ca_bundle.crt config ?


  • | 452 points

    Hi, my first message here and have a question.
    I managed to get ssl working with the private.key and certificate.crt i have from ZeroSSL.
    On my PC it's working ok with every browser but on some mobile browsers it's telling me "invalid SSL certificate".
    I have 3 files from ZeroSSL and i was reading that you need to set also the file ca_bundle.crt in php.ini.
    I did and restarted server but it's still not working.

    Any idea's ?


  • | 3085 points

    Which one are you using apache or nginx?


  • | 452 points

    I use apache.

    I also did try to set SSLCertificateChainFile in httpd-ssl.conf, that's also not working.


  • | 3085 points

    You really don't need to install ca_bundle.crt
    so I imagine you dropped both the crt and key file into here
    C:\laragon\etc\ssl
    yourdomain.test.crt
    yourdomain.test.key

    You configured the
    C:\laragon\etc\apache2\sites-enabled
    auto.yourdoimain.test.conf (configured) ?

    like this
    <VirtualHost *:80>
    DocumentRoot "${ROOT}"
    ServerName ${SITE}
    ServerAlias *.${SITE}
    <Directory "${ROOT}">
    AllowOverride All
    Require all granted
    </Directory>
    </VirtualHost>

    <VirtualHost *:443>
    DocumentRoot "${ROOT}"
    ServerName ${SITE}
    ServerAlias *.${SITE}
    <Directory "${ROOT}">
    AllowOverride All
    Require all granted
    </Directory>

    SSLEngine on
    SSLCertificateFile      C:/laragon/etc/ssl/yourdomain.test.crt
    SSLCertificateKeyFile   C:/laragon/etc/ssl/yourdomain.test.key
    

    </VirtualHost>



  • | 3085 points

    Also you need to configure
    C:\laragon\bin\apache\httpd-2.4.47-win64-VS16\conf
    httpd.conf (edit this)

    Has to be like this in order for you to browse it from outside browsers

    • Deny access to the entirety of your server's filesystem. You must

    • explicitly permit access to web content directories in other <Directory> blocks below.

    <Directory />
    AllowOverride All (change it to this from default)
    Require all granted (change it to this from default)
    </Directory>

    Reboot Laragon ....

    After all this, you shouldn't have any issues


  • | 452 points

    Yes , i dropped both keys in E:\laragon\etc\ssl
    And in Sites-enabled it seems to be configured

    <VirtualHost default:80>
    <Directory "E:/laragon/www/">
    AllowOverride All
    Require all granted
    </Directory>
    </VirtualHost>
    <VirtualHost default:443>
    <Directory "E:/laragon/www/">
    AllowOverride All
    Require all granted
    </Directory>

    SSLEngine on
    SSLCertificateFile      E:/laragon/etc/ssl/laragon.crt
    SSLCertificateKeyFile   E:/laragon/etc/ssl/laragon.key
    

    </VirtualHost>


  • | 452 points

    I did try to edit httpd.conf like you said but it's not working.
    Still have a ssl invalid certificate error, but it only happens with Firefox Mobile and the mobile app i try to make with Android Studio.alt text

    I did check the ssl certificate online with a free service and this is the only error :

    The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.


  • | 3085 points

    have you tried to clean the cache within firefox mobile browser?


  • | 452 points

    Yes i did try everything, also the cache of the android app im making


  • | 3085 points

    @snakebook (edited)
    neverminded you mentioned it already I just overlooked it by accident
    https://zerossl.com/ thats where you got your keys...hmmmm


  • | 3085 points

    I am thinking that the SSL certificate authority is trusted on your desktop only, not the phone.

    I have heard of this before so that's the only reason I am suggesting to you this perhaps try a different certification authority provider ?


  • | 452 points

    It's strange because Chrome and Opera on my phone say ssl is ok, today i have no time for it but mayby tomorrow i'll try cloudfare.

    Thanks for your help so far !


  • | 452 points

    Finaly everything is working ok now.

    The trick was editing the vhost file of Laragon itself(E:\laragon\etc\apache2\sites-enabled\00-default.conf)
    I added the rule SSLCertificateChainFile E:/laragon/etc/ssl/ca_bundle.crt.
    After that i stopped the server and restarted (i didnt use the restart option in the menu)

    I did try this earlyer but then it didnt work (because i restarted with the option in the menu?)


  • | 3085 points

    no idea why the 00-default.conf had anything to do with your project but i am glad you sorted it out and got it working finally.. This will defiantly help others who come across the same exact problem.


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.