drevls8138
drevls8138
2018-08-25 16:17
浏览 205
已采纳

独立的Wamp服务器ssl auth设置

Want to setup a portable server from Apache, PHP and MySQL, all of them from the newest binary.

Downloaded and configured each other, but have 2 issue, which i think is only one. First: I set the loglevel to Info in httpd.conf, and started the server. Error.log contains:

[Sat Aug 25 17:32:35.246609 2018] [ssl:info] [pid 13736:tid 592] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Aug 25 17:32:35.246609 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server servertwo.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.247609 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key servertwo.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.key
[Sat Aug 25 17:32:35.247609 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server serverone.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.247609 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key serverone.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.key
[Sat Aug 25 17:32:35.249606 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server localhost:443 for SSL protocol
[Sat Aug 25 17:32:35.250605 2018] [ssl:warn] [pid 13736:tid 592] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Sat Aug 25 17:32:35.250605 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key localhost:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/server.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/server.key
[Sat Aug 25 17:32:35.250605 2018] [ssl:info] [pid 13736:tid 592] AH01876: mod_ssl/2.4.34 compiled against Server: Apache/2.4.34, Library: OpenSSL/1.1.0h
[Sat Aug 25 17:32:35.284684 2018] [socache_shmcb:info] [pid 13736:tid 592] AH00830: Shared memory socache initialised
[Sat Aug 25 17:32:35.284684 2018] [ssl:info] [pid 13736:tid 592] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Aug 25 17:32:35.284684 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server servertwo.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.285683 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key servertwo.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.key
[Sat Aug 25 17:32:35.285683 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server serverone.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.285683 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key serverone.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.key
[Sat Aug 25 17:32:35.286682 2018] [ssl:info] [pid 13736:tid 592] AH01914: Configuring server localhost:443 for SSL protocol
[Sat Aug 25 17:32:35.286682 2018] [ssl:warn] [pid 13736:tid 592] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Sat Aug 25 17:32:35.286682 2018] [ssl:info] [pid 13736:tid 592] AH02568: Certificate and private key localhost:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/server.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/server.key
[Sat Aug 25 17:32:35.286682 2018] [ssl:info] [pid 13736:tid 592] AH01876: mod_ssl/2.4.34 compiled against Server: Apache/2.4.34, Library: OpenSSL/1.1.0h
[Sat Aug 25 17:32:35.297671 2018] [mpm_winnt:notice] [pid 13736:tid 592] AH00455: Apache/2.4.34 (Win64) OpenSSL/1.1.0h PHP/7.2.9 configured -- resuming normal operations
[Sat Aug 25 17:32:35.297671 2018] [mpm_winnt:notice] [pid 13736:tid 592] AH00456: Server built: Jul 10 2018 10:15:24
[Sat Aug 25 17:32:35.297671 2018] [mpm_winnt:info] [pid 13736:tid 592] AH80000: Distributed by: The Apache Haus
[Sat Aug 25 17:32:35.297671 2018] [mpm_winnt:info] [pid 13736:tid 592] AH80001: Compiled with: Visual Studio 2015
[Sat Aug 25 17:32:35.297671 2018] [core:notice] [pid 13736:tid 592] AH00094: Command line: 'Apache_2.4.34/bin/httpd.exe -d C:/wamp_p/Apache_2.4.34'
[Sat Aug 25 17:32:35.300667 2018] [mpm_winnt:notice] [pid 13736:tid 592] AH00418: Parent: Created child process 14088
[Sat Aug 25 17:32:35.660294 2018] [ssl:info] [pid 14088:tid 652] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Aug 25 17:32:35.660294 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server servertwo.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.661293 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key servertwo.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.key
[Sat Aug 25 17:32:35.661293 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server serverone.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.661293 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key serverone.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.key
[Sat Aug 25 17:32:35.662292 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server localhost:443 for SSL protocol
[Sat Aug 25 17:32:35.662292 2018] [ssl:warn] [pid 14088:tid 652] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Sat Aug 25 17:32:35.662292 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key localhost:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/server.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/server.key
[Sat Aug 25 17:32:35.662292 2018] [ssl:info] [pid 14088:tid 652] AH01876: mod_ssl/2.4.34 compiled against Server: Apache/2.4.34, Library: OpenSSL/1.1.0h
[Sat Aug 25 17:32:35.688265 2018] [socache_shmcb:info] [pid 14088:tid 652] AH00830: Shared memory socache initialised
[Sat Aug 25 17:32:35.688265 2018] [ssl:info] [pid 14088:tid 652] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Aug 25 17:32:35.688265 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server servertwo.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.688265 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key servertwo.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/servertwo.key
[Sat Aug 25 17:32:35.688265 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server serverone.tld:443 for SSL protocol
[Sat Aug 25 17:32:35.689264 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key serverone.tld:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/serverone.key
[Sat Aug 25 17:32:35.689264 2018] [ssl:info] [pid 14088:tid 652] AH01914: Configuring server localhost:443 for SSL protocol
[Sat Aug 25 17:32:35.689264 2018] [ssl:warn] [pid 14088:tid 652] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Sat Aug 25 17:32:35.689264 2018] [ssl:info] [pid 14088:tid 652] AH02568: Certificate and private key localhost:443:0 configured from C:/wamp_p/Apache_2.4.34/conf/ssl/server.crt and C:/wamp_p/Apache_2.4.34/conf/ssl/server.key
[Sat Aug 25 17:32:35.689264 2018] [ssl:info] [pid 14088:tid 652] AH01876: mod_ssl/2.4.34 compiled against Server: Apache/2.4.34, Library: OpenSSL/1.1.0h
[Sat Aug 25 17:32:35.703250 2018] [mpm_winnt:notice] [pid 14088:tid 652] AH00354: Child: Starting 64 worker threads.

