Payment gateway implementation
Payment gateway implementation: The standard process to implement real-time payment processing is: 1) To obtain an onlin
Views 123 Downloads 45 File size 474KB
Recommend stories
- Author / Uploaded
- jamechs
- Categories
- Transport Layer Security
- Certificado de clave pública
- Servidor HTTP Apache
- Protocolos de internet
- Hipertexto
Citation preview
Payment gateway implementation: The standard process to implement real-time payment processing is: 1) To obtain an online merchant account for a particular credit card from a bank; 2) To select a payment gateway that will process the credit card information; and 3) To integrate your website with the payment gateway. SSL stands for Secure Socket Layer. SSL is a method of encryption that is used to protect sensitive data as it is passed across the internet. I want to integrate my website to payment gateway I have to write shopping cart program.
How do I configure Apache 2 for SSL? For 8.1: by hand, following the apache and mod_ssl documentation. With later packages: •
1. place your server certificates in /etc/apache2/ssl*/ so the locations match up with /etc/apache2/ssl.conf or run /usr/bin/gensslcert2 to create dummy certs 2. add "ssl" to APACHE_MODULES and "SSL" to APACHE_SERVER_FLAGS in /etc/sysconfig/apache2 There is no mod_ssl RPM for apache2: The module is no longer a problem with regard to export restrictions and, in addition, mod_ssl has been included into the Apache base distribution.
How to set up SSL with Apache 2 on SuSE 9.1 Installation On SuSE 9.1, when you install your software, in YAST2, search for apache. Install all the apache2 items and none of the plain apache ones. If you are not running SuSE, the directory locations may change. Be sure to run the online update in Yast2 because there have been many fixes to both Apache and OpenSSH. If you use php, I have seen Web pages that advise upgrading to the latest versions.
In Yast2 you can configure the non-SSL server in Network Services/HTTP server. Do not turn on SSL in the default host or else the non-ssl host (on port 80) will try to look for certificates. Also, if you have the SuSE firewall turned on, be sure to allow port 443 (or the port you choose for SSL) through the firewall.
Starting Apache 2 automatically As root, cd /etc/init.d
and do
insserv apache2
This will insert apache 2 in the correct startup and shutdown scripts.
Overall guidance There is a good quick start document in
/usr/share/doc/packages/apache2/README.QUICKSTART.SSL But it is not quite enough to do the job.
Getting a certificate If you installed all the apache2 modules, the manual should be available on your machine. Go to http://localhost/manual/ssl/ssl_faq.html#aboutcerts
and either get a "real" certificate or create your own following the instructions there. Eric Busse gave the following hints about generating your own certificate: As opposed to manually creating a cert you can do the following /usr/bin/gensslcert2 (claims SuSE) however in my experience it�€™s actually: /usr/bin/gensslcert Shamelessly lifted from: http://portal.suse.com/sdb/en/2003/01/apache2-faq.html#ssl
If you are not going to be at the console whenever your computer reboots, follow the instructions for using an unencrypted (but protected) server key. Be sure it is protected with access permissions 400. If you run gensslcert, you should look at the man page and run it with all of the arguments. These options are recognized: Default: -C Common name "$name" -N comment "$comment" -c country (two letters, e.g. DE) $C -s state $ST
-l city $L -o organisation "$O" -u organisational unit "$U" -n fully qualified domain name $CN (\$FQHOSTNAME) -e email address of webmaster webmaster@$CN -y days server cert is valid for $srvdays -Y days CA cert is valid for $CAdays -d run in debug mode -h show usage For example: /usr/bin/gensslcert -c US -s TN -l "Oak Ridge" -e your_name@your_isp.com -d -n 192.168.1.10
-o Your_organization
In particular the CN field is critical because it must be identical to the ServerName 192.168.1.10 in the virtual host file (discussed later). gensslcert will put the certificates in the correct directories. If you get a "real" certificate, install the server key in /etc/apache2/ssl.key/server.key
and the server certificate in
/etc/apache2/ssl.crt/server.crt
