Friday, July 27, 2012

Setting up HTTPS support for WAMP

If you use WAMP to get local PHP server, you might run into issues to set up the HTTPS. The following step-by-step tutorial indeed helped me, and I think it would be useful to re-post it.
Recently I had to run a website with several https links under local server for testing and I had to configure the Open SSL server that comes with WAMP server. I'm sure it would be helpful for you as well.

  1. First thing first, we need to create that self-signed SSL certificate, so go to DOS command prompt (Start menu -> Run -> cmd).
  2. ext, we need to navigate to the directory that contains the openssl executive file which is located in folder C:\wamp\bin\apache\apache2.2.11\bin by default. In order to go there, we need to type the command as follows.
    Code: Select all
    cd\wamp\bin\apache\apache2.2.11\bin

  3. After press Enter, your prompt should change as follows
    Code: Select all
    c:\wamp\bin\apache\apache2.2.11\bin>

    From there, we begin to create the self-signed SSL certificate and the first command you have to type is as follows.
    Code: Select all
    openssl genrsa -aes256 -out pass.key 2048
  4. After press Enter and wait a little while, it should ask you for a pass phrase. Just type in anything but make sure you have to remember that for later use. Of course, it will ask you to verify the pass phrase.
    You may type test123 for testing.
  5. Now, we will create the key for our server. In this tutor guide for HTTPS SSL on WAMP, we will use our domain ExpertCore, but you should use your domain or design name instead.
    Code: Select all
    openssl rsa -in pass.key -out expertcore.key

  6. Next, it will ask you to enter the pass phrase that you have created before. Wait a little while for it to write the key for your server.
  7. Now is the time to type in the command to create our self-signed SSL certificate; since this command is quite long, you will see it takes more than one line, so make sure not to press the Enter key until you finish the whole command.
    Code: Select all
    openssl req -new -x509 -nodes -sha1 -key expertcore.key -out expertcore.crt -days 999 -config C:\wamp\bin\apache\apache2.2.11\conf\openssl.cnf

  8. After press Enter, it will ask you to input 2 letters that presents your country. You can enter LK, US, IN, JP, etc... that represents your country. Next you have to input your State or Province, City, Organization Name, Organization Unit Name, Common Name and Email address.
  9. Guess what, you just got yourself a self-signed SSL certificate. Now, open folder c:\wamp\bin\apache\apache2.2.11\conf and create a new folder "ssl" (without quotes).
  10. Then, from folder c:\wamp\bin\apache\apache2.2.11\bin, copy 2 files key and crt to ssl folder.
  11. Create another folder named as "logs" inside c:\wamp\bin\apache\apache2.2.11\conf\ssl. We save all HTTPS transaction and error logs in this folder.
  12. After that, go to folder c:\wamp\bin\apache\apache2.2.11\conf\extra to open file httpd-ssl.conf.
  13. Find this line:
    Code: Select all
    SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"


    Replace with:
    Code: Select all
    SSLSessionCache "shmcb:C:/wamp/bin/Apache/apache2.2.11/conf/ssl/logs/ssl_scache(512000)"

  14. Next find this line:
    Code: Select all
    SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"


    Remember to substitute expertcore with your domain to replace with:
    Code: Select all
    SSLCertificateFile "C:/wamp/bin/Apache/apache2.2.11/conf/ssl/expertcore.crt"

  15. Then find:
    Code: Select all
    SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"


    Again, substitute expertcore with your domain to replace:
    Code: Select all
    SSLCertificateKeyFile "C:/wamp/bin/Apache/apache2.2.11/conf/ssl/expertcore.key"

  16. Then find:
    Code: Select all
    SSLMutex "file:C:/Program Files/Apache Software Foundation/Apache2.2/conf/ssl/logs/ssl_mutex"


    Replace with:
    Code: Select all
    SSLMutex default

  17. In Virtual Host, find these lines: (ssl34.jpg).
    Code: Select all
    # General setup for the virtual host
    DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
    ServerName localhost:443
    ServerAdmin admin@localhost
    ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log"
    TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log"