The [ssl:warn] [pid 14088:tid 652] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name line says something is wrong with the certificate.

The httpd.conf contains the following relevant lines:

LoadModule ssl_module modules/mod_ssl.so
<IfModule ssl_module>
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ahssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

The ahssl.conf is exists, and the linked certificate exists too in

C:\wamp_p\Apache_2.4.34\conf\ssl\server.crt
C:\wamp_p\Apache_2.4.34\conf\ssl\server.key

The httpd-ahssl.conf is original, not changed.

The PHPinfo relevant output is here

When i install Apache as a system service it is not started due to this error, but i can start it manually or net start command, and it is working.

Second: I installed phpmyadmin, but not configured a server (no ini copied). When i try to login with test account it is cannot login. The error can seen here

When i open a cmd and login with mysql -u test -p ,it works, and i can log in with phpmyadmin as well. Until the sql server and or the http server not restarted anytime can login with that user which logged in in console too in this session.

Is that belong the ssl?

I commented it at php.ini and httpd.conf too, servers restarted, but the login problem stayed the same.

What need i to do? Thanks!

Update 1:

I tried to generate new certificates, but i run into trouble. It cannot find the config file, but it is there where it search for it. Checked double:

c:\wamp_p\Apache_2.4.34\bin>openssl req -new -x509 -nodes -out server.crt -keyout server.key
Can't open 'C:\wamp_p\Apache_2.4.34\conf\openssl.cnf' for reading, Invalid argument
1664:error:0200107B:system library:fopen:Unknown error:crypto\bio\bss_file.c:74:fopen(''C:\wamp_p\Apache_2.4.34\conf\openssl.cnf'','rb')
1664:error:2006D002:BIO routines:BIO_new_file:system lib:crypto\bio\bss_file.c:83:
1664:error:0E078002:configuration file routines:def_load:system lib:crypto\conf\conf_def.c:152:
1664:error:0200107B:system library:fopen:Unknown error:crypto\bio\bss_file.c:74:fopen(''C:\wamp_p\Apache_2.4.34\conf\openssl.cnf'','r')
1664:error:2006D002:BIO routines:BIO_new_file:system lib:crypto\bio\bss_file.c:83:
Generating a 2048 bit RSA private key
......+++
..........................................................+++
writing new private key to 'server.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
1664:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto\conf\conf_lib.c:272:

I installed an xampp setup, and take the server.key and server.crt files from it, nad copied to my apache conf/ssl directory and original files are overwritten.

