BLOGS@DiGiTSS

DiGiTSS Team's Programming experience with PHP, MySQL, Ajax, Javascript, jQuery, C# and Microsoft technologies

Posts Tagged Apache

Installing Apache on Windows 2008

Dec 6

Posted by Dharmavirsinh Jhala in Apache | No Comments

I would like to share my experiences with Apache installation on Windows 2008 Server.
It's not a easy drive when you are installing deploying your open-source application on Microsoft Windows 2008 Server. There was a nasty UAC - User Account Control which makes it difficult to configure Apache if we don't know about UAC on Windows 2008.

So if we are installing Apache on Windows 2008 then first thing to take care is go to Control Panel > User Accounts > Enable or Disable UAC. Un-check the checkbox and Finish wizard. It will require a reboot. Once it is done Apache should be able to start without any problem. If you don't do that it gives really wired error which is "Unable to open logs" which really does not make any sense that why this is happening.

Tags: ,

Generating 2048-bit CSR with OpenSSL

Dec 6

Posted by Dharmavirsinh Jhala in OpenSSL | No Comments

As computer processing power is increasing everyday, so breaking 1024-bit private key algorithms will be possible by 2011. So we will need to generate minimum 2048-bit RSA Private Keys for new SSL Certificates or renewals.

I have recently faced similar case while I had given older CSR which I gave last year for the renewal to GoDaddy and it didn't worked due to security reasons.

We need to simply regenerate Private Key and CSR with the help of following OpenSSL command:

 openssl req -nodes -newkey rsa:2048 -keyout new-digitss.key -out new-digitss.csr

This will generate 2048-bit key file and after that it will ask few basic information about the entity being certified. Private Key file generated with above command won't have secret pass-phrase so it won't be a problem deploying them on Windows based Apache server setups or either on Linux platforms. But if you really want to have pass-phrase then please refer to a previous post and replace it with 2048 or 4096 instead of 1024 which is being used in commands or just remove the "-nodes" from the above command which will ask for a pass-phrase.

Removing the "-nodes" option from the above mentioned openssl command will ask for a pass-phrase and encrypt the private key. This can increase security, but please note that the pass-phrase will be required each time Apache is started. In that case you need to get a un-secure private key for your Windows based Apache setup. It is as simple as writing following line of command on OpenSSL.

 rsa -in digitss.key -out unsecured.digitss.key

Above OpenSSL command will give unsecured private key which will have pass-phrase removed and so can be used with Windows based Apache setups.

More References:

For more detailed information on CSR generation please refer following post: (Just use 2048 or 4096 instead of 1024 to make it work)
http://blogs.digitss.com/apache/how-to-generate-certificate-signing-request-csr-file-with-apache-openssl/

See GoDaddy Help for detailed reason on: Why does my CSR need to be 2048 bit length?

CSR Generation Instructions for Rest of the Web-Servers: Certificate Signing Request (CSR) Generation Instructions

Tags: , ,

Faster Page Loads with Apache mod_deflate output filtering

Aug 23

Posted by Dharmavirsinh Jhala in Apache | 3 Comments

Apache 2.x is having module mod_deflate (mod_deflate.so) which can compress output irrespective of what scripting language you are using or even if you are serving a static but rich content website. If you are using PHP then there are ways available which can compress the output with buffering help but in that you need to write some code to make it happen but here we just need to enable mod_deflate module and add some configuration parameter and output compression will be taken care of by this module based on configuration provided.

Output compression is effective way of serving faster web-pages when you have content rich website with loads of html data, css and javascript assets in your web-site or web-application. It would help in saving bandwidth and data transfer over the wire (Internet) will be faster for users too. Though it will have impact on server's CPU utilization due to compression but this compression will be on the fly and level of compression will depend on server's load.

Still good practice is to use gzipped javascript assets as they will not be changed dynamically most of the time and we can save server's CPU utilization by not asking Apache to compress javascript files on each request.

To enable Apache > mod_deflate module, make sure you enable module by un-commenting it from httpd.conf file.

LoadModule deflate_module modules/mod_deflate.so

Then change <Directory ...> sections for Document Root in httpd.conf file as following: Read the rest of this entry »

Tags:

RSA server certificate CommonName (CN) does NOT match server name!?

