Page 1 of 1

SSL Not Working! Access Forbidden

PostPosted: 13. June 2009 23:47
by ocsnetworks
I have just upgraded my XAMPP to 1.7.1

Now when I go to https://localhost I get secured with XAMPP Homepage.

Now when I go to https://www.ocs-networks.com/ I get Access Forbidden.
Localhost works like it's suppose to... But the main website ssl does not.
Before I upgraded my SSL Certificates were working fine, not anymore....
My certificate is valid and installed correctly....
It's the configuration somewhere....

Please assist me in my problems......

My /xampp/apache/conf/extras/httpd-ssl.conf looks like this:

Code: Select all

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl.scache
SSLSessionCacheTimeout  300
SSLMutex  default

<VirtualHost _default_:443>
    DocumentRoot "C:/www/htdocs"
    ServerName localhost:443
    ServerAdmin admin@localhost
    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/server.crt
    SSLCertificateKeyFile conf/ssl.key/server.key

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>
    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>

<VirtualHost http://www.ocs-networks.com:443>
    DocumentRoot "C:/www/ocs-networks.com"
    ServerName http://www.ocs-networks.com:443
    ServerAdmin support@ocs-networks.com
    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>
    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/ocs.crt
    SSLCertificateKeyFile conf/ssl.key/ocs.key

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>
    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>


Re: SSL Not Working! Access Forbidden

PostPosted: 14. June 2009 00:37
by Wiedmann
Can you edit (review) your post and put the config file into [code][/code] tags?

Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 18:18
by ocsnetworks
Here is the Apache httpd.conf


Code: Select all
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned. 
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/xampp/apache" will be interpreted by the
# server as "C:/xampp/apache/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which Apache.exe is located
# will be used by default.  It is recommended that you always supply
# an explicit drive letter in absolute paths, however, to avoid
# confusion.
#

# ThreadsPerChild: constant number of worker threads in the server process
# MaxRequestsPerChild: maximum  number of requests a server process serves
ThreadsPerChild 250
MaxRequestsPerChild  0

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "C:/xampp/apache"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
LoadModule status_module modules/mod_status.so
LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule ssl_module modules/mod_ssl.so

#LoadModule autoindex_color_module modules/mod_autoindex_color.so
#LoadModule mysql_auth_module modules/mod_auth_mysql.so
#LoadModule auth_remote_module modules/mod_auth_remote.so
#LoadModule sspi_auth_module modules/mod_auth_sspi.so
#LoadModule log_sql_module modules/mod_log_sql.so
#LoadModule log_sql_mysql_module modules/mod_log_sql_mysql.so
#<IfModule ssl_module>
#    LoadModule log_sql_ssl_module modules/mod_log_sql_ssl.so
#</IfModule>
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule xmlns_module modules/mod_xmlns.so
#LoadModule proxy_xml_module modules/mod_proxy_xml.so
#LoadModule bw_module modules/mod_bw.so

### SVN from XAMPP devel package ###
#LoadModule dav_svn_module modules/mod_dav_svn.so
#LoadModule authz_svn_module modules/mod_authz_svn.so

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin admin@localhost

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName localhost:80

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/xampp/htdocs"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features. 
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/xampp/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks Includes ExecCGI
   
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.php index.php4 index.php3 index.cgi index.pl index.html index.htm index.shtml index.phtml
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog logs/access.log common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog logs/access.log combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "C:/xampp/cgi-bin/"

</IfModule>

#
# "C:/xampp/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:/xampp/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

#
# Apache parses all CGI scripts for the shebang line by default.
# This comment line, the first line of the script, consists of the symbols
# pound (#) and exclamation (!) followed by the path of the program that
# can execute this specific script.  For a perl script, with perl.exe in
# the C:\Program Files\Perl directory, the shebang line should be:

   #!c:/program files/perl/perl

# Note you _must_not_ indent the actual shebang line, and it must be the
# first line of the file.  Of course, CGI processing must be enabled by
# the appropriate ScriptAlias or Options ExecCGI directives for the files
# or directory in question.
#
# However, Apache on Windows allows either the Unix behavior above, or can
# use the Registry to match files by extention.  The command to execute
# a file of this type is retrieved from the registry by the same method as
# the Windows Explorer would use to handle double-clicking on a file.
# These script actions can be configured from the Windows Explorer View menu,
# 'Folder Options', and reviewing the 'File Types' tab.  Clicking the Edit
# button allows you to modify the Actions, of which Apache 1.3 attempts to
# perform the 'Open' Action, and failing that it will try the shebang line.
# This behavior is subject to change in Apache release 2.0.
#
# Each mechanism has it's own specific security weaknesses, from the means
# to run a program you didn't intend the website owner to invoke, and the
# best method is a matter of great debate.
#
# To enable the this Windows specific behavior (and therefore -disable- the
# equivilant Unix behavior), uncomment the following directive:
#
#ScriptInterpreterSource registry
#
# The directive above can be placed in individual <Directory> blocks or the
# .htaccess file, with either the 'registry' (Windows behavior) or 'script'
# (Unix behavior) option, and will override this server default option.
#

