Category Archives: WAMP Developer Server

Running PHP Scripts Outside of DocumentRoot

In some WAMP configurations, PHP execution is only enabled under a specific root folder and given path (instead of for any *.php filename under any folder or path).

For example, under WampDeveloper Pro, PHP is enabled for all *.php files under the path of:
C:\WampDeveloper\Websites\*\webroot\

There are two ways to enable the execution (running) of PHP scripts outside of a website’s DocumentRoot (\webroot) folder…

* In this example we’ll enable the running of PHP scripts in folder: D:\Folder\path\

JunctionPoint Into DocumentRoot

The preferred way to enable PHP in an outside folder is to keep the existing configuration (by not adding anything to it), and creating a “JunctionPoint” to link…

1. A folder inside a website’s DocumentRoot:
C:\WampDeveloper\Websites\www.example.com\webroot\path\

2. Into the PHP web-app/script folder:
D:\Folder\path\

Open the command line (with elevated privileges) and execute:
mklink /j C:\WampDeveloper\Websites\www.example.com\webroot\path D:\Folder\path

This will create folder C:\WampDeveloper\Websites\www.example.com\webroot\path and link it to D:\Folder\path. The former will have all the proper configurations enabled (from the base WAMP configuration), and with all the files/folders of the later.

* The only limitation here is that the target folder needs to be a local volume (e.g., can’t be a networked drive).

Enable PHP Directly For a Specific Folder

The second option is to directly enable PHP execution in the specific folder by placing this into a website’s VirtualHost, or into the global configuration (included into httpd.conf via Config\Apache\extra\wampd-custom.conf):

Alias /path/ "D:/Folder/path/"

<Directory "D:/Folder/path">
    Options All
    AllowOverride All
    Order allow,deny
    Allow from all

    # PHP-FCGI
    <IfModule mod_fcgid.c>        
        AddHandler fcgid-script .php .php4 .php5
        Options +ExecCGI +FollowSymLinks

        FcgidWrapper "C:/WampDeveloper/Components/Php/php-cgi.exe" .php virtual
        FcgidWrapper "C:/WampDeveloper/Components/Php/php-cgi.exe" .php4 virtual
        FcgidWrapper "C:/WampDeveloper/Components/Php/php-cgi.exe" .php5 virtual
    </IfModule>

    # Apache 2.2 and 2.4 / PHP5
    <IfModule mod_php5.c>
        AddType text/html .php .phps
        AddHandler application/x-httpd-php .php
        AddHandler application/x-httpd-php-source .phps
    </IfModule>

    # Apache 2.2 / PHP 4.4
    <IfModule php4_module>
        AddType text/html .php .phps
        AddHandler application/x-httpd-php .php
        AddHandler application/x-httpd-php-source .phps
    </IfModule>

    # Apache 2.0 / PHP 4.4
    <IfModule sapi_apache2.c>
        AddType text/html .php .phps
        AddHandler application/x-httpd-php .php
        AddHandler application/x-httpd-php-source .phps
    </IfModule>
</Directory>

* The limitation with this option is that while this will enable PHP execution in the specific folder, this folder will not inherit any other configuration of the base WAMP setup.

Installing and Using ImageMagick with Imagick PHP Extension (php_imagick.dll) on WAMP

The php_imagick extension enables WAMP servers such as WampDeveloper Pro to create, edit, convert, and/or manipulate images via PHP using the ImageMagick software on Windows.

WampDeveloper Pro comes integrated with both the ImageMagick package and the Imagick PHP extension.

To enable the Imagick PHP Extension in WampDeveloper Pro:

1. Open file php.ini -
C:\WampDeveloper\Config\Php\php.ini

2. Near the end of php.ini, locate the ImageMagick section -

[ImageMagick]
;extension="C:\WampDeveloper\Components\Php\ext\php_imagick\php_imagick.dll"
;imagick.locale_fix=0
;imagick.progress_monitor=0

3. Un-comment the load line for this extension (remove the ‘;’ character from the beginning of the line) -

[ImageMagick]
extension="C:\WampDeveloper\Components\Php\ext\php_imagick\php_imagick.dll"

4. Save file. Restart Apache.

Afterwards, Imagick will be loaded by PHP and you can verify this via phpinfo.php…

imagick

5. Test imagick:

A. Create a scaled thumbnail image…

<?php

// if full path is not specified, will look for file in Apache's folder.