No SSL:Warn record was found after this in the error.log after I started the server.

The PhpMyAdmin still cannot login until i not login with mysql.exe with the test user. I not understand what is the connection between the windows terminal and webbrowser phpmyadmin.

When i successfully logged in with phpmyadmin a take a shot, and saw the ssl is not being used...

Update 2:

I dont think this is an ssl certificate problem. This is a test code step-by-step in console and webbrowser:

----------------- Windows command line ----------------- 
c:\wamp_p\mysql_8.0.12\bin>net stop mysql
The MySQL service is stopping.
The MySQL service was stopped successfully.

----------------- Chrome browser with sqltest.php ----------------- 
Warning: mysqli_connect(): (HY000/2002): No connection could be made because the target machine actively refused it. in C:\wamp_p\htdocs\sql.php on line 3
Error: Unable to connect to MySQL. Debugging errno: 2002 Debugging error: No connection could be made because the target machine actively refused it.

----------------- Windows command line ----------------- 
c:\wamp_p\mysql_8.0.12\bin>net start mysql
The MySQL service is starting.
The MySQL service was started successfully.

----------------- Chrome browser with sqltest.php ----------------- 
Warning: mysqli_connect(): PHP was built without openssl extension, can't send password encrypted in C:\wamp_p\htdocs\sql.php on line 3
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'test'@'localhost' (using password: YES) in C:\wamp_p\htdocs\sql.php on line 3
Error: Unable to connect to MySQL. Debugging errno: 1045 Debugging error: Access denied for user 'test'@'localhost' (using password: YES)

----------------- Windows command line ----------------- 
c:\wamp_p\mysql_8.0.12\bin>mysql -u test -p
Enter password: ****
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.12 MySQL Community Server - GPL

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

----------------- Chrome browser with sqltest.php ----------------- 
Warning: mysqli_connect(): (HY000/1049): Unknown database 'my_db' in C:\wamp_p\htdocs\sql.php on line 3
Error: Unable to connect to MySQL. Debugging errno: 1049 Debugging error: Unknown database 'my_db'

----------------- Windows command line ----------------- 
mysql> quit
Bye

c:\wamp_p\mysql_8.0.12\bin>

----------------- Chrome browser with sqltest.php ----------------- 
Warning: mysqli_connect(): (HY000/1049): Unknown database 'my_db' in C:\wamp_p\htdocs\sql.php on line 3
Error: Unable to connect to MySQL. Debugging errno: 1049 Debugging error: Unknown database 'my_db'

Update 3:

The Mysql server 8 change the authentication method, so making it force fallback to the old password plugin solve the login issue. Make to mysql server installation an my.ini with the following content:

[mysqld]
default_authentication_plugin=mysql_native_password
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongwolu5275
    dongwolu5275 2018-08-29 15:24
    已采纳

    To the first part:

    Openssh.exe found in apache bin directory.

    Server name found in apache/conf/extra/httpd-ahssl.conf file in the virtualserver directive. In my case it is localhost.

    Openssh.cnf is in apache conf directory.

    Generate Key and CRT files and copy these to conf/ssl dir and restart the server.

    openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt -config "C:\wamp_p\Apache_2.4.34\conf\openssl.cnf"
    

    To the second part (for phpmyadmin):

    MySQL Server 8 has a new password authentication plugin by default. To apply the original password plugin create my.ini to the mysql dir root.

    [mysqld]
    default_authentication_plugin=mysql_native_password
    

    If you had already created the users you need to alter it. You can check the Password authentication plugin for user with

    USE MYSQL;
    SELECT user,host,plugin from user;
    

    Bye!

    点赞 评论

相关推荐