SSL on Windows Server 2003

SSL on Windows Server 2003

am 05.02.2007 23:10:13 von kvandegrift

------_=_NextPart_001_01C74972.68ED6EA6
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Good Day To All,
=20
System Config:
Windows Server 2003
PHP 5.2
=20
I'm hoping someone can help give me a high level understanding between
the differences between an SSL certificate installed on my webserver and
an SSL module (e.g. OpenSSL) installed on my web server.
=20
1. My current understanding is that the SSL certificate installed on my
webserver will encrypt data coming from and going to a client web
browser if the protocol is HTTPS. So, if on a checkout form at my web
store the url begins with https, then credit card info, etc. will be
encrypted and considered safe from sniffers, etc. Is this correct?
=20
2. I become fuzzy then for the need or proper use of an SSL module
(let's just go with OpenSSL). Specifically, my current webstore has
VeriSign's Payflow Pro API installed on the webserver, and I have
written a class that sends payment requests to VeriSign by using the
Payflow Pro as a COM object. However, this is very slow (taking 30
seconds per transaction). Recently my company purchased X-Cart Shopping
cart software and I am trying to get this configured to use our Payflow
Pro account using XMLPay. However, I keep getting an error that no SSL
module could be located for secure transactions. So, why do I need an
SSL module if I am submitting transaction data to an HTTPS url?
=20
PHP is configured with OpenSSL support (v0.9.8d), I assume this just
means OpenSSL functions are available, but I still need to install
OpenSSL on my webserver?
=20
Any clarification would be much appreciated.
=20
Thank you.
=20
Ken Vandegrift
kvandegrift@sharis.com =20
Web Administrator
Sharis Mgmt. Corp
=20

------_=_NextPart_001_01C74972.68ED6EA6--

RE: SSL on Windows Server 2003

am 06.02.2007 15:39:00 von Gustav Wiberg

Hi there guys!

Do you know any way of getting NEXT row based on a specific ID in db?

$thisRow =3D $_GET["thisrow"];
$thisID =3D $_GET["thisID"];


//Get next row (With ID and sortorder-nr from db
//
$sql2 =3D "SELECT IDPrice, sortOrder FROM tbprices WHERE sortOrder>" . $db =
-> safeQuote($thisRow);
$dbArray =3D $db -> makeArray($sql2);
$dbNextSortOrder =3D $dbArray["sortOrder"];
$dbNextIDPrice =3D $dbArray["IDPrice"];


I can't have sortorder> (larger than) BECAUSE the sortorder don't have to b=
e larger in the actual table. Of course, I can loop through a table but it =
doesn't seem so good programming practice
?>

Best regards
/Gustav Wiberg

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-WIN] SSL on Windows Server 2003

am 07.02.2007 05:32:15 von bedul

sry i don't understand what writen here
let me repair
----- Original Message -----
From: "Gustav Wiberg"
To:
Sent: Tuesday, February 06, 2007 9:39 PM
Subject: RE: [PHP-WIN] SSL on Windows Server 2003


Hi there guys!

Do you know any way of getting NEXT row based on a specific ID in db?

$thisRow = $_GET["thisrow"];
$thisID = $_GET["thisID"];


//Get next row (With ID and sortorder-nr from db
//
$sql2 = "SELECT IDPrice, sortOrder FROM tbprices WHERE sortOrder>" . $db ->
safeQuote($thisRow);
$dbArray = $db -> makeArray($sql2);
$dbNextSortOrder = $dbArray["sortOrder"];
$dbNextIDPrice = $dbArray["IDPrice"];


I can't have sortorder> (larger than) BECAUSE the sortorder don't have to be
larger in the actual table. Of course, I can loop through a table but it
doesn't seem so good programming practice
?>

Best regards
/Gustav Wiberg

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

$thisRow = $_GET["thisrow"];
$thisID = $_GET["thisID"];
//repir on this
$sql2 = "SELECT IDPrice, sortOrder FROM tbprices WHERE sortOrder>" . $db ->
safeQuote($thisRow)." AND IDPrice > $thisID ORDER BY `IDPrice` ASC LIMIT
0,1";

$dbArray = $db -> makeArray($sql2);
$dbNextSortOrder = $dbArray["sortOrder"];
$dbNextIDPrice = $dbArray["IDPrice"];

?>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-WIN] SSL on Windows Server 2003

am 07.02.2007 05:32:15 von bedul

sry i don't understand what writen here
let me repair
----- Original Message -----
From: "Gustav Wiberg"
To:
Sent: Tuesday, February 06, 2007 9:39 PM
Subject: RE: [PHP-WIN] SSL on Windows Server 2003


Hi there guys!

