I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following. I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for. Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance.
If you telnet to port 443 on the server what do you get, a connection refused or a connect / open? One way to tell if you’re configured correctly on a basic level is to see if your http instance is listening at all on 443. That’s what the above test does. Also, using apachectl if you do a starts you should not get any errors and get an ok. You should also see the http process running and the connection test will work. Set up a ssl section in your http.conf and define your host variables there.
On Aug 17, 2015, at 2:36 PM, Steve Matzura <sm@noisynotes.com> wrote:
I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following.
I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for.
Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
Most likely, you will be able to figure this out fairly easily if you check the apache logs. The location of the log files depends on your configuration but it is probably /var/log/apache2/. On 08/17/2015 01:36 PM, Steve Matzura wrote:
I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following.
I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for.
Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- John Heim, jheim@math.wisc.edu, skype:john.g.heim
This has all been sorted now. I had too many confs with too many conflicting directives. It took most of an afternoon to go through it and remove the extraneous stuff, but it's all good now. On Mon, 17 Aug 2015 13:49:36 -0500, you wrote:
Most likely, you will be able to figure this out fairly easily if you check the apache logs. The location of the log files depends on your configuration but it is probably /var/log/apache2/.
On 08/17/2015 01:36 PM, Steve Matzura wrote:
I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following.
I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for.
Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
Hi, Not the wrong place at all. I would start by splitting up the SSL stuff from web server stuff. That means, if the SSL is working, move onto the content. Start by going to your 404 page and identify whether it is being delivered over HTTPS. Use the Qualys HTTP scanner at www.sssllabs.com to identify any issues with the HTTPS implementation. Not all of the issues you need to fix, but I would recommend as a starting point ensure the trust is resolving correctly, and that you have SSL V3 switched off. Next identify the content you need to surve up over HTTPS, it is likely your virtual host isn't defined well and so you are ending up at this page, the Apache logs are the place to look here to identify the directory being accessed. I find it helpful to do this to split up HTTPS things from the actual content serving. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Steve Matzura Sent: 17 August 2015 19:37 To: sysadmin <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] PHP and secure Web access I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following. I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for. Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
Hi, Not the wrong place at all. I would start by splitting up the SSL stuff from web server stuff. That means, if the SSL is working, move onto the content. Start by going to your 404 page and identify whether it is being delivered over HTTPS. Use the Qualys HTTP scanner at www.sssllabs.com to identify any issues with the HTTPS implementation. Not all of the issues you need to fix, but I would recommend as a starting point ensure the trust is resolving correctly, and that you have SSL V3 switched off. Next identify the content you need to surve up over HTTPS, it is likely your virtual host isn't defined well and so you are ending up at this page, the Apache logs are the place to look here to identify the directory being accessed. I find it helpful to do this to split up HTTPS things from the actual content serving. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Steve Matzura Sent: 17 August 2015 19:37 To: sysadmin <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] PHP and secure Web access I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following. I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for. Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
Steve, I just saw this. I suspect you have one of 2 problems: 1: you do not have directives set correctly for your ssl virtual host in your httpd.conf or moral equivalent file. 2: You have a permissions problem in your directlry structure. If you have no problem in regular http, but just no https and you get a 403, then it is probably in your conf file. If you wish more in-depth help with this, let me know and I can help you. We can either exchange confile chunks or I can work some other way to help you. Look at the error logs, they are your friends. usually they live in /var/log/httpd/<some_error_log> I am making several asumptions: 1: you are using a relatively recent apache web server and 2: You are running on Linux. -- Kelly Prescott On Mon, 17 Aug 2015, Steve Matzura wrote:
I have some rather deep PHP questions that I need answered in order to solve an implementation problem. If this isn't the right place to talk about PHP, even though I consider it a system administration function, I'd very much appreciate a good mailing list name to go to to post the following.
I have spent the past three full days trying to learn and understand how to implement secure Web access using SSL on Apache 2.4.10. I got basic password-based authentication to work over port 80, but I'd like to take that a step further--use port 443, use SSL, and make that all-important "s" appear in the user's address bar. I have SSL certificates of all kinds--a certified and signed certificate for my Website, a private key of course, and the intermediate key from the certifying authority. These all work. I know they work because I am using them on my Dovecot+Postfix email system successfully. I could probably cite ten or more articles I've read, most from the Apache Software Foundation itself, on how to set this up, but nothing I'm doing is working, which means I must be missing some key thing. When I browse to my site on port 443 by using https, I get 403 forbidden and have no idea why. If anybody knows what the very basic things I should be doing are, I'd appreciate having that knowledge as well. I've tried so many variants of SSL directives and options, and nothing changes, which probably means the options and directives I'm using do not apply to my situation or need, but there must be some basic ones required to start with, and that's what I'm looking for.
Again, if this is the wrong place to ask about detailed PHP stuff, a redirection to a place that is would be greatly appreciated, with my thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
participants (5)
-
Andrew Hodgson -
John G Heim -
Kelly Prescott -
Scott Granados -
Steve Matzura