$im = new imagick('C:\WampDeveloper\Websites\www.example.com\webroot\imagick\pic.jpg');

// resize by 200 width and keep the ratio
$im->thumbnailImage(200, 0);

// if full path is not specified, file will end up in Apache's folder.

// write to disk
$im->writeImage('C:\WampDeveloper\Websites\www.example.com\webroot\imagick\pic_thumbnail.jpg');

echo 'Image Thumbnail Created.';

?>

B. Covert JGP image to PNG image format…

<?php

$image = 'C:\WampDeveloper\Websites\www.example.com\webroot\imagick\pic.jpg';

// a new imagick object
$im = new Imagick();

// ping the image
$im->pingImage($image);

// read the image into the object
$im->readImage($image);

// convert to png
$im->setImageFormat("png");

// write image to disk
$im->writeImage('C:\WampDeveloper\Websites\www.example.com\webroot\imagick\pic.png');

echo 'Image Converted.';

?>

Connecting PHP to MS SQL Server

php_sqlsrv.dll is PHP’s Database Driver for MS SQL Server, that has replaced php_mssql.dll (which no longer exists with PHP 5.3 and above).

While the php_sqlsrv API is not the same as the php_mssql API, php_sqlsrv can be used through php_pdo_sqlsrv which provides the common PDO Database interface that can access MS SQL Server.

There is 1 official build of php_sqlsrv.dll by Microsoft that is provided for PHP 5.3. And several unofficial builds of php_sqlsrv.dll for PHP 5.6, 5.5, 5.3 (32 bit and 64 bit).

PHP 5.5 Driver for MS SQL Server

Download the unofficial builds maintained here:
http://robsphp.blogspot.co.uk/2012/06/unofficial-microsoft-sql-server-driver.html

In the OneDrive folder, right-click on file “sqlsrv_unofficial_3.0.2.2.zip” and select “Download”.

Inside of file sqlsrv_unofficial_3.0.2.2.zip, extract these files out:

Into:
C:\WampDeveloper\Versions\Php\php-5.5.16.0-r2-win32-vc11-standard\ext\

Files:
php_pdo_sqlsrv_55_ts.dll
php_sqlsrv_55_ts.dll

Into:
C:\WampDeveloper\Versions\Php\php-5.5.16.0-r2-win32-vc11-standard-fcgi\ext\

Files:
php_pdo_sqlsrv_55_nts.dll
php_sqlsrv_55_nts.dll

* The above PHP versions are WampDeveloper Pro’s (v5.1.0.1) latest PHP 5.5 releases (regular PHP and FCGI-PHP).

Microsoft’s PHP 5.3 Driver for MS SQL Server

Download the official build maintained here:
http://www.microsoft.com/en-us/download/details.aspx?id=20098

Download file:
SQLSRV30.EXE

This file is not really an EXE (it’s a compressed CAB file), and if you try to run it Windows will display error message: “sqlsrv30.exe is not a valid win32 application”.

You will need to open (not run) SQLSRV30.EXE with either of these un/compression programs: WinRar, or 7-Zip (I use 7-Zip myself, it’s free and open source).

Inside of file SQLSRV30.EXE, extract these files out:

Into:
C:\WampDeveloper\Versions\Php\php-5.3.29.0-r2-win32-vc9-standard\ext\

Files:
php_pdo_sqlsrv_53_ts.dll
php_sqlsrv_53_ts.dll

Into:
C:\WampDeveloper\Versions\Php\php-5.3.29.0-r2-win32-vc9-standard-fcgi\ext\

Files:
php_pdo_sqlsrv_53_nts.dll
php_sqlsrv_53_nts.dll

* The above PHP versions are WampDeveloper Pro’s (v5.1.0.1) latest PHP 5.3 releases (regular PHP and FCGI-PHP).