Configuration As root, you will need to edit several files. /etc/sysconfig/apache2: Add ssl to APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif status suexec userdir ssl" Add the server flag SSL to turn on the SSL module configuration file (/etc/apache2/ssl.conf) APACHE_SERVER_FLAGS="-D SSL" Increase the startup timeout to allow a password entry if necessary APACHE_START_TIMEOUT="5" In /etc/apache2/vhosts.d, cp vhost-ssl.template vhost-ssl.conf
You can also copy the vhost.template file to vhost.conf if you want a non-ssl server. Then edit vhost-ssl.conf. /etc/apache2/vhosts.d/vhost-ssl.conf: You must configure the virtual directory for the server. You can put all the access control directives and the document root here. # ## SSL Virtual Host Context ##
# General setup for the virtual host DocumentRoot "/srv/www/secdocs" # The ServerName must be identical to the -n field in your certificate ServerName 192.168.1.10 ServerAdmin [email protected] ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log #Access controls for a directory called noCTRP
AuthType Basic AuthName "Password Required" # The file for the passwords for this directory AuthUserFile /srv/www/passwords/password.noCTRP require user security Options Indexes FollowSymLinks
There seems to be another problem that several other frustrated people have run across. In spite of putting the APACHE_SERVER_FLAGS="-D SSL" in /etc/sysconfig/apache2 file, the system seems to ignore the directive. You can see if this is the case on your system. As root run JARDELL:SuSEconfig JARDELL:/etc/apache2 # httpd2 -D SSL -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:443 192.168.1.10 (/etc/apache2/vhosts.d/vhostssl.conf:27) *:80 192.168.1.10 (/etc/apache2/vhosts.d/vhost.conf:1) Syntax OK
If you do not see the vhost-ssl.conf file, something is rotten in Denmark. To aid in determining what is happening, you can also raise the error logging level in /etc/sysconfig/apache2: APACHE_LOGLEVEL="debug" This will let you see what the ServerName in the certificate is. If this name is not identicat to the one in the vhost-ssl.conf file, apache2 will not start in SSL mode!
Starting your server As root run rcapache2 start
This command can also be used to restart or stop your server. Your server should be listening to port 443 on your host. Be sure to place an index.html file in the main document directory, in my case /srv/www/secdocs. If you have comments or suggestions, e-mail me at [email protected]
Visitors since 19 June 2003: Steps ssl certificate verisign. Trial http://www.verisign.com/support/ssl-certificates-support/install-ssl-certificate.html ApacheSSL certificate:Verisign SSL with Extended validation. http://www.verisign.com/support/ssl-certificates-support/extended-validation/apache.html
Configure SSL for Apache2 on Debian 3.1 (sarge)
Authors: Brusten Philip & Van der Velpen Jan Last modified: Monday, 07Nov2005 14:45:41 CET This small guide describes a simple configuration to use SSL for Apache2 httpd on Debian GNU/Linux 3.1 (Sarge). At this point you should already have a running Apache2 on your Debian system. With some minor modifications you should be able to use this guide for any Apache2 running on any OS.
Configuration NOTE: if you want to use a selfsigned certificate you can run the Debianspecific command apache2-ssl-certificate. It will create a private key and a matching self signed certificate. Else you should create a private key and a certificate yourself (it is recommended to create a certificate signing request and let a commercial CA sign it so browsers will trust the webserver by default). See this list of SSL commands to do that. 1. Make a copy of /etc/apache2/sites-available/default in the same directory. Call it something like ssl. roo t# cp / e t c /apache2 /s i tes - ava i l ab le /de fau l t / e t c /apache2 /s i tes - ava i l ab le / s s l
2. Make a symlink to this new site configuration from /etc/apache2/sitesenabled/. Notice that this is already done for default. roo t# l n - s / e t c /apache2 /s i tes - ava i l ab le / s s l / e t c /apache2 /s i tes - enab led /
3. Make apache load and configure the SSL module. root# l n - s / e t c /apache2 /mods - ava i l ab le / s s l . l oad / e t c /apache2 /mods - enab led / roo t# ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/
4. Add a Listen
443 directive to /etc/apache2/ports.conf
5. Now edit /etc/apache2/sites-available/ssl: 6. NameVirtualHost *:443 7. 8. SSLEngine On 9. SSLCertificateFile /etc/apache2/ssl/apache.pem 10. ... 11.
