exe rsa -in server.key.org -out server.key
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Re: SSL

Postby kheng » 17. April 2009 03:23

Hi Wiedmann,

thanks for the detailed reply.

I'm not having much luck using the passphrase.bat file to get the apache service to run.

that said, isn't having the password in a plain text ".bat" file, almost as dangerous as having an unencrypted private key?

copy server.key server.key.org
openssl.exe rsa -in server.key.org -out server.key

this is a very useful trick though! I never knew you could remove a passphrase from a key. Thank you for teaching me that :)
kheng
 
Posts: 9
Joined: 16. April 2009 19:09
Location: Australia

Re: SSL

Postby Wiedmann » 17. April 2009 11:52

I'm not having much luck using the passphrase.bat file to get the apache service to run.

I've just test this, and it's working without problems.

isn't having the password in a plain text ".bat" file, almost as dangerous as having an unencrypted private key?

If someone can read this batchfile or your server.key... (but XAMPP is a development environment, and thus this question is more hypothetical)

The point with the batchfile is: You need a program whith is just outputing the passphrase to the screen (shell/STDOUT). This program/batch can also get the passphrase from an encrypted registry key or from a secure key card and then output it.

this is a very useful trick though! I never knew you could remove a passphrase from a key.

That's what we are doing in our "makecert.bat".
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Re: SSL

Postby Mhaugh » 29. April 2009 00:37

Hi guys,

If you want all the information about ssl certificates and how to install them, configure them there is a cool sites

www.thesslstore.com
www.rapidsslonline.com

http://support.thesslstore.com/index.ph ... se&_a=view

check out those links its cool information in it.
Mhaugh
 
Posts: 1
Joined: 29. April 2009 00:33

Re: SSL

Postby Click SSL » 19. March 2010 12:06

Hello All,

Here at excellent information about SSL Certificates.
Single root certificate, wildcard ssl certificate, ssl site seal, generate CSR Key, installtion & more.

For more details visit our corporate website: http://www.clickssl.com.
FAQ: http://www.clickssl.com/ssl-faq.aspx.
ClickSSL.com | Platinum Partner Company of RapidSSL| Thawte | GeoTrust and Symantec.
User avatar
Click SSL
 
Posts: 1
Joined: 19. March 2010 11:36
Location: Newark, DE, USA
Operating System: Win 7

Re: SSL

Postby jdwhite » 23. November 2010 12:39

Hey guys! I use and installed the Extended Validation SSL certificates on my Apache server.

You might find the following link useful in that respect in regards to installation and support as I did.

http://www.ssl247.com/support/install/apache

Jamie
jdwhite
 
Posts: 1
Joined: 23. November 2010 12:27

Re: SSL

Postby ankit.yadav123 » 05. July 2012 23:51

Kheng,

Could you please put a tutorial stuff over the same for the Godaddy certificates.

Ankit
ankit.yadav123
 
Posts: 2
Joined: 28. June 2012 21:53
Operating System: Windows 7 Enterprise

Re: SSL

Postby JonB » 06. July 2012 14:26

@ ankit.yadav123

You DID note that the thread is three years old, correct?

Good Luck
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Previous

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 48 guests