    HTTPS SSL is the secure transaction which is good for sensitive informations such as Credit card numbers, membership accounts... however, it might slow down your server performances if everything go through it; thus, we suggest that you only set it to the specific directory that you want to use for SSL, and in this example, we use folder ssl:
    Code: Select all
    # General setup for the virtual host
    DocumentRoot "C:/wamp/www/ssl"
    ServerName expertcore:443
    ServerAdmin admin@localhost
    ErrorLog "C:/wamp/bin/Apache/apache2.2.11/conf/ssl/logs/ssl_error.log"
    TransferLog "C:/wamp/bin/Apache/apache2.2.11/conf/ssl/logs/ssl_access.log"

  18. Then find:
    Code: Select all
    <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>


    Modify to become as below:
    Code: Select all
    <Directory "C:/wamp/www/ssl">
    SSLOptions +StdEnvVars
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
    </Directory>

  19. Then find:
    Code: Select all
    CustomLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log" \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


    And change it as below:
    Code: Select all
    CustomLog "C:/wamp/logs/ssl_request.log" \
        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  20. Next, open file httpd.conf in folder c:\wamp\bin\apache\apache2.2.11\conf and find these lines:

    Code: Select all
    # Secure (SSL/TLS) connections
    #Include conf/extra/httpd-ssl.conf


    Uncomment the second line, and make sure there is no blank space in front of second line and in the end of first line or your wamp will not run:

    Code: Select all
    # Secure (SSL/TLS) connections
    Include conf/extra/httpd-ssl.conf

  21. After save and close all files, left click on WAMP tray icon and navigate to Apache modules and scroll down until you get ssl_module; then, left click on it to enable SSL on WAMP.
  22. Next, navigate to PHP extensions and scroll down until you get php_openssl; then, left click on it to enable open_ssl on WAMP.
  23. Left click on the WAMP tray icon and click on Restart all services.
  24. After that, open folder C:\wamp\bin\apache\apache2.2.11\bin and copy 2 files libeay32.dll and ssleay32.dll and paste them in folder C:\Windows\System32.
  25. Now is the time to test our HTTPS SSL on WAMP, so open your desire text editor and create a simple webpage index.html which is then saved in folder C:\wamp\www\ssl as follows:
    Code: Select all
    <html>
    <
    body>
    <
    font size="5" color="red">test SSL successful</font>
    </
    body>
    </
    html>

  26. Now is the time to run the created test file; open your desire browser and input the address bar as below, remember to replace expertcore with your domain or design name:
    Code: Select all
    https://expertcore....

  27. Oops, error... If using Firefox, you can left click on the line "Or you can add an exception...". Again, left click on the button "Add Exception".
  28. On the popup windows, left click on the button "Get Certificate".
  29. You have to left click on the button "Confirm Security Exception".
  30. The moment of success that show up the red line in your browser.
    SSL successful

This is not my work, this is re-post of user named Saman in ExpertCore.org forum (Source)

Sunday, July 22, 2012

jQuery 2.0, planned for early 2013, will drop the support for IE6-7-8

Sky High Code: jQuery 2.0 ends WinXP support - Good.

Interesting article, interesting news from jQuery! It is seriously great step for jQuery to stop the support of IE8,7,6, depicting overall programmers opinion about these versions.

As what jQuery officials have explained on (source), all those hooks used to fix oldIE compatibility issues made the jQuery run slower for modern browsers. Minding the percentage of IE6-7-8 users, this is a logical step forward. Luckily, starting from early 2013, when this change is planned, would mean adding a simple condition checking whether browser is IE8- and loading jQuery1.9, and otherwise loading jQuery2.0.
I could imagine a issues that people using CDN and latest jQuery versions would come up with, if they forget to make the correct condition switch.

However,
1) If my clients aren't willing to stay current, then it's time for me to find new clients

I dont think everyone can change their clients like that. Even suggesting to switch to IE9 might cause performance problems as the computers they own are usually from pre-historic times and it was probably already heavy workload to start those IE6-7-8. As long as there is some decent percentage of clients using IE6-7-8, the most companies would prefer to support them. However, as it seems here, APIs are the same, so there would not be bigger development issues right now. But will it stay also in future, with newer versions of jQuery? Would they at some point start to use different APIs as well, causing a need for addition development for oldIE browsers, just to make them compatible? This should mainly be the concern of company's management to decide whether the cost of additional and in most of the cases rather expensive development, or simply take up the risk and advise clients to modernize a bit.