Then via Components Tab, switch WampDeveloper from using Channel: Current (Apache 2.4 + PHP 5.5 + MySQL 5.6) to Stable (Apache 2.2 + PHP 5.3 + MySQL 5.5)…
http://www.devside.net/wamp-server/howto-switch-wampdevelopers-apache-php-mysql-branches

Load php_sqlsrv.dll

Rename the files under all PHP versions to:
php_pdo_sqlsrv.dll
php_sqlsrv.dll

Edit file php.ini, and insert the loading of “php_sqlsrv.dll”…

[PHP_SQLSRV]
extension=php_sqlsrv.dll
extension=php_pdo_sqlsrv.dll

Save file. Restart Apache.

Links

“Microsoft Drivers for PHP for SQL Server” project

http://sqlsrvphp.codeplex.com/

“Update For PHP 5.5″ discussion

http://sqlsrvphp.codeplex.com/discussions/441706

“Data Developer Center SQL Server Driver for PHP” page

http://msdn.microsoft.com/en-us/data/ff657782.aspx

“Accessing SQL Server Databases from PHP”

http://social.technet.microsoft.com/wiki/contents/articles/1258.accessing-sql-server-databases-from-php.aspx

Unable to load or find PHP extension php_intl.dll

PHP Startup: Unable to load dynamic library ‘C:/wamp/path/to/php/ext/php_intl.dll’ – The specified module could not be found.

PHP says it can’t find extension php_intl.dll, yet file “php_intl.dll” does exist in the specified location!

This is a very common issue, especially under PHP 5.5, and can easily be fixed…

To see why PHP cannot load extension php_intl.dll, open the command line, change to WAMP’s PHP directory, and test php_intl.dll’s dependencies:

C:
cd  WampDeveloper\Components\Php
deplister.exe ext\php_intl.dll

This is a list of all the DLLs php_intl.dll must load, before it can be loaded itself:

# Core PHP DLL
php5ts.dll,OK

# International Components for Unicode (ICU) libraries - Unicode and Globalization support
icuuc51.dll,OK
icuin51.dll,OK
icuio51.dll,OK

# Microsoft VC++ 2012 Runtime libraries - common functions required by C and C++ programs
MSVCR110.dll,OK
MSVCP110.dll,OK

# Core Windows DLL
KERNEL32.dll,OK

The “ICU” and/or the” VC++ Runtime” DLLs will not be found (displayed as “NOTFOUND” instead of “OK”) on the system with this issue.

And when php_intl.dll is not able to find and load these dependencies, PHP outputs:

"The specified module could not be found."

Here is how to fix the issue and load php_intl.dll:

1. Make sure the PHP directory path is included in the system’s PATH environmental variable so this set of provided/included ICU DLLs (that php_intl.dll depends on) are found:

icuuc51.dll, icuin51.dll, icuio51.dll

* WampDeveloper Pro already includes PHP’s directory in PATH, but some other WAMP distributions do not.

2. Install the Microsoft VC++ 2012 Runtime Redistributable that will provide these VC11 runtime DLLs (PHP 5.5 is built with VS.NET 2012):

MSVCR110.dll, MSVCP110.dll

Visual C++ Redistributable for Visual Studio 2012 Update 4

Make sure to install the 32 bit (x86) version if you are using a 32 bit PHP build: vcredist_x86.exe

* Unlike PHP 5.5, PHP 5.3 is built with VS.NET 2008 (VC9), and depends on “Visual C++ Redistributable for Visual Studio 2008″ which provides runtime DLLs: MSVCR90.dll, MSVCP90.dll

Removing Sender’s IP Address From Email’s Received: From Header

When sending an email, Sendmail and other SMTP servers, will log your originating device’s: name (hostname or computer name), IP address, and IP’s reverse DNS lookup, into the first “Received: from” Header line…

Received: from computer.name (ip-address.reverse.lookup [ip.address])

This is a problem because:

  1. It’s sensitive information that contains your location.
  2. It can further contain meta-data about your reader (ex: Outlook, Windows Live Mail, Mail App, Mozilla Thunderbird).
  3. Spam tools will detect a Residential IP address which will prevent email delivery.

The solution to hide the client’s (sender’s) IP address is to redefine the SMTP server’s use of RECEIVED_HEADER.