Jun 13

Posted by Dharmavirsinh Jhala in OpenSSL | No Comments

Problem installing SSL certificate: SSL Library Error: 185073780 error:0B080074:x509 certificate

While configuring SSL for one of my Client I got this error and it took me little while to figure it out that what went wrong with the configuration. Initially I thought that there must be something wrong with the generated certificate as I have generated CSR myself and given it to client and client gave back me Certificate files.

But I was wrong as I was using LogMeIn to connect to the client's Windows 2003 Web-Server and using remote clipboard (Copy+Paste). Something went wrong while pasting that file on the remote Web server. So I transferred files directly and then it worked well without any problem.

[Mon Jun 01 03:22:49 2009] [warn] RSA server certificate CommonName (CN) `portal.client.com' does NOT match server name!?
[Mon Jun 01 03:22:49 2009] [error] Unable to configure RSA server private key
[Mon Jun 01 03:22:49 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Reference URL that helped me find the answer is below:

http://www.howtoforge.com/forums/showthread.php?t=22493

Tags: ,

Allow only HTTPS access with .htaccess

Apr 26

Posted by Dharmavirsinh Jhala in Apache | No Comments

If you want any of your web-directory to be accessed only via Secure HTTP (HTTPS) protocol then placing following code in ".htaccess" will make sure that any URL or Web-address will be converted from Http to Https.

IndexIgnore *
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It will rewrite all URLs with HTTPS instead of HTTP. This may be helpful in case while you want only specific directory to be accessed via Secure HTTP or you want your users to redirect to correct address/protocol when they type in http:// by mistake and port 80 is not accessible.

It is also possible to do same with PHP or any other scripting language we use, but then it depends on the application and approach we choose.

Tags: , ,

How to generate Certificate Signing Request (CSR) file with Apache OpenSSL

Apr 13

Posted by Dharmavirsinh Jhala in Apache, OpenSSL | 9 Comments

When it comes to use SSL over apache, OpenSSL is there for us to do everything we want. XAMPP and WAMP both comes with OpenSSL compiled version of Apache, so it becomes quite handy to use it. But how to get SSL certificate for your website?For getting SSL certificate you need to ask your hosting company if you are running on shared server and don't have access to apache installation directory and config files. Most of the hosting companies will do this for you with some amount of fee. Fee/cost depends on the kind of certificate you are requesting and for the period of time. For example www.domain.com certificates will be quite cheaper then *.domain.com.

Now if you are running and managing your own webserver and you have to get certificate(s) for your company/client or your own website then first requirement is to generate "Certificate Signing Request" - CSR file, which you need to send to Certificate Authority to sign and give back to you as CRT file. This tutorial is not meant for Apache expert but for those who have not much experience SSL and Apache stuff.

Generation of CSR files with Apache on OpenSSL is quite simple and it is matter of typing few commands and we are done. You need to follow similar commands on OpenSSL prompt whether you are running Apache over Windows or Linux. Here is the routine which we need to follow to get our .CSR file ready.

If you have your Apache setup ready with OpenSSL then goto BIN directory under your Apache's installation directory. If you are on Windows machine then it could be under D:\Program Files\Apache\bin and if it is Linux you know better where to find it. Open Command Prompt and goto Apache's BIN directory and then type "openssl" over there. You will get OpenSSL prompt immediately. You may need not to goto Apache/Bin directory if that path is set in your system variables, you can just type openssl and you will get the prompt like below. Read the rest of this entry »

Tags: , , , ,

Beginner’s Resources for PHP-MySQL Development

Feb 15

Posted by Dharmavirsinh Jhala in PHP | 1 Comment

Sometimes developer’s don’t find the perfect startup environment for PHP development when they are in their initial stage. Setting up PHP with Apache could be difficult for beginner if he don’t know how to modify httpd.config or php.ini settings. In my initial stages I have installed PHP with IIS and then Apache and later even tried EasyPHP too. But EasyPHP has no release for PHP5, so that made me down. Never mind after some time I came across a PHP, MySQL and Apache package with which I fall in love. It is truly zero configuration installation to start PHP, MySQL development with Apache over any platform including Windows, Linux, Solaris, Mac OS X. The other good alternate to that is WAMP Server if you are using Windows for development.

XAMPP or WAMPSERVER both are good development environment for novice or experienced developers when want zero configuration LAMP/WAMP environment. You can even use it for production server with modifications in some of security measures and optimizing MySQL and PHP settings as per your server configuration (mainly memory). Read the rest of this entry »

Tags: , , , ,