#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    AddHandler cgi-script .cgi

    # For files that include their own HTTP headers:
    #AddHandler send-as-is asis

    # For server-parsed imagemap files:
    #AddHandler imap-file map

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
   AddType text/html .shtml
   AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
EnableMMAP off
EnableSendfile off

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.

# XAMPP specific settings
Include conf/extra/httpd-xampp.conf

# Server-pool management (MPM specific)
# Include conf/extra/httpd-mpm.conf

# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

# Language settings
Include conf/extra/httpd-languages.conf

# User home directories
Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
Include conf/extra/httpd-info.conf

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>


Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 18:20
by ocsnetworks
Here is the XAMPP SSL Conf.

Code: Select all

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl.scache
SSLSessionCacheTimeout  300

SSLMutex  default


<VirtualHost _default_:443>
    DocumentRoot "C:/xampp/htdocs"

    ServerName localhost:443
    ServerAdmin admin@localhost

    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/server.crt

    SSLCertificateKeyFile conf/ssl.key/server.key

    <Location />
    </Location>

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>

    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>

<VirtualHost http://www.ocs-networks.com:443>
    DocumentRoot "C:/xampp/www/ocs-networks.com"

    ServerName http://www.ocs-networks.com:443
    ServerAdmin support@ocs-networks.com

    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/ocs.crt

    SSLCertificateKeyFile conf/ssl.key/ocs.key

    <Location />
    </Location>

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>

    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>


Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 18:21
by ocsnetworks
And the httpd-xampp.conf in the extras


Code: Select all

# XAMPP settings
#
<IfModule alias_module>
<IfModule mime_module>
    #ScriptAlias /php/ "C:/xampp/php/"
    #Action application/x-httpd-php "/php/php-cgi.exe"
    PHPINIDir "C:/xampp/php"
    LoadModule php5_module "C:/xampp/apache/bin/php5apache2_2.dll"
    AddType text/html .php .phps .php5 .php4 .php3 .phtml .phpt
   <FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
     SetHandler application/x-httpd-php
  </FilesMatch>
  <FilesMatch "\.phps$">
     SetHandler application/x-httpd-php-source
  </FilesMatch>

   <Directory "C:/xampp/htdocs/xampp">
      <IfModule php5_module>
         <Files "status.php">
            php_admin_flag safe_mode off
         </Files>
      </IfModule>
   </Directory>

    Alias /security "C:/xampp/security/htdocs/"
    <Directory "C:/xampp/security/htdocs">
      <IfModule php5_module>
         <Files "xamppsecurity.php">
            php_admin_flag safe_mode off
         </Files>
      </IfModule>
        Order deny,allow
   Deny From none
   Allow from All
    </Directory>

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    <Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    Alias /webalizer "C:/xampp/webalizer/"
    <Directory "C:/xampp/webalizer">
      <IfModule php5_module>
         <Files "webalizer.php">
            php_admin_flag safe_mode off
         </Files>
      </IfModule>
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

      Alias /contrib "C:/xampp/contrib/"
    <Directory "C:/xampp/contrib">
      <IfModule php5_module>
         <Files "webalizer.php">
            php_admin_flag safe_mode off
         </Files>
      </IfModule>

        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>
</IfModule>
</IfModule>


# Access restriction via Remote
<IfModule auth_remote_module>
    <Directory "C:/xampp/htdocs/fonts">
    AllowOverride All
    AuthType           Basic
    AuthName           "AUTH REMOTE TEST"
    AuthRemoteServer   localhost
    AuthRemotePort     80
    AuthRemoteURL      /forbidden/
    Require            valid-user
    #User: user / Password: pass
</Directory>
</IfModule>

# Access restriction via MySQL
<IfModule mysql_auth_module>
<Location /restricted>
     AuthMySQLEnable On
    AuthName "MySQL Secured Place"
    AuthType Basic
    require valid-user
    AuthMySQLHost localhost
    AuthMySQLUser root
#   AuthMySQLPassword
    AuthMySQLDB webauth
    AuthMySQLUserTable user_pwd
    AuthMySQLNameField name
    AuthMySQLPasswordField pass
    AuthMySQLPwEncryption none
</Location>
</IfModule>


Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 19:07
by Wiedmann
Code: Select all
<VirtualHost http://www.ocs-networks.com:443>

    ServerName http://www.ocs-networks.com:443

"http://www.ocs-networks.com:443" is not a valid value for VirtualHost or ServerName.

Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 21:22
by ocsnetworks
Here is the new SSL Config.
Still not working

Code: Select all
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl.scache
SSLSessionCacheTimeout  300

SSLMutex  default


<VirtualHost _default_:443>
    DocumentRoot "C:/xampp/htdocs"

    ServerName localhost:443
    ServerAdmin admin@localhost

    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/server.crt

    SSLCertificateKeyFile conf/ssl.key/server.key

    <Location />
    </Location>

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>

    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>

<VirtualHost www.ocs-networks.com:443>
    DocumentRoot "C:/xampp/www/ocs-networks.com"

    ServerName www.ocs-networks.com:443
    ServerAdmin support@ocs-networks.com

    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/access.log combined
    </IfModule>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/ocs.crt

    SSLCertificateKeyFile conf/ssl.key/ocs.key

    <Location />
    </Location>

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>

    <IfModule log_config_module>
        CustomLog logs/ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>

Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 22:00
by Wiedmann
Now when I go to https://www.ocs-networks.com/ I get Access Forbidden.

Anything in Apaches' "error.log"?

Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 22:21
by ocsnetworks
Here is the SSL Error log:

Code: Select all
[Sat Jun 13 17:04:19 2009] [error] [client XX.60.50.XXX] client denied by server configuration: C:/xampp/www/ocs-networks.com/
[Sat Jun 13 17:05:35 2009] [error] [client XX.22.88.XXX] client denied by server configuration: C:/xampp/www/ocs-networks.com/



Here is the Error.log

Code: Select all
[Thu Jun 18 16:22:41 2009] [error] [client XX.11.155.XX] client denied by server configuration: C:/xampp/www/ocs-networks.com/
[Thu Jun 18 16:22:43 2009] [error] [client XX.11.155.XX] client denied by server configuration: C:/xampp/www/ocs-networks.com/

Re: SSL Not Working! Access Forbidden

PostPosted: 18. June 2009 23:12
by Wiedmann
Code: Select all
DocumentRoot "C:/xampp/www/ocs-networks.com"

Code: Select all
[Sat Jun 13 17:04:19 2009] [error] [client XX.60.50.XXX] client denied by server configuration: C:/xampp/www/ocs-networks.com/

You need a <Directory> block for this DocumentRoot which allows access.

Re: SSL Not Working! Access Forbidden

PostPosted: 20. June 2009 09:39
by ocsnetworks
ok, I have now got my main SSL working for my website.
I did the same steps for the 2nd domain and it tried to
get the certificate for the main domain....

Main Domain:
https://www.ocs-networks.com/

Second Domain:
https://www.flemingstreasures.com/

Here is what my SSL Config Looks like now.
With Directory Options.

Code: Select all
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl.scache
SSLSessionCacheTimeout  300

SSLMutex  default


<VirtualHost www.ocs-networks.com:443>
    DocumentRoot "C:/xampp/www/ocs-networks.com"

    ServerName www.ocs-networks.com:443
    ServerAdmin support@ocs-networks.com

    ErrorLog logs/error.log
    <IfModule log_config_module>
        CustomLog logs/ocs_access.log combined
    </IfModule>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/ocs.crt

    SSLCertificateKeyFile conf/ssl.key/ocs.key

    <Location />
    </Location>

    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/www/ocs-networks.com">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>

    <IfModule log_config_module>
        CustomLog logs/ocs_ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>

<VirtualHost www.flemingstreasures.com:443>
    DocumentRoot "C:/xampp/www/flemingstreasures.com"
    ServerName www.flemingstreasures.com:443
    ServerAdmin admin1@localhost
    ErrorLog logs/error1.log
    <IfModule log_config_module>
        CustomLog logs/access1.log combined
    </IfModule>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile conf/ssl.crt/server.crt
    SSLCertificateKeyFile conf/ssl.key/server.key
    <FilesMatch "\.(cgi|shtml|phtml|php|php5|php4|php3)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/xampp/www/flemingstreasures.com">
        SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    </IfModule>
    <IfModule log_config_module>
        CustomLog logs/ssl_request1.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>