The standard definition of this header can be found in file:
/usr/share/sendmail-cf/m4/cfhead.m4

define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')
define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $?{auth_author}author=${auth_author} $.mech=${auth_type}')
define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')
define(`_REC_END_', `for $u; $|;
        $.$b')
define(`_REC_TLS_', `(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u')
define(`_REC_BY_', `$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}')
define(`confRECEIVED_HEADER', `_REC_HDR_
        _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
        _REC_BY_
        _REC_TLS_
        _REC_END_')

To strip out all private info (senders’s/client’s IP address) of the initial client connection, you would basically remove that entire connection’s info (and also of all the connections before it), and make it look like the email originated from the SMTP server itself…

Edit file:
/etc/mail/sendmail.mc

define(`confRECEIVED_HEADER',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl

Then rebuild sendmail.cf and restart sendmail:

[root@private mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
[root@private mail]# service sendmail restart

Done.

I’ve been doing this for YEARS without any issues whatsoever to be able to send out emails from my PC (using Outlook and Windows Live Mail) to my clients without triggering spam filters, and to prevent privacy leaks.

Using phpMyAdmin to Create a MySQL Database, User, Password

Make sure Apache and MySQL are running, and access phpmyadmin via URL:
http://127.0.0.1/phpmyadmin

Login with:

Username: root
Password: (leave it blank, it's not set by default)

Click ‘Go’.

* User “root” under WampDeveloper Pro is restricted to local network access in multiple ways, so setting a password is not absolutely necessary.

Create a database:

  1. Click on the ‘Databases’ tab.
  2. Specify a Database name.
  3. Leave everything else as-is (don’t select a collation).
  4. Click ‘Create’.

Create a user:

  1. Click on that database.
  2. Click on its ‘Privileges’ tab.
  3. Click in ‘New’ group, ‘Add user’.
User name ('Use text field'): username-here
Host (select 'Use text field'): 127.0.0.1
Password ('Use text field'): password-here
Re-type: password-here

Leave everything else as-is:

'Database for user' group: Grant all privileges on database "database-name".
'Global privileges' group: None

* Don’t select any “Global” privileges/permissions, this user only needs all privileges/access on that specific database, and not on all the databases under MySQL.

Click ‘Go’.

Whenever you need to specify this info when you install or configure a web-app or script, make sure to enter the db and user info exactly as above, with “Host” as 127.0.0.1 and not as “localhost”.

Connecting WAMP Server to Oracle With PHP’s php_oci8_11g.dll

Download the proper Oracle Instant Client

If using 32 bit PHP, you’ll need use the 32 bit Windows Oracle Instant Client:
Instant Client Downloads for Microsoft Windows (32-bit)

Download package:
"Instant Client Package - Basic Lite"

Use version 11 of the client, not 12, with PHP’s php_oci8_11g.dll.

Unzip the package into a location such as:
C:\WampDeveloper\Tools\Oracle\

Then modify the System’s PATH environmental variable with the end location. This is important as otherwise its DLLs (OCI.dll) will not be found/loaded by PHP’s php_oci8_11g.dll:
C:\WampDeveloper\Tools\Oracle\instantclient[version]

Restart the system for Path changes to fully propigate.

Installed the VC++ 2012 Runtime

Under PHP 5.5, which is a VC11 (VS.NET 2012) build, some of the extensions depend on the full set of Microsoft VC++ 2012 Runtime DLLs.

Download and install the 32 bit VC++ 2012 Runtime Redistributable (vcredist_x86.exe):
Visual C++ Redistributable for Visual Studio 2012 Update 4

PHP 5.5 extension php_oci8_11g.dll, and other extensions such as php_intl.dll, depend on files: msvcr110.dll and msvcp110.dll, which this will place into your C:\Windows\System32 folder.

Check Dependencies of php_oci8_11g.dll

Open the command line, change to the PHP’s directory, and check to see if all php_oci8_11g.dll dependancies (DLLs) are being found.

C:
cd \WampDeveloper\Components\Php
deplister ext\php_oci8.dll
deplister ext\php_oci8_11g.dll

Everything should be listed as found, and you should not see this (the Oracle Client DLL not being found) – OCI.dll,NOTFOUND

Load php_oci8_11g.dll

Edit php.ini and un-comment:

extension=php_oci8.dll
extension=php_oci8_11g.dll

Save file. Restart Apache.

