Tag: ssl – ServerOK

Redirect a site to HTTPS using PHP

July 18, 2019

by ServerOk with No Comment Programming

This PHP script will redirect web site visitor to HTTPS (SSL) url. You can add this in your index.php of the web site

if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) {
    header("HTTP/1.1 301 Moved Permanently");
    $newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    Header("Location: $newUrl");
    exit;
}

if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) {

header("HTTP/1.1 301 Moved Permanently");

$newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

Header("Location: $newUrl");

exit;

}

Move a site to new URL using PHP

$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI'];
header("HTTP/1.1 301 Moved Permanently");
Header("Location: $newUrl");
exit;

$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI'];

header("HTTP/1.1 301 Moved Permanently");

Header("Location: $newUrl");

exit;

You can also use Apache mod_rewrite .htacess to do the redirection.

IIS redirect site to HTTPS

July 8, 2019

by ServerOk with No Comment Windows

To force a site to always use HTTPS, add following content to web.config file.

                <rule name="HTTPSOK" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
                </rule>

</conditions>

</rule>

Here is full web.config file for a web site that use WordPress and Force SSL

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers>
            <remove name="PHP_via_FastCGI" />
            <add name="PHP_via_FastCGI" path="*.php" verb="GET,HEAD,POST" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.3\php-cgi.exe" resourceType="Either" requireAccess="Script" />
        </handlers>
		<rewrite>
		<rules>
 
		<rule name="SEO friendly URL " patternSyntax="Wildcard">
		<match url="*" />
		<conditions>
		<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
		<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
		</conditions>
		<action type="Rewrite" url="index.php" />
		</rule>
                <rule name="HTTPSOK" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
                </rule></rules>
		</rewrite>
    </system.webServer>
</configuration>

<?xml version="1.0" encoding="UTF-8"?>

<system.webServer>

</handlers>

<rules>

</conditions>

</rule>

</conditions>

</rule></rules>

</rewrite>

</system.webServer>

</configuration>

Remove SSL private key password

July 4, 2019

by ServerOk with No Comment SSL

To remove password from SSL private key, run

openssl rsa -in  PASSWORD_PROTECTED.key -out  NO_PASSWORD.key

1	openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key

This will ask for password. Once you enter password, key get saved with out password.

Convert SSL certificate into PFX format

May 20, 2019

by ServerOk with No Comment SSL

To convert SSL certficiate into PFX format, run

openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt

1	openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt

Example for SSL from namecheap/ssls

openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle

1	openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle

Purchase SSL

March 22, 2019

by ServerOk with No Comment SSL

Here are some cheap SSL providers

See SSL

ssl checker

March 22, 2019

by ServerOk with No Comment Security

Here is few web sites where you can check your SSL certificate is installed properly.

See SSL

Enable SSL in Magento 1.9

December 15, 2018

by ServerOk with No Comment Magento

To enable SSL in Magento, go to System > Configuration

Magento 1.9 SSL

Click on “Web” link on left menu.

Magento Configuration

On this page, set Auto-redirect to Base URL to No.

Magento Auto-redirect to Base URL

Under “Unsecure” option, change the URL to use HTTPS.

Magento HTTPS

Under “Secure” option, set “https” for Base URL. Set “Yes” for both “Use Secure URLs in Frontend” and “Use Secure URLs in Admin”.

Magento enable SSL

If your Home page is linking to non HTTPS link, this is because Default page is set to CMS page, you need to edit and replace content of CMS page to use HTTPS links under Magento Admin > CMS > Pages.

Convert PFX SSL Certificate

December 14, 2018

by ServerOk with No Comment Linux

Mcrosoft Azure App Certificate is used to secure Azure App Services, now they allow export of this SSL certificate in PFX format, so it can be used in other services like Azure VM or third party applications. You need to use a powershell script provided by Microsoft to do the Export.

To use the SSL certficiate in FPX format in Apache or Nginx web server, you need to convert it.

To do this, run

openssl pkcs12 -in ssl.pfx  -nocerts -out key.pem

1	openssl pkcs12 -in ssl.pfx -nocerts -out key.pem

It will ask for Import password. If you enter a password during pfx file creation, enter it. If not just press enter.

Next it ask for PEM password, enter a password, with out password, it won’t work.

We have key.pem, that is password protected, we need to remove key file with out password, for this, run

openssl rsa -in key.pem -out key-no-pw.key

1	openssl rsa -in key.pem -out key-no-pw.key

To export certificate file from PFX file, run

openssl pkcs12 -in ssl.pfx -clcerts -nokeys -out cert.pem

1	openssl pkcs12 -in ssl.pfx -clcerts -nokeys -out cert.pem

Convert SSL certificate into PFX format

Install SSL Certificate in Virtualmin

December 12, 2018

by ServerOk with No Comment Linux

To install SSL certificate in Virtualmin, select the domain from drop down list of Virtualmin.

On left Menu, go to Server Configuration > SSL Certificate

If you want to install Free LetsEncypt SSL, click on “Let’s Encrypt” link on top. On next page

Click on “Request Certificate”.

Generate CSR using OpenSSL

January 25, 2018

by ServerOk with No Comment Linux

Info needed for Certificate Signing Request (CSR) generation

Country Name (2 letter code): 
State or Province Name:
Locality Name (eg, city):
Organization Name (eg, company):
Email Address:

Country Name (2 letter code):

State or Province Name:

Locality Name (eg, city):

Organization Name (eg, company):

Email Address:

Generate CSR

openssl req -new -newkey rsa:2048 -nodes -keyout DOMAIN.key -out DOMAIN.csr

1	openssl req -new -newkey rsa:2048 -nodes -keyout DOMAIN.key -out DOMAIN.csr

Here is oneliner

openssl req -new -newkey rsa:2048 -nodes -out DOMAIN.csr -keyout DOMAIN.key -subj "/C=COUNTRY-CODE-HERE-2-LETTER/ST=STATE-HERE/L=CITY-HERE/O=BUSINESS-NAME-HERE/OU=Retail/CN=DOMAIN"

1	openssl req -new -newkey rsa:2048 -nodes -out DOMAIN.csr -keyout DOMAIN.key -subj "/C=COUNTRY-CODE-HERE-2-LETTER/ST=STATE-HERE/L=CITY-HERE/O=BUSINESS-NAME-HERE/OU=Retail/CN=DOMAIN"

To generate SSL for multi domain (SAN), just enter domains separated by space. If normal SSL, just enter domain with out www.

For wildy card use *.domain.com

Example

$ openssl req -new -newkey rsa:2048 -nodes -out webhostingneeds.com.csr -keyout webhostingneeds.com.key -subj "/C=IN/ST=Kerala/L=Kochi/O=WebHostingNeeds.com/OU=Retail/CN=webhostingneeds.com"
Generating a 2048 bit RSA private key
.+++
.....................+++
writing new private key to 'webhostingneeds.com.key'
-----
$

$ openssl req -new -newkey rsa:2048 -nodes -out webhostingneeds.com.csr -keyout webhostingneeds.com.key -subj "/C=IN/ST=Kerala/L=Kochi/O=WebHostingNeeds.com/OU=Retail/CN=webhostingneeds.com"

Generating a 2048 bit RSA private key

.+++

.....................+++

writing new private key to 'webhostingneeds.com.key'

-----

OpenSSL CSR Wizard

https://www.digicert.com/easy-csr/openssl.htm

View CSR Details

openssl req -in DOMAIN.csr -noout -text

1	openssl req -in DOMAIN.csr -noout -text

Or use online tools like

https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp