How to generate Certificate Signing Request (CSR) file with Apache OpenSSL

When it comes to use SSL over apache, OpenSSL is there for us to do everything we want. XAMPP andWAMP both comes with OpenSSL compiled version of Apache, so it becomes quite handy to use it. But how to get SSL certificate for your website?For getting SSL certificate you need to ask your hosting company if you are running on shared server and don't have access to apache installation directory and config files. Most of the hosting companies will do this for you with some amount of fee. Fee/cost depends on the kind of certificate you are requesting and for the period of time. For example www.domain.com certificates will be quite cheaper then *.domain.com.

Now if you are running and managing your own webserver and you have to get certificate(s) for your company/client or your own website then first requirement is to generate "Certificate Signing Request" - CSR file, which you need to send to Certificate Authority to sign and give back to you as CRT file. This tutorial is not meant for Apache expert but for those who have not much experience SSL and Apache stuff.

Generation of CSR files with Apache on OpenSSL is quite simple and it is matter of typing few commands and we are done. You need to follow similar commands on OpenSSL prompt whether you are running Apache over Windows or Linux. Here is the routine which we need to follow to get our .CSR file ready.

If you have your Apache setup ready with OpenSSL then goto BIN directory under your Apache's installation directory. If you are on Windows machine then it could be under D:\Program Files\Apache\bin and if it is Linux you know better where to find it. Open Command Prompt and goto Apache's BIN directory and then type "openssl" over there. You will get OpenSSL prompt immediately. You may need not to goto Apache/Bin directory if that path is set in your system variables, you can just type openssl and you will get the prompt like below.


Now, first of all we need to generate RSA Private key for our server. This key will be Triple-DES encrypted and PEM formatted. Type in following command to get encrypted private key on OpenSSL prompt.
OpenSSL> genrsa -des3 -out digitss.key 1024
You can keep it my_server.key or something like that. Once you type in above command it will ask for pass-phrase, please keep a note of that pass-phrase at some secure place. Also, take backup of your private key file at some secure place. Here is the screen-shot(s) visualizing above command over windows command-line.

If you will try to see contents of that file it would look something similar to what I have got here.


To see something which is more readable type in following line and it will ask you pass-phrase which you previously specified.
OpenSSL> rsa -noout -text -in digitss.key
Enter pass phrase for digitss.key:
Private-Key: (1024 bit)
modulus:
00:c6:54:39:f5:c5:ae:5a:ef:f5:53:9c:13:c9:86:
27:c5:19:9f:25:ab:a5:96:5a:2e:f3:c0:5b:b0:c5:
02:a6:e0:53:a8:fa:34:e1:8f:55:b4:ee:57:e3:54:
65:70:6a:f0:0c:4d:b1:ed:9f:31:38:51:3c:e1:99:
fe:82:6c:0d:3d:a5:d3:6e:01:8c:89:cc:f1:97:c0:
95:0e:80:1a:c7:0a:ac:56:15:27:cd:08:32:e0:2c:
39:00:77:2f:d1:83:4f:2e:ff:ea:50:fb:26:6c:fd:
dd:ea:38:3b:ec:c0:f7:d3:c6:c2:23:20:12:40:bf:
1b:94:59:d8:d6:34:8d:7c:dd
publicExponent: 65537 (0x10001)
privateExponent:
23:5b:b8:c9:9c:68:ad:45:c2:93:19:6c:5d:ad:51:
31:ce:83:95:0f:b9:01:c9:2a:3d:c2:b9:96:16:49:
96:be:bf:ab:8c:90:08:f6:a8:ed:0c:e1:16:62:61:
83:5d:4d:56:a4:33:68:8d:cd:14:a1:47:1d:61:7b:
02:7d:89:0e:77:f9:0b:b9:89:02:a5:e1:0a:ba:66:
f2:25:dc:06:7e:74:b2:c7:6a:be:1a:e1:6f:fb:b7:
e2:2d:b5:f2:ca:a8:ec:27:9e:81:25:7e:8a:2d:6c:
94:6f:f5:ca:f3:4e:bc:3d:1e:e9:5d:74:47:59:8c:
f7:29:d8:8e:9c:d2:e0:01
prime1:
00:f4:85:25:2e:6c:02:79:02:58:c9:ec:29:a8:11:
33:9e:db:bf:84:0a:a2:87:f9:2b:82:f5:a0:04:59:
69:bb:f7:d3:6a:d8:ee:6d:74:0e:bb:62:01:8e:bf:
5f:85:d8:3d:de:e9:12:86:c9:20:de:7c:cf:4c:f2:
6a:1b:40:e2:01
prime2:
00:cf:a3:ea:a4:39:10:6c:4e:3c:58:b1:8e:f0:17:
33:ea:1f:9d:0c:be:0a:bd:3b:d5:80:76:70:e3:e4:
54:4f:1a:8f:8a:ab:00:d5:64:e6:8a:e7:24:12:2b:
3e:97:b9:24:96:b5:f4:31:eb:ae:6d:fa:83:b2:32:
92:8b:06:62:dd
exponent1:
00:b4:40:d2:bf:fd:ef:74:b5:3e:2e:dc:61:78:fc:
34:77:9f:16:f7:87:bf:78:ed:3e:1e:34:63:d9:d0:
f0:19:19:00:49:6b:d1:97:ee:4e:4d:e4:59:b1:99:
72:19:80:e7:5b:44:05:dc:46:b8:6c:4b:25:a6:5b:
ad:cc:99:70:01
exponent2:
00:b8:a7:83:41:ec:65:88:8b:c2:ea:f5:6c:b2:63:
33:98:9f:e8:a0:ae:59:0a:94:ad:78:02:dc:be:2e:
3e:34:12:e0:d8:66:de:e4:e7:48:86:fa:ab:7f:64:
e9:d3:30:19:33:d6:38:86:34:9b:f8:be:32:64:44:
c9:41:cd:ba:19
coefficient:
7c:9a:fa:80:72:8a:74:11:7b:f0:32:d0:e4:b3:44:
cd:d4:2c:4e:6b:37:38:68:9a:6e:cd:ae:f0:9f:54:
31:a5:f6:f7:c8:16:f3:1a:4a:5c:d3:6b:60:a1:7d:
f5:a2:6c:b2:ab:12:1d:1c:5c:dd:63:57:d5:c0:be:
a3:d1:37:67
OpenSSL>
Although it is hardly readable but makes more sense then previous screenshot.

Later on we need to specify path of this file in our httpd-ssl.conf when we get CRT file signed by Authority and we are setting up SSL over our webserver. It is required to have unsecured version of this file as with Windows Apache + OpenSSL setup it's not possible to specify "pass-phrase" (which we have given earlier) and it will give some weired error while setting up SSL and apache will refuse to start and generate errors in log for that.
So to get Unsecured version of this file type following command:
OpenSSL> rsa -in digitss.key -out unsecured.digitss.key
Enter pass phrase for digitss.key:
writing RSA key
OpenSSL>
Here, digitss.key is the file which we have previously generated and it is encrypted (3-DES), and -out file is the one which will be generated based on our request in non-encrypted form. During this process it will ask for pass-phrase as usual.

Now let's move to final step which is generation of CSR file using RSA private key. Following command will generate Certificate Signing Request file for us which will be PEM formatted. Key in following command:
OpenSSL> req -new -key digitss.key -out digitss.csr
If you are running over Windows then probably you will get error which I have faced during this. It would be something similar to following:
OpenSSL> req -new -key digitss.key -out digitss.csr
Unable to load config info from /usr/local/ssl/openssl.cnf
In that case we need to specify one more parameter in this command and we are done.
OpenSSL> req -new -key digitss.key -out digitss.csr -config openssl.cnf
Here, in this command we are making request for generation of CSR file with our private key generated previously and here we have specified configuration file as "openssl.cnf" as one more parameter. If this file doesn't exist in apache/bin directory then either move it there or specify full path. After keying in above command it will prompt you with few parameters/questions and that's it we are done.
Here is the list of question you need to answer as in you type above command to generate CSR file. Provided for your reference just as an example.
OpenSSL> req -new -key digitss.key -out digitss.csr -config openssl.cnf
Enter pass phrase for digitss.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Newyork
Locality Name (eg, city) []:Bellrose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DiGiTSS Inc
Organizational Unit Name (eg, section) []:DiGiTSS
Common Name (eg, YOUR name) []:www.digitss.com
Email Address []:dharmavir@digitss.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:blogs@DiGiTSS
OpenSSL>

We are almost done, now we need to send this generated CSR file to a Certifying Authority (CA) for signing, they will send back us Real Certificate CRT file with the help of which we can setup SSL over our webserver running Apache and OpenSSL. We can either send it to Verisign, Thawte Consulting, CertiSign Certificadora Digital Ltd or GoDaddy.

Please note that I have used all commands on Linux server as well and they will work same as they they work on Windows.