If you are not using a selfsigned certificate (which is highly recommended), then don't forget to add one of these lines so your webserver can send the full certificate chain to the client (this is usually required for a browser/client to trust the server): SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt OR SSLCACertificatePath /full/path/to/apache/conf/certs
note: the correct BenSSL directive is SSLCACertificateFile or SSLCACertificatePath Restart Apache2: root# / e t c / i n i t . d /apache2 res ta r t Res ta r t i ng apache .
HTTPS should work now. Try: https://hostname/
SSL configuration on Apache. Creating Certificate and Key for SSL 1. Create RSA Private Key. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
$ openssl genrsa -des3 -out server.key 1024 The command will prompt you for a pass-phrase and then store the key in the file server.key. It is critical that the pass-phrase be secure and not forgotten. If either the key is lost, or the passphrase is forgotten, the certificate will be useless!. You might want to consider using an empty passphrase so apache could restart on its own without a pass-phrase. Check the web for documentation on best practices
2. Generating Certificate Signing Request (CSR) Once the private key is generated a Certificate Signing Request can be generated.
$ openssl req -new -key server.key -out server.csr During the generation of the CSR, you will be prompted for several pieces of information. A sample CSR generation session is shown below,
$ openssl req -new -key server.key -out server.csr Using configuration from /usr/local/ssl/openssl.cnf Enter PEM pass phrase:Enter pass phrase here You are about to be asked to enter information that will be incorporated
into your certificate request. Make sure your common name is your hostname (as defined in your URL, to avoid SSL warnings) What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New Hampshire Locality Name (eg, city) []:Nashua Organization Name (eg, company) [Internet Widgits Pty Ltd]:Domain.com, Inc. Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:www.domain.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:******** An optional company name []:
3. Generating or Obtaining a Certificate At this point you can choose to generate a self-signed certificate, or obtain a certificate from a certification authority. The second option is preferable as it will provide a higher level of trust to users visiting your SSL secured pages. To generate a self-signed certificate which is good for a year, issue the following command:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Or, purchase and request an SSL certificate from a certificate vendor such as Thawte, GeoTrust or Comodo using the csr generated above.
4. Copying the key and certificate to the destination point. 1. Make a folder (ssl.crt) under apache/conf and copy the certificate there.
[root@bfc12 root]# cd /usr/local/apache2/conf [root@bfc12 conf]# mkdir ssl.crt [root@bfc12 conf]# cp server.crt ssl.crt/ 2. Make another folder(ssl.key) under apache/conf and copy the key there.
[root@bfc12 root]# cd /usr/local/apache2/conf [root@bfc12 conf]# mkdir ssl.key [root@bfc12 conf]# cp server.key ssl.key/
Configure httpd.conf for SSL Some changes to be done in httpd.conf for SSL. (httpd.conf can be found under apache installtion. e.g /usr/local/apache2/conf/httpd.conf)
1.
Search for following line and uncomment it if it is commented.
LoadModule ssl_module modules/mod_ssl.so 2.
Search for follownig lines of code. If it is not present or commneted, then add it or uncomment it.
3. 4.
Include conf/ssl.conf
Configure ssl.conf for SSL Some changes to be done in ssl.conf for SSL. (ssl.conf can be found under apache installtion. e.g /usr/local/apache2/conf/ssl.conf) 1.
Comment following lines of code.
2. # 3. -------4. --------[ Keep the code between these tags as is. Do not comment it.] 5. -------# 6.
Make sure apache is listening to 443 port. So following line of code should be present.
Listen 443 7.
Create one Virtual Host for 443 port.
8. 9. DocumentRoot "/usr/local/apache2/htdocs" 10.ServerName servername:443 11.ServerAdmin [email protected] 12.ErrorLog /usr/local/apache2/logs/error_log 13.LogLevel info 14.TransferLog /usr/local/apache2/logs/access_log 15.SSLEngine on 16.SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt 17.SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key 18. 19.
SSLOptions +StdEnvVars
20.
