Customizing PHP Safe Mode Published: Aug 26, 2004
  • Rating

    5/5

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate. Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate.
Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.

Generating RSA & CSR (Signing Request)

[root@yupapa root]#
[root@yupapa root]# cd /etc/httpd/conf/ssl.key

OPTION 1: Generating a RSA private key without a passphrase (ME recommended)
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -out MYdomain.com.key 1024

OPTION 2: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out MYdomain.com.key 1024

You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase which is a mess!
There is a method that you can disable the passphrase to prompt when you restart apache which I'll show you later~

Next generate the CSR using the RSA Private Key

[root@yupapa /etc/httpd/conf/ssl.csr]# openssl req -new -key MYdomain.com.key -out MYdomain.com.csr
[root@yupapa /etc/httpd/conf/ssl.csr]# mv MYdomain.com.csr ../ssl.csr

You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters '< > ~ ! @ # $ % ^ * / ( ) ?.,&' because they will not be accepted.

Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
Country: the country where your organzation is located (e.g US)

You may be asked for emeow address and challenge challenge password. I just hit enter when I generate the csr~

Now you should have:
/etc/httpd/conf/ssl.key/MYdomain.com.key
/etc/httpd/conf/ssl.csr/MYdomain.com.csr

Make a backup copy of your private key! If you lose it, you have to purchase a new cert!

Now you should submit your csr and they will mail you the certificate.


Installing the Certificate for Apache

[root@yupapa root]# cd /etc/httpd/conf/ssl.crt

Copy the certificate that they mailed you to MYdomain.com.crt
Open your httpd.conf file and place the following to your virtualhost


<VirtualHost 123.456.789.123:443>
... some config like DocumentRoot , etc..
SSLEngine  on
SSLCertificateFile /etc/httpd/conf/ssl.crt/MYdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/MYdomain.com.key
</VirtualHost>

Restart apache
OPTION 1 [root@yupapa /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart


You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@yupapa /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@yupapa /etc/httpd/conf/ssl.key]# mv MYdomain.com.key MYdomain.com.key.has-passphrase
[root@yupapa /etc/httpd/conf/ssl.key]# openssl rsa -in MYdomain.com.key.has-passphrase -out MYdomain.com.key

And then restart apache again
[root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart

Now you should be able to access https://MYdomain.com ~ And Finally make sure those directories and files are only writable and readable by root!

Written by YUPAPA - http://www.yupapa.com

  • Rating

    5/5

Related Articles

Comments (12)

  • Gravatar - MooDa
    MooDa 18:29, January 16, 2006
    now when i activate safe mode some functions do not work successfully in my code like chmode for directory and copy function<br />
    how i can solve these problems?<br />
    answer me on my mail
  • Gravatar - coolkid
    coolkid 15:00, April 13, 2007
    http://www.webhostgear.com/phpinfo.phps<br />
    this link is not working. Plz, change it
  • Gravatar - wt
    wt 10:26, May 24, 2007
    a most-simply-made phpinfo() script could be:<br />
    <?php<br />
    phpinfo();<br />
    ?> <br />
    you can put these lines as phpinfo.php to your server.
  • Gravatar - Sharda
    Sharda 07:59, June 4, 2007
    hello, i want to turn on the register_globals flag in the /usr/local/Zend/etc/php.ini file, but not able to do that.<br />
    <br />
    please guide me.<br />
    <br />
    ur way of describing the process is excellent.
  • Gravatar - ahmad
    ahmad 20:06, August 24, 2007
    hello <br />
    how are you <br />
    >>>>>>>>>>>>>><br />
    i have free account in hyperphp.com and i should turn off php safe mode because i want install flash chat on >>> can i make it off ???<br />
    >>>>>>>>>>>>>>>>>>>>
  • Gravatar - Ahmed
    Ahmed 16:56, February 21, 2008
    I think this is an old article cause I tried it on Apache 2.2 and it doesn't work with me :(<br />
  • Gravatar - Tester
    Tester 16:01, April 3, 2008
    View all script variables may be<br />
    <?php<br />
    echo '<pre>';<br />
    print_r(get_defined_vars());<br />
    echo '</pre>';<br />
    ?>
  • Gravatar - Mick
    Mick 19:02, May 13, 2008
    PHP's safe_mode is a flawed system and will not be availble in PHP6. Secure your code first time, every time. Thats my two cents. Enjoy your false sense of security whilst you can.
  • Gravatar - dee
    dee 15:00, August 22, 2008
    Hi. I have a account with big company that own the server. Is possible to turn the save-mode off for my website? Tried to locate php.ini but couldn't find it.
  • Gravatar - Isaac Flores
    Isaac Flores 22:30, July 26, 2010
    Great post!
    thank you very much :)
  • Gravatar - Nabil L.
    Nabil L. 18:42, March 11, 2011
    Should we (shared host users) wait for PHP6?
    Or move to dedicated host? Still expensive yet...

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com