For more advance options or more help you can refer to www.modssl.org's FAQ section.
Have your comments on this post.

source
http://blogs.digitss.com/apache/how-to-generate-certificate-signing-request-csr-file-with-apache-openssl/

How to Install your SSL certificate on Apache

Posted by shaakunthala on Fri, 02/20/2009 - 08:26

In my previous blog post I have described how to make your own SSL certificates using OpenSSL. Now here I'm going to describe how to install SSL certificates on Apache. ("Install SSL certificates on Apache" stated here actually means copying the files somewhere and configuring Apache to make use of them)

Before giong into the 'How to', let me explain how does it work. The two application layer protocols HTTP and HTTPS work on two separate ports; they do not (actually can not) use the same port. The default port for HTTP is port 80 and for HTTPS it is port 443. What we need to do is configure Apache to keep the port 443 open and to use the certificate we have just made. What we need are a text editor, RSA key file (localhost.key from my example) which we have made, and the corresponding certificate file (localhost.crt in my example).

The main configuration settings of Apache HTTP server are stored in a text file named httpd.conf. One good habit is to create a backup before you edit any configuration file, so if you have done any mistake you can easily restore the original configuration. So make a copy of the file somewhere else and open the original using your preferred text editor for editing.

Note:

• In XAMPP for Linux, this file can be found at $PROGRAM_INSTALLATION_DIR/lampp/etc/httpd.conf
• In Apache for Windows, this file can be found at $PROGRAM_INSTALLATION_DIR\xampp\apache\conf\httpd.conf
• If you can not find this file, use your operating system's file search utility to locate the file.

Now continue with these easy and simple steps.

1. Find out where the configuration is located
2. Enable SSL bylocating the .key and .crt files
3. Restart Apache

Find out where the configuration is located
Before enabling SSL, click here to check whether SSL is already enabled. If you get the "Server not found!" error, then SSL is not enabled. Otherwise you can skip this step.

In httpd.conf, search for the following line with your text editor's search capability. (_default_ should be your hostname unless you have specified one before)



If it cannot be found, search for something that looks like the following two lines. (The second line contains what we need). If it can be found, go to the next step.

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

If it cannot be found, then go to the next step. If it can be found, open the file specified at 'Include', with your text editor. In this case it is conf/extra/httpd-ssl.conf . There should be the virtualhost we are looking for.

Enable SSL bylocating the .key and .crt files
First copy the two files localhost.crt and localhost.key into conf/ssl.crt/ .

If you were not able to find the tag somewhere as specified in the previous step, create the tag as given in the following code snippet inside httpd.conf . (paths are relational to the apache directory)


SSLEngine on
SSLCertificateFile conf/ssl.crt/localhost.crt
SSLCertificateKeyFile conf/ssl.key/localhost.key

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



If you were able to find the tag somewhere (whether inside httpd.conf or httpd-ssl.conf), insert the above code (except the first and last lines) inside the tag. Make sure that you did not put any duplicate code. Also, of there are any duplicate SSLCertificateFile or SSLCertificateKeyFile attributes, comment them out by adding # symbol before each duplicate attribute line.

Save and close the file after you have finished editing.

Restart Apache
Now, the final step is to restart Apache. The most simple way is, go to XAMPP Control Panel (it is available on both Linux and Windows), and then Stop it and then Start. If you have done everything correctly, Apache should successfully restart and you should be able to visit this page.

Viola! You have done it!! If you need further clarifications or if you have any questions regarding this article, please leave a comment below.

Thank you for reading!

source
http://www.ucsclodge.lk/content/how-install-your-ssl-certificate-apache

how to convert month from string to integer or opposite

smoetimes i need to print out the month in integer value like (1,2,3,4,5,6,7,8,9,10,11,12) or print out it in string value like April , March ,.... etc . i made class convert_month to convert any month in integer to string value or any month string value to integer see my example below :

make month_convert.php page and copy the code below inside it then save the page

class convert_month {

/*author engineer sherif sakr ,

//email :xxsherif82@yahoo.com

//http://sherif-sakr.blogspot.com/

*/

//data members

private $msg ;

private $month;

private $type ;

private $montharray=array(1=>'January',2=>'February',3=>'March',

4=>'April',5=>'May',6=>'June',

7=>'July',8=>'August',9=>'September',

10=>'October',11=>'November',12=>'December');

//constructor function

public function __construct($month_from_user) {

//intiate month value

$this->month=$month_from_user;

// check month value type if integer or sting

$type= $this->get_variable_type() ;

// *******convert the value type to its oppsite ************//

if($type=="integer") $this->month=$this->convert_to_string() ;

else if($type=="string") $this->month=$this->convert_to_integer() ;

//if value type not supported get the error message

else return $this->msg ;

