Php – Apache – php executing on http is ok, but with https is not


i have new dedicated linux web server.

my hosting provider give me a setup of apache server with php on it.

when i open url in browser called with ip, ie: http://xxx.yyy.zzz.vvv/test.php, i get executed php script, and it works fine. so, everything works fine in that case.

problem occur if i call https in a browser, like https://xxx.yyy.zzz.vvv/test.php

in that case, i get browsers option Save as, and all i can do is save php file on my pc.

so, it looks to me that there is some misconfiguration with apache.

providers support told me that this will work ok when i build certificate in apache server. but, i'm not sure in that.

can you tell me if providers support is right.

also, on server is installed plesk. plesk made a lots of problems in the past. could it be that plesk made that problem?

if you can help me to solve this. thank you in advance!

Best Answer

your host lies, if there's no certificate you will get a bad certificate message not a source code download. My guess is that your https settings are too way strict avoiding script from being executed. I'm sending a copy of a proper configurated https .conf file:

NameVirtualHost domain.tld:80 
<VirtualHost your_server_ip:80>   
ServerAdmin webmaster@domain.tld   
DocumentRoot /path/to/site/root/  
ServerName domain.tld  
ScriptAlias /cgi-bin/ "/path/to/site/root/"  

NameVirtualHost domain.tld:443  
<VirtualHost your_server_ip:443>  
SSLEngine on  
SSLCertificateFile "/path/to/your/file.crt"  
SSLCertificateKeyFile "/path/to/your/file.key"  

<FilesMatch "\.(cgi|shtml|phtml|php)$">  
    SSLOptions +StdEnvVars  
BrowserMatch ".*MSIE.*" \  
         nokeepalive ssl-unclean-shutdown \  
         downgrade-1.0 force-response-1.0  

CustomLog "logs/domain.tld-ssl-request_log" \  
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"  

DocumentRoot /path/to/domain/root  
ServerName domain.tld  
ServerAdmin webmaster@domain.tld  
ScriptAlias /cgi-bin/ "/path/to/domain/cgi-bin/"  

At your's httpd.conf you might want to include/check for this:

<IfModule ssl_module>  
SSLRandomSeed startup builtin  
SSLRandomSeed connect builtin  
Include /etc/httpd/conf/ssl/*.conf  

In my case i have separated files for domains with ssl certificates, so i include them on the statement above.

And finally make sure you have the OpenSSL pack installed on your server.

That's it, you can generate self signed certificates to test it out.