Payment gateway :
Mailing list archives Site index · List index
Message view
« Date » · « Thread »
Top
« Date » · « Thread » From Subject Date
> > > > > > > > > > > > > > > > > > > >
"Boyle Owen" RE: [users@httpd] multiple vhosts on port 80 and port 443 Thu, 19 Oct 2006 13:16:34 GMT
-----Original Message----From: joe pond [mailto:[email protected]] Sent: Thursday, October 19, 2006 2:59 PM To: [email protected] Subject: [users@httpd] multiple vhosts on port 80 and port 443 I noticed on 10/19/2006 several postings about this. I may have included too much stuff but some folks may need the info. The following configuration setup enables me to have multiple vhost on port 80 and multiple vhosts on port 443 and I can require login/password or not for eithe port 80 or port 443. The non-matching server name on the 2nd 443 host would seem to be resolveable by creating another certificate with that servers name in it but I have not tried that yet.
Don't bother - it won't work. As masro says, the SSL channel is established first - before the server gets the Host header that it needs for NameVirtualHost resolution. So the server will always use the certs from the first SSL VH to set up the connection. Check the archive for SSL NBVH - it's been gone over a million times already... Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > HTH > > digger920 >
Message view > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
« Date » · « Thread »
Apache2.2.X, SSL, Vhosts I use include files to make troubleshooting a bit easier. This is a WAMP server BTW. In httpd.conf Listen 192.168.10.4:80 Listen 192.168.10.4:443 LoadModule ssl_module modules/mod_ssl.so
# Virtual hosts Include conf/extra/httpd-vhosts.conf # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
SSLMutex default SSLSessionCache none SSLRandomSeed startup builtin SSLRandomSeed connect builtin
======================== In httpd-vhosts.conf NameVirtualHost *:80
ServerAdmin whoever@where-ever ServerName juneau DocumentRoot "C:/Server/Apache2.2/htdocs" #ErrorLog logs/dummy-host.example.com-error_log #CustomLog logs/dummy-host.example.com-access_log common
ServerAdmin whoever@where-ever ServerName ASite #ServerAlias Test1 DocumentRoot "C:/Server/Apache2.2/htdocs/www/A-Site" #ErrorLog logs/dummy-host2.example.com-error_log #CustomLog logs/dummy-host2.example.com-access_log common
Message view > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
« Date » · « Thread »
ServerAdmin whoever@where-ever ServerName secure DocumentRoot "C:/Locked"
AuthType Basic AuthName "Locked Test" AuthUserFile C:/Server/Apache2.2/htdocs/passwords/pwrd Require user testuser Order allow,deny Allow from all
#ErrorLog logs/dummy-host2.example.com-error_log #CustomLog logs/dummy-host2.example.com-access_log common
================================== In httpd-ssl.conf NameVirtualHost *:443 ##
SSL Global Context
AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLSessionCache shmcb:c:/server/apache2.2/logs/ssl_scache(512000) SSLSessionCacheTimeout 300 ## SSL Virtual Host Context
#
General setup for the virtual host ServerName juneau ServerAdmin whoever@where-ever DocumentRoot "c:/SecureToo/"
Order allow,deny Allow from all
ErrorLog c:/server/apache2.2/logs/vhost_SSL_error_log.log TransferLog c:/server/apache2.2/logs/vhost_SSL_access_log.log #
SSL Engine Switch:
Message view
« Date » · « Thread »
> # Enable/Disable SSL for this virtual host. > SSLEngine on > > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile c:/server/apache2.2/conf/ssl/juneau.crt > > SSLCertificateKeyFile c:/server/apache2.2/conf/ssl/juneau.key > > SSLCertificateChainFile c:/server/apache2.2/conf/ssl/juneau.crt > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > BrowserMatch ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > CustomLog c:/server/apache2.2/logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > > ServerAdmin whoever@when-ever > ServerName secure > DocumentRoot "C:/Locked/" >
> AuthType Basic > AuthName "Locked Test" > AuthUserFile C:/Server/Apache2.2/htdocs/passwords/pwrd > Require user jpond > Order allow,deny > Allow from all >
> #ErrorLog logs/dummy-host2.example.com-error_log > #CustomLog logs/dummy-host2.example.com-access_log common > > > _________________________________________________________________ > Add a Yahoo! contact to Windows Live Messenger for a chance > to win a free > trip! > http://www.imagine-windowslive.com/minisites/yahoo/default.asp x?locale=en-us&hmtagline > > > ---------------------------------------------------------------------
Message view > > > > > > >
« Date » · « Thread »
The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. --------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
Mime•
Unnamed text/plain (inline, Quoted Printable, 7824 bytes) View raw message