Do you know any way of getting NEXT row based on a specific ID in db?

$thisRow = $_GET["thisrow"];
$thisID = $_GET["thisID"];


//Get next row (With ID and sortorder-nr from db
//
$sql2 = "SELECT IDPrice, sortOrder FROM tbprices WHERE sortOrder>" . $db ->
safeQuote($thisRow);
$dbArray = $db -> makeArray($sql2);
$dbNextSortOrder = $dbArray["sortOrder"];
$dbNextIDPrice = $dbArray["IDPrice"];


I can't have sortorder> (larger than) BECAUSE the sortorder don't have to be
larger in the actual table. Of course, I can loop through a table but it
doesn't seem so good programming practice
?>

Best regards
/Gustav Wiberg

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

$thisRow = $_GET["thisrow"];
$thisID = $_GET["thisID"];
//repir on this
$sql2 = "SELECT IDPrice, sortOrder FROM tbprices WHERE sortOrder>" . $db ->
safeQuote($thisRow)." AND IDPrice > $thisID ORDER BY `IDPrice` ASC LIMIT
0,1";

$dbArray = $db -> makeArray($sql2);
$dbNextSortOrder = $dbArray["sortOrder"];
$dbNextIDPrice = $dbArray["IDPrice"];

?>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: SSL on Windows Server 2003

am 07.02.2007 18:08:38 von frank

> Good Day To All,
>
> System Config:
> Windows Server 2003
> PHP 5.2
>
> I'm hoping someone can help give me a high level understanding between
> the differences between an SSL certificate installed on my webserver
and
> an SSL module (e.g. OpenSSL) installed on my web server.
>
> 1. My current understanding is that the SSL certificate installed on my
> webserver will encrypt data coming from and going to a client web
> browser if the protocol is HTTPS. So, if on a checkout form at my web
> store the url begins with https, then credit card info, etc. will be
> encrypted and considered safe from sniffers, etc. Is this correct?

Correct, or at least more safe than non encrypted connections.

>
> 2. I become fuzzy then for the need or proper use of an SSL module
> (let's just go with OpenSSL). Specifically, my current webstore has
> VeriSign's Payflow Pro API installed on the webserver, and I have
> written a class that sends payment requests to VeriSign by using the
> Payflow Pro as a COM object. However, this is very slow (taking 30
> seconds per transaction). Recently my company purchased X-Cart
Shopping
> cart software and I am trying to get this configured to use our Payflow
> Pro account using XMLPay. However, I keep getting an error that no SSL
> module could be located for secure transactions. So, why do I need an
> SSL module if I am submitting transaction data to an HTTPS url?

In this case php becomes the client and it needs to know how to encrypt
data send to the gateway (the server) and how to decrypt the data comming
back. This is where OpenSSL comes into play. If you can load the extension
called php_openssl.dll, it requires libeay32.dll and ssleay32.dll you
should be able to communicate with SSL encryptions. You might want to take
a look at the cURL extension as well. It'll do all the encryption and
decryption for you on each request.

- Frank

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: SSL on Windows Server 2003

am 07.02.2007 18:38:34 von kvandegrift

Thanks=20
Thanks for your reply - your explaination cleared up my
misunderstanding.

Now, would you or anybody else know why X-Cart is not detecting OpenSSL
as an installed HTTPS module when I did install it on our webserver (I
used a precompiled windows binary) and added the "bin" directory to the
windows PATH system variable and verified that the "OPENSSL_CONF" system
var was created and points to the "openssl.cnf" file in the "bin"
directory?

I can issue commands at a command prompt successfully:
C:\Any Dir>openssl version
OpenSSL 0.9.8d 28 Sept 2006

C:\Any Dir>openssl s_client -connect www.openssl.org:443
[I am connected]

GET / HTTP/1.0

I get the home page source code returned.

Seems to be working on the server end.

Any ideas or other areas to investigate within PHP (OpenSSL support is
enabled in php.ini) :)

Thanks.

