Change from Regular Http to Https

Ask your questions regarding TimeTrex installation here.
Locked
ks4ec
Posts: 1
Joined: Mon Mar 23, 2009 6:47 am

Change from Regular Http to Https

Post by ks4ec »

Really new to the apache web server.
I am running the latest version of timetrex, I did a basic install, nothing custom.
If I remembet right there was a question about SSL, but just wanting to get the system running quickly so we could test it, I bypassed that step.

My question is that now that we have determined that we are indeed going to use this system, is there an easy way to change to ssl and https so that we can be secure on the Internet, or is it best to reinstall, and if I reinstall do I lose all of the settings I have already entered?

Thanks
Rob
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

It depends on how you installed TimeTrex. Switching to HTTPS is more a matter of getting your web server to work with SSL then anything. Once it does, its simple to have TimeTrex use SSL as well.
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

with ssl cert applied...

Post by marcs »

We are just implementing TimeTrex for the first time. I have a test installation on a WinXP machine, but will be deploying it to probably a Win2008 server.

Once we have purchased and installed the SSL cert in IIS, what, if anything, needs to be done to make TimeTrex work with it?

Thank you for your help!
Marc
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

As long as IIS is setup correctly and the SSL certificate works on the same domain that TimeTrex is accessed with, everything should be fine.
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

SSL in default apache

Post by marcs »

As it turns out, I did the install from the TimeTrex download file so all defaults, including apache2 were installed.

I've purchased the SSL and am now configuring apache2. I want to make sure I have the process correct:

1) Extract the SSL certificate and the intermediate certificate to: c:\timetrex\apache2\conf\timecert (this should be two files)
2) Edit c:\timetrex\apache2\conf\extra\httpd-ssl.conf
3) Locate the following directives. If one or more of them are currently commented out, uncomment them by removing the '#' character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file:
a. SSLCertificateFile c:\timetrex\apache2\conf\timecert\time.domain.com.crt
b. SSLCertificateKeyFile c:\timetrex\apache2\bin\time.domain.com.key
c. SSLCertificateChainFile c:\timetrex\apache2\conf\timecert\gd_bundle.crt
4) Edit c:\timetrex\apache2\conf\httpd.conf
a. Remove comment code (#) from line: #Include conf/extra/httpd-ssl.conf
4) Save your configuration files and restart Apache.


Thank you,
Marc
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

We don't currently support SSL with our automated installer, but that procedure appears correct on the surface.
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

Post by marcs »

I don't know if you can help, but when I remove comment code (#) from line: #Include conf/extra/httpd-ssl.conf and restart apache2, I get error code 1. So something is wrong with the httpd-ssl.conf file

Any thoughts would be appreciated and I'll continue my googling:)

Marc
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

If you try to start Apache manually from a command prompt window it should tell you exactly where the issue is.

Apache also has a switch (-t) that will just check the .conf file for errors, you could try that.
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

Post by marcs »

I get 'Syntax OK'

Trying some other things, but no luck so far..
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Change from Regular Http to Https

Post by shaunw »

Taking a closer look at your issue, did you also uncomment this line in httpd.conf:

Code: Select all

LoadModule ssl_module modules/mod_ssl.so
You should be able to run this command to see any errors:

Code: Select all

"C:\TimeTrex\apache2\bin\httpd.exe"
For example, I intentionally created an error so you could see what it looks like:

Code: Select all

C:\TimeTrex\apache2>"C:\TimeTrex\apache2\bin\httpd.exe"
Syntax error on line 107 of C:/TimeTrex/apache2/conf/extra/httpd-ssl.conf:
SSLCertificateKeyFile: file 'C:/TimeTrex/apache2/conf/server.key' does not exist
 or is empty
Here is a link to a new FAQ entry on getting TimeTrex to use a self-signed SSL certificate:
http://www.timetrex.com/wiki/index.php/ ... ificate.3F
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

Re: Change from Regular Http to Https

Post by marcs »

I don't know what I'm missing, maybe something went wrong with the initial install.

Yes, both needed ssl lines in httpd.conf were uncommented.

When I run httpd.exe, with the httpd-ssl.conf line commented out, I get an error stating "This application has failed to start because libmcrypt.dll was not found. Re-installing the application may fix this problem.", but it is there in the c:\timetrex\php folder.

When I run httpd.exe, with the httpd-ssl.conf line uncommented, I get nothing but a new c:\ prompt. But nothing appears to be loaded.

We have already started using the system internally and created policies.

Should I try running the installer again?

Marc

PS: If I try to start the service with the httpd-ssl.conf line commented out, it starts. With it uncommented, I'm still getting the server specific error 1.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Change from Regular Http to Https

Post by shaunw »

That libmcrypt.dll error is pretty suspect... Do you, or did you have at one time more than one version of Apache/TimeTrex installed? I wonder if there is some sort of conflict going on that is causing it to not find the correct files.

If you have another computer you could try doing a fresh install of TimeTrex on, and following the FAQ entry for creating a self-signed certificate to see if that works for you first.

The problem with these modifications is that if you reinstall TimeTrex or upgrade to the latest version, you will need to make most of the changes again, because the installer has no knowledge of files that you may have modified and it will overwrite them or get rid of them completely. Assuming you have all the proper backups, you could try reinstalling TimeTrex overtop of your existing instance, under normal circumstances that won't hurt anything.
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

Re: Change from Regular Http to Https

Post by marcs »

This was a clean server (win2008) install and the only thing installed on it is timetrex. Never had anything else.

I am not too worried about losing the conf file configurations as the only changes have been for ssl and that is not working.

I guess I will make a full backup and try running the install again...

tnx.
Marc
marcs
Posts: 35
Joined: Tue Oct 27, 2009 12:30 pm

Re: Change from Regular Http to Https

Post by marcs »

I've been working on this on and off for a while now.
I upgraded to 3.0.2 yesterday.

I was able to narrow the problem down to the "SSLEngine on" line. If I comment this out in the httpd-ssl.conf, the apache service starts, but obviously without ssl service.

If anyone has any suggestions, I would really appreciate it. I only have another week to get this up and running:(

Details:
- Win2008 (brand new install, only Timetrex has been installed on it.)
- Default Timetrex install (apache & postgresql)
- locally it works fine for non-ssl (http://time:8085)
- Error attached is what I get when trying to start apache service with:
-- mod-ssl.so un-commented
-- include httpd-ssl.conf un-commented


Thank you,
Marc
Attachments
apacheerror.jpg
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Change from Regular Http to Https

Post by shaunw »

If you are under tight time constraints I recommend purchasing an extended support package from us so one of our support reps can connect to your computer and resolve the issue.

The error message you posted when you run httpd.exe is either not the exact error message, or it is extremely uncommon, as Google only found 1 other result for it.

There isn't a whole lot to go on here.
Locked