Categories
Windows

How to install a Let’s Encrypt Certificate supports SAN to Apache on Windows.

同一記事の日本語版
Update information      Edit(Apr.11)    Edit2(Jun.23)    Edit3(Oct.13)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former Letsencrypt.sh) to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
========================================================
【2016.7.19 update】
   At this time, the script letsencrypt-win-simple doesn’t support the renewal of certificates on Apache Windows version, and the official client, that’s certbot, also doesn’t support Apache on Windows OS. So, I think I use the other script named letsencrypt.sh.☞‘Letsencrypt.sh on Windows-#1’
========================================================
   The day before yesterday I wrote this. At the point I got a certificate only for o6asan.com from Let’s Encrypt.

   The things among my server environment relate to the work is given below.

  1. Windows7 HE SP1 (x86)
  2. Apache2.4.x with VC14
Categories
Windows

I installed a Certificate of Let’s Encrypt on Windows.

同一記事の日本語版
Update information      Edit(Mar.14)

New_Cert   I installed a Certificate of Let’s Encrypt because of くりくりさん’s comments and it was successful. But I’ve not understood very well, yet. How can I renew the certificate? What procedures do I need to have SAN support certificate? I found ‘HOW TO’ for Exchange 2016, but mine is Apache.

   I should study more about Let’s Encrypt.

Edit(Mar.14):
   I posted the article “How to install a Let’s Encrypt Certificate supports SAN to Apache on Windows”.

Categories
Vulnerability

Vulnerability DROWN.

同一記事の日本語版

   After reading ‘DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk’, I checked my server by The DROWN Attack and DROWN Scanner. Vulnerability DROWN is related to OpenSSL Security Advisory [1st March 2016].

Categories
Vulnerability

Memorandum #16.

同一記事の日本語版

   Steffen released a new version of Apache 2.4.18 which was built with OpenSSL 1.0.2f on February 11, so I updated my web server Apache to it on the day before yesterday. Its ChangeLog says it was built with nghttp2 1.5.0, however, Steffen already gave nghttp2 1.6.0(MSVC release) though nghttp2’s releases are like a waterfall. You should use it at least instead of nghttp2 1.5.0. The ChangeLog of nghttp2 1.6.0. You can download mod_http2 1.1.0 & nghttp2 1.6.0 from here. If you install Apache2.4.x at the first time, see “To create a Wamp-like Web Server in Windows7-#1”. Now I use a VC14 version of Apache which requires VC14.

Categories
Uncategorized

Memorandum #15.

同一記事の日本語版

   As PHP7.0.3 was released, I updated to it the day before yesterday. Here is ChangeLog. My server OS is Windows7 HE SP1 x86, so I downloaded php-7.0.3-Win32-VC14-x86.zip.
   The new php.ini-production doesn’t have difference from 7.0.2’s except some comments. If you need more information about php.ini configuration, see ‘Migrating from PHP 5.5.16 to PHP 5.6.0 on Windows’.

Categories
Windows

Building h2load on Cygwin.

同一記事の日本語版
Update information      Edit(2016.Jan.4)   Edit2(Feb.7)   Edit3(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load feature even if you don’t build nghttp2 by yourself. Nevertheless, if you build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Now, I have two zip files. One is H2LOAD_dll_package_x86.zip, another is H2LOAD_dll_package_x64.zip. If you download one of them, you can do the test by h2load on your Windows PC. Run cmd.exe and do like this.
> h2load -n100000 -c100 -m10 https://localhost
   If you do this test, you should create your own local server. Because the test might be a cyber attack for the server if you set numbers too high as values of -n -c -m. Be careful.
   I wrote like this before:‘I don’t know why, but it looks like telling Apache without HTTP/2 is faster. Gee!’. This time, I had interesting results. See HTTPS with HTTP/2 and HTTPS without HTTP/2. The test tells that the server supports HTTP/2 is good at dealing with concurrent streams than the server doesn’t support HTTP/2. This is one of HTTP/2 features.

   I’ll write about my hard work to get these files (^_^;).
   [Caution]: The steps blow give the files contained by H2LOAD_dll_package_x64.zip. If you want to have the files for x86 PC, you have to do all steps by setup-x86.exe on a Windows x86 PC.

Categories
Windows

Moving my WordPress to HTTPS for supporting HTTP/2-#3.

同一記事の日本語版

   Continued from this post. As I finished preparing for supporting HTTP/2, I re-edited my httpd.conf and httpd-ssl.conf.
 
   On the httpd.conf, I un-commented the next line.
     LoadModule http2_module modules/mod_http2.so
   On the httpd-ssl.conf, I added the next line just after <VirtualHost o6asan.com:443>.
     Protocols h2 http/1.1
   h2 is HTTP/2 with TLS and h2c is HTTP/2 without TLS. I don’t use h2c on the server.
 
   Reboot Apache to enable Http/2. That’s it.

Categories
WordPress

Moving my WordPress to HTTPS for supporting HTTP/2-#2.

同一記事の日本語版

   Continued from this post. As I use Sub-directory type of WordPress multisite network, the steps of moving entire WordPress sites to HTTPS might be slightly different from single type cases.
   I used this opportunity to change some other things.

Categories
Windows

Moving my WordPress to HTTPS for supporting HTTP/2-#1.

同一記事の日本語版
Update information      Edit(Nov.2)  Edit2(Nov.6)  Edit3(2017.Jun.206)

   They released Apache 2.4.17 on Oct 13 and Steffen released the same version at ApacheLounge on Oct 12. The version has mod_http2 for its core module and Steffen’s version was built with nghttp2 v1.3.4. See ChangeLog. So, I can test HTTP/2 on my server now. Yes! Just test. Because they say “This module is experimental.

Categories
Vulnerability

Updating Apache because of CVE-2015-1793.

同一記事の日本語版

   I updated my Apache 2.4.12(httpd-2.4.12-win32-VC14.zip) to 2015 Jul 9 version because of Alternative chains certificate forgery (CVE-2015-1793).

   It is built with ‘IPv6 Crypto apr-1.5.1 apr-util-1.5.4 apr-iconv-1.2.1 openssl-1.0.2d zlib-1.2.8 pcre-8.37 libxml2-2.9.2 lua-5.1.5 expat-2.1.0′. Its Changelog.
   This version is also built with the latest Windows® Visual Studio C++ 2015 RC aka VC14. I began to use VC14 version on June 2 due to OpenSSL 1.0.2. If you use the version, you need to install vc_redist_x64/86.exe before installing the version.

   I really appreciate Steffen’s hard and quick work. Thanks again, Steffen.

   By the way, I take this occasion to update to phpMyAdmin 4.4.11 and MariaDB 10.0.20.

   About phpMyAdmin I noticed two differences. From the version 4.4.10 the download URL changed from sourceforge.net to phpmyadmin.net. And this version, I mean 4.4.11, they provide not only MD5/SHA1 but PGP. I wonder if something happened between sourceforge and phpmyadmin.