Ken Vandegrift
kvandegrift@sharis.com
Web Administrator
Sharis Mgmt. Corp

-----Original Message-----
From: Frank M. Kromann [mailto:frank@kromann.info]=20
Sent: Wednesday, February 07, 2007 9:09 AM
To: Vandegrift, Ken
Cc: php-windows@lists.php.net
Subject: Re: [PHP-WIN] SSL on Windows Server 2003



> Good Day To All,
> =20
> System Config:
> Windows Server 2003
> PHP 5.2
> =20
> I'm hoping someone can help give me a high level understanding between

> the differences between an SSL certificate installed on my webserver
and
> an SSL module (e.g. OpenSSL) installed on my web server.
> =20
> 1. My current understanding is that the SSL certificate installed on=20
> my webserver will encrypt data coming from and going to a client web=20
> browser if the protocol is HTTPS. So, if on a checkout form at my web

> store the url begins with https, then credit card info, etc. will be=20
> encrypted and considered safe from sniffers, etc. Is this correct?

Correct, or at least more safe than non encrypted connections.

> =20
> 2. I become fuzzy then for the need or proper use of an SSL module=20
> (let's just go with OpenSSL). Specifically, my current webstore has=20
> VeriSign's Payflow Pro API installed on the webserver, and I have=20
> written a class that sends payment requests to VeriSign by using the=20
> Payflow Pro as a COM object. However, this is very slow (taking 30=20
> seconds per transaction). Recently my company purchased X-Cart
Shopping
> cart software and I am trying to get this configured to use our=20
> Payflow Pro account using XMLPay. However, I keep getting an error=20
> that no SSL module could be located for secure transactions. So, why=20
> do I need an SSL module if I am submitting transaction data to an
HTTPS url?

In this case php becomes the client and it needs to know how to encrypt
data send to the gateway (the server) and how to decrypt the data
comming back. This is where OpenSSL comes into play. If you can load the
extension called php_openssl.dll, it requires libeay32.dll and
ssleay32.dll you should be able to communicate with SSL encryptions. You
might want to take a look at the cURL extension as well. It'll do all
the encryption and decryption for you on each request.

- Frank

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: SSL on Windows Server 2003

am 09.02.2007 20:06:14 von kvandegrift

I have a better understanding of the SSL process, however, I still have
an issue communicating with the VeriSign Payflow Pro gateway.

Am I correct in the fact that I need to tell OpenSSL what certificate to
use when sending payment requests to VeriSign?

If so, what is the proper way to do this?

Below is the command being used by X-Cart shopping cart software via the
exec() function:
C:\OpenSSL\bin\openssl.exe s_client -connect
test-payflow.verisign.com:443 < C:\path\to\xct15.tmp
2>C:\path\to\xct16.tmp

I keep getting the message "no client certificate CA names sent"

Do I need to somehow associate the payflow certificate .0 with
this?

Thanks in advance for your help and time.

Ken Vandegrift
kvandegrift@sharis.com
Web Administrator
Sharis Mgmt. Corp

-----Original Message-----
From: Frank M. Kromann [mailto:frank@kromann.info]=20
Sent: Wednesday, February 07, 2007 9:09 AM
To: Vandegrift, Ken
Cc: php-windows@lists.php.net
Subject: Re: [PHP-WIN] SSL on Windows Server 2003



> Good Day To All,
> =20
> System Config:
> Windows Server 2003
> PHP 5.2
> =20
> I'm hoping someone can help give me a high level understanding between

> the differences between an SSL certificate installed on my webserver
and
> an SSL module (e.g. OpenSSL) installed on my web server.
> =20
> 1. My current understanding is that the SSL certificate installed on=20
> my webserver will encrypt data coming from and going to a client web=20
> browser if the protocol is HTTPS. So, if on a checkout form at my web

> store the url begins with https, then credit card info, etc. will be=20
> encrypted and considered safe from sniffers, etc. Is this correct?

Correct, or at least more safe than non encrypted connections.

> =20
> 2. I become fuzzy then for the need or proper use of an SSL module=20
> (let's just go with OpenSSL). Specifically, my current webstore has=20
> VeriSign's Payflow Pro API installed on the webserver, and I have=20
> written a class that sends payment requests to VeriSign by using the=20
> Payflow Pro as a COM object. However, this is very slow (taking 30=20
> seconds per transaction). Recently my company purchased X-Cart
Shopping
> cart software and I am trying to get this configured to use our=20
> Payflow Pro account using XMLPay. However, I keep getting an error=20
> that no SSL module could be located for secure transactions. So, why=20
> do I need an SSL module if I am submitting transaction data to an
HTTPS url?

In this case php becomes the client and it needs to know how to encrypt
data send to the gateway (the server) and how to decrypt the data
comming back. This is where OpenSSL comes into play. If you can load the
extension called php_openssl.dll, it requires libeay32.dll and
ssleay32.dll you should be able to communicate with SSL encryptions. You
might want to take a look at the cURL extension as well. It'll do all
the encryption and decryption for you on each request.

- Frank

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php