Then check to make sure this module has been loaded:

http://serverhost/phpinfo.php

* phpinfo.php contains this code: <?php echo phpinfo(); ?>, and will show you all the loaded PHP extensions and their settings.

Issues

PHP Startup: Unable to load dynamic library ‘C:/WampDeveloper/Components/Php/ext\php_oci8_11g.dll’ – %1 is not a valid Win32 application.

This indicates a build-type mismatch.

The used PHP extension (php_oci8_11g.dll) is not matching the PHP build type: 32bits (x86), VC11 (VS.NET 2012), TS (Thread Safe). * TS (Thread Safe) is for Regular PHP; NTS (Not Thread Safe) is for PHP-FCGI.

Chances are you are using the 64-bit build of php_oci8_11g.dll, or a VC9 build, or a NTS build – that replaced the default ext\php_oci8_11g.dll file that PHP came with.

Unable to load dynamic library ‘C:/WampDeveloper/Components/Php/ext\php_oci8_11g.dll’ – The specified module could not be found.

The module is being found (and you can verify that it’s present), but the real problem is that it has dependencies on other DLLs which are not being found.

Update the System’s PATH environmental variable with the Oracle Instant Client’s OCI.dll file location.

Also make sure PHP’s root folder is in the PATH. It and it’s \ext paths should already be listed in WampDeveloper’s %wampdev% environmental variable (which itself is expanded in %path%).

* In the error message, the backslash (“\”) being used instead of the “/”, is never the problem.

Oracle Instant Client Version 11 vs. 12

You should use the Oracle Instant Client version that matches the php_oci8 extension version:

Use client version 11 for extension php_oci8_11g.dll

Use client version 12 for extension php_oci8_12c.dll

You can download the oci8 extension for client version 12 from:
http://windows.php.net/downloads/pecl/releases/oci8/

The nomenclature of the extension’s file name to built-type is:

  • PHP 5.5 32bit: TS, VC11, x86
  • PHP-FCGI 5.5 32bit: NTS, VC11, x86

For WampDeveloper’s PHP 5.5 (regular, not FCGI) 32bit channel, you would get this file:
php_oci8-2.0.8-5.5-ts-vc11-x86.zip

Unzip the contents into PHP “\ext” folder (make sure to overwrite all files), and load it via php.ini:

extension=php_oci8.dll
extension=php_oci8_12c.dll

PDO

If your code uses PDO methods to connect to databases, you’ll also need to load this extension:

extension=php_pdo_oci.dll

Notes

OCI8 Requirements (php.net)

Using PHP OCI8 with 32-bit PHP on Windows 64-bit

Installing PHP and the Oracle Instant Client for Linux and Windows, For PHP 5.4 and Oracle Database 11g Release 2

Installing PHP and the Oracle Instant Client for Linux and Windows, For PHP 5.5, OCI8 2.0 and Oracle Database 12c Release 1

Running PHP Scripts as Cron Jobs on Windows

How do I hit a set of web pages to run scripts that perform tasks or update data?

On Windows you would use the “Windows Task Scheduler” to execute PHP scripts either via a URL, or directly via php.exe – at specific times or on specific events.

Run PHP Script Via URL

To hit a URL you can use command line tools such as “wget” or “curl” (wget and curl are already included in WampDeveloper Pro under the Tools folder), and for multiple URLs you would wrap it all up into 1 batch file.

For example, to hit this URL…
http://domain.name/webapp/tools/cron.php

You would use “wget” by executing this command…

C:\WampDeveloper\Tools\gnuwin32\wget.exe -q -O NUL http://domain.name/webapp/tools/cron.php

* The “-q” switch makes wget silent and the “-O NUL” option discards the output (instead of saving it to a file).

Set up a “Windows Scheduled Task” (via “Task Scheduler”)…

Create Task...
Triggers: Daily
Advanced settings... Repeat task every: 5 minutes; Indefinitely
Action: Start a program
Program/script: C:\WampDeveloper\Tools\gnuwin32\wget.exe
Arguments: -q -O NUL http://domain.name/webapp/tools/cron.php
Start In: C:\WampDeveloper\Tools\gnuwin32\

Run PHP Script Directly

An even simpler and more straight-forward way to perform the above is to just run the PHP scripts directly without involving Apache, or anything other than the PHP interpreter/engine (php.exe)…

For example, to create a Task that executes this PHP file every 5 minutes…
C:\WampDeveloper\Websites\domain.name\webroot\webapp\tools\cron.php

Set up a “Windows Scheduled Task” (via “Task Scheduler”)…

Create Task...
Triggers: Daily
Advanced settings... Repeat task every: 5 minutes; Indefinitely
Action: Start a program
Program/script: C:\WampDeveloper\Components\Php\php.exe
Arguments: -f C:\WampDeveloper\Websites\domain.name\webroot\webapp\tools\cron.php
Start In: C:\WampDeveloper\Websites\domain.name\webroot\

* The ‘start in’ path would need to reflect the path the script is expecting to be started in (so all its inner relative paths work). Usually this is either the webapp’s folder, or the folder the script is in.

You could also create this Task via the command-line -

schtasks /create /sc minute /mo 5 /tn "my task name" /tr "C:\WampDeveloper\Components\Php\php.exe -f C:\WampDeveloper\Websites\domain.name\webroot\webapp\tools\cron.php"

* The command-line method doesn’t allow a start-in directory.

Run Multiple PHP Scripts via Batch File

If you have multiple scripts or URLs to hit on 1 Task, create a batch file (filename.bat) containing multiple instances of the above commands…

C:\WampDeveloper\Tools\gnuwin32\wget.exe -q -O NUL http://domain.name/url1
C:\WampDeveloper\Tools\gnuwin32\wget.exe -q -O NUL http://domain.name/url2
C:\WampDeveloper\Tools\gnuwin32\wget.exe -q -O NUL http://domain.name/url3
C:\WampDeveloper\Components\Php\php.exe -f C:\WampDeveloper\Websites\domain.name\webroot\path\file1.php
C:\WampDeveloper\Components\Php\php.exe -f C:\WampDeveloper\Websites\domain.name\webroot\path\file2.php
C:\WampDeveloper\Components\Php\php.exe -f C:\WampDeveloper\Websites\domain.name\webroot\path\file3.php

Set up a “Windows Scheduled Task” (via “Task Scheduler”)…

Create Task...
Triggers: Daily
Advanced settings... Repeat task every: 5 minutes; Indefinitely
Action: Start a program
Program/script: C:\path\filename.bat
Arguments:
Start In: C:\path\

Installing and Running Ghost CMS under Apache

Ghost CMS is a blogging platform like WordPress, except with a minimalistic feel. Ghost uses Node.JS and SQLite, but can be connected and ran through a full Apache, PHP, and MySQL web-server platform such as WampDeveloper Pro (for Windows).

1. Download Ghost CMS:
https://ghost.org/download/

2. Extract the Ghost CMS package into your website’s non-DocumentRoot folder (e.g., not into \webroot):
C:\WampDeveloper\Websites\www.example.com\ghost

3. Open the command-line, change to the ghost folder, and install Ghost CMS:

C:
cd C:\WampDeveloper\Websites\www.example.com\ghost
npm install --production
npm start

This will automatically download a number of Ghost CMS dependencies (node.js modules) and set up a default configuration file.

* WampDeveloper Pro already comes with Node.JS and NPM.

4. Test the installation by going to URL:

http://127.0.0.1:2368/ghost

Integrate Apache with Ghost + Node.JS

Open the website’s HTTP VirtualHost file, and add all configuration inside the “<VirtualHost>” block…

Transparently proxy all http://www.example.com/blog requests through Apache:

ProxyPass /blog http://127.0.0.1:2368/ghost

And if you want to secure /blog to local system access only:

<Location "/blog">
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 ::1
</Location>

Save VirtualHost file. Restart Apache.