}

//********************* get method *************//

public function get_month() {

if($this->month==''){

return $this->error_msg();

}

else return $this->month ;

}

//************get variable type method ***********//

private function get_variable_type() {

$this->type=gettype($this->month) ;

return $this->type ;

}

//********convert variable type to integer method *********//

private function convert_to_integer() {

foreach ($this->montharray as $key=> $value ) {

if( $this->month==$value )

{

return $this->month=$key ;

break ;

}

}

}

//******convert variable type to string method **************//

private function convert_to_string() {

foreach ($this->montharray as $key=> $value ) {

if( $this->month==$key )

{

return $this->month=$value ;

break ;

}

}

}

//**************error method *****************//

public function error_msg() {

return $this->msg="sorry data type not supported !!! ";

}

}

?>

make test.php page and put the code below and save the page then run test.php

require "month_convert.php" ;

$month =4 ; // or put $month = 'april ' as string

$month= new convert_month($month);

$monthx=$month->get_month() ;

echo $monthx ; // will print April

?>

that was just example of using OOP but we can do the same using small function
put the code below in the page test2.php and run it

//get_month function
function get_month($month) {

//check case sensitive letter if type is string
if(gettype($month=='string')){
//convert to lower string
$month=strtolower($month);
//UPERCASE FIRST LETER ONLY
$month=ucfirst($month);
}


$montharray=array(1=>'January',2=>'February',3=>'March',
4=>'April',5=>'May',6=>'June',
7=>'July',8=>'August',9=>'September',
10=>'October',11=>'November',12=>'December');

/*check month
//in_arry($month,array) function searches an array for a specific value,
// This function returns TRUE if the value is found in the array, or FALSE otherwise.
//The array_key_exists($month,array) function checks an array for a specified key,
// and returns true if the key exists and false is the key does not exist. */

if(in_array($month,$montharray)==true || array_key_exists($month,$montharray)){
foreach ($montharray as $key=> $value ) {
if( $month==$value )
{
// return month back in integer value
return $month=$key ;
break ;

}

else if ( $month==$key )

{
// return month back in string value
return $month=$value ;
break ;

}
} // end forech

}
// return month back as messaage error with out
else return $month="not supported data" ;


} // end function

//test month
$month=3 ;

$month=get_month($month);

echo $month ; // print out March

?>

Make a Dierctory Items with PHP

learn how to make directory items using object oriented programming (OOP)

first make directory" images" than make page "DirectoryItems.php" and copy the class below then save it but all in the same folder
class DirectoryItems {

/*author engineer sherif sakr ,
//email :xxsherif82@yahoo.com
//http://sherif-sakr.blogspot.com/
*/

//data members
private $dicrectory ;
private $replacechar ;
private $filearray=array();

//////////////////////////////////////////////////////////////////
//constructor
/////////////////////////////////////////////////////////////////
public function __construct($directory, $replacechar = "_"){
$this->directory = $directory;
$this->replacechar = $replacechar;
$d = "";

if(is_dir($directory)){
$d = opendir($directory) or die("Failed to open directory.");
while(false !== ($f = readdir($d))){
if(is_file("$directory/$f")){
$title = $this->createTitle($f);
$this->filearray[$f] = $title;
}
}
closedir($d);
}else{ //error die("Must pass in a directory.");
}
}


//////////////// public function

getCount(){
return count($this->filearray);
}
/////// public function

getFileArray(){
return $this->filearray;
}

///////////////////////////////

//private functions///////////////////////////////////////////////////////////////// private function createTitle($title){ //strip extension $title = substr($title, 0, strrpos($title, ".")); //replace word separator $title = str_replace($this->replacechar, " ", $title); return $title; }



/////////////////eliminate all elements from array except images ///////////////////

public function imagesOnly(){
$extension = "";
$types = array("jpg", "jpeg", "gif", "png");
foreach ($this->filearray as $key => $value){
$extension = substr($key,(strpos($key, ".")+1));
$extension = strtolower($extension);
if(!in_array($extension, $types)){
unset($this->filearray[$key]);
}
}
}

}//end class



make page test.php and put the code below then save and run it
imagesOnly();//get portion of array
$filearray = $di->getFileArray();
$count=$di->getCount();
echo 'images count ' .$count ;
$imag_counter=0 ; //instant count per line
$imag_perline=5; // max image number per line

foreach ($filearray as $key => $value){
$imag_counter=$imag_counter+1;
$imag_path='images/'.$key;
echo 'ima tag with path';
if ($imag_counter==5) {$imag_counter=0 ; echo ' break tage here';}

}