Ghost Hosted Through Apache

See your Ghost CMS installation hosted by Apache (on the regular HTTP port 80):
http://www.example.com/blog

Ghost’s configuration file is config.js, located in Ghost’s folder, and the settings are listed here:
http://support.ghost.org/config/

Installing Comodo PositiveSSL Certificate Bundled with Root and Intermediate CA Certificates on Apache

The problem with basic domain-validation certificates is they tend to have multiple “Intermediate CA” certificates that have to be bundled together and included into the setup, and the provided instruction on how to use those 3 additional certificate files is often missing, outdated, or just wrong. I think this is done by design, to get you to spend more on the more expensive extended validation certs (that don’t need multiple intermediary certs).

Aside from that, the basic low-end “domain validation” certs win on 3 fronts:

  • They cost $10 instead of $300.
  • They are very easy to get since the “validation” step (to prove who you are) is basically opening an email sent to the domain name (admin@domain.name) and clicking the provided link.
  • They tend to have faster/more-responsive page load times, since the Browser does not download the Certificate Revocation List (CRL) or perform a check of the certificate status (via OCSP), either of which can add an additional .5-2 seconds before the page is displayed (this is why Amazon does not use an EV “green bar” cert).

Here is how to install the most common certificate on the market, the Comodo PositiveSSL Certificate bundled with Root and Intermediate CA Certificates on Apache.

These instructions can be used on WampDeveloper Pro, on any other WAMP (Xampp, WampServer, etc) or Apache setup, and on Linux – with just some path changes. The fictitious domain used in this example is www.example.com.

Open the command line with elevated privileges (e.g., right-click cmd.exe and select ‘Run as admin’). And change to the website’s \certs folder:

C:
cd \WampDeveloper\Websites\www.example.com\certs\

1. Generate a 2048 bit private key named www_example_com.key.

openssl genrsa -out www_example_com.key 2048

2. Generate a Certificate Signing Request (csr) file named www_example_com.csr.

openssl req -new -sha256 -key www_example_com.key -out www_example_com.csr -config C:\WampDeveloper\Config\Apache\openssl.cnf

* Update the above line with the correct openssl “-config ...” path… On your WampDeveloper installation, update path for your drive letter. On other WAMPs, update the full path. And on Linux, leave that part out.

For “Common Name” enter:
www.example.com

For all other fields enter:
.

The “.” means empty / no value. Because you are purchasing a simple “domain validation” certificate, all other fields will get erased.

* If you specify the “www” host on the domain.name (as above), Comodo will issue the certificate for both: www.example.com and example.com

3. Open the “Certificate Signing Request” file www_example_com.csr and copy/paste its entire (full) contents into the proper box when activating the SSL Certificate you have purchased.

4. After the confirmation process, you’ll receive an email with an attached zip file named “www_example_com.zip”.

1. Save this file to some location.
2. Right click this file, select Properties. Click button: Unblock (or Windows won’t allow you to extract the certs due to security issues).
3. Extract the contents of the zip into the website’s \certs folder.

5. Create the CA (Certificate Authority) Intermediate Certificates Bundle file:

copy /B COMODORSADomainValidationSecureServerCA.crt + COMODORSAAddTrustCA.crt + AddTrustExternalCARoot.crt PositiveSSL.ca-bundle

For Linux, this command would instead be:

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle

This will create a file named PositiveSSL.ca-bundle containing the 3 CA (Certificate Authority) intermediate certificates, all in the proper order. Each CA certificate basically validates the one next to it, top to bottom, from the root CA certificate that your Browser has on file, through the intermediate certs, and down to the public certificate file.

6. Configure the website’s SSL VirtualHost file to use the private key, public certificate, and the bundled intermediate certificates chain file.

Edit the website’s SSL VirtualHost file:
C:\WampDeveloper\Vhosts\www.example.com.ssl.vh.conf

Update existing SSLCertificateFile and SSLCertificateKeyFile paths with the proper file names. And add in the SSLCertificateChainFile directive + path.

SSLCertificateFile "C:/WampDeveloper/Websites/www.example.com/certs/www_example_com.crt"
SSLCertificateKeyFile "C:/WampDeveloper/Websites/www.example.com/certs/www_example_com.key"
SSLCertificateChainFile "C:/WampDeveloper/Websites/www.example.com/certs/PositiveSSL.ca-bundle"

Save VirtualHost file.

7. Restart Apache.

Check your website -

PositiveSSL-Bundled-Chain