Debian Install SSL Certificates for Apache OpenSSL

Something else that I do not do often and have never documented is the install of an SSL certificate on Debian servers for use with Apache / OpenSSL. For this post I am assuming that an existing SSL certificate has been purchased. I use a lot of wildcard certificates for multiple servers rather than a certificate per site / server.

Go to this directory

[text]# cd /etc/ssl/private/[/text]

By default there is a self-signed certificate key ssl-cert-snakeoil.key in the directory

This directory is restricted to root user and ssl-cert group.

Using an existing certificate, key, and intermediate certificate, create a file for each in the same directory.

Change the relevant ownership

[text]# chown root:ssl-cert *[/text]

and change the access

[text]#chmod 640 *[/text]

This should provide something like:

[text]

/etc/ssl/private# ls -la
drwx–x— 2 root ssl-cert 4096 Apr 14 12:12 .
drwxr-xr-x 4 root root     4096 Mar 28 08:41 ..
-rw-r—– 1 root ssl-cert 1589 Apr 14 12:11 mydomain-intermediate.crt
-rw-r—– 1 root ssl-cert 1704 Mar 20 23:25 ssl-cert-snakeoil.key
-rw-r—– 1 root ssl-cert 2049 Apr 14 12:10 mydomain-cert.crt
-rw-r—– 1 root ssl-cert 1678 Apr 14 12:13 mydomain-key.key

[/text]

Ok, now off to the Apache config

[text]# cd /etc/apache2/sites-available/[/text]

and edit the site file that is relevant so that the Virtual Host *:443 section includes the correct paths to the above certificate files

[text]
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateChainFile "/etc/ssl/private/mydomain-intermediate.crt"
SSLCertificateFile "/etc/ssl/private/mydomain-cert.crt"
SSLCertificateKeyFile "/etc/ssl/private/mydomain-key.key"

[/text]

If there is no Virtual Host *:443 section then there should be an existing VirtualHost *:80 for the website and this can be copied / duplicated in the same file, just change the port in the copy from 80 to 443 and insert the above Example SSL lines at the bottom of the new section above the closing tag.

If Apache is a fresh install it may not have SSL enabled

[text]#a2enmod ssl [/text]

Test Apache syntax

[text]#apachectl -t [/text]

Restart Apache
[text]#apachectl graceful [/text]
or
[text]#service apache2 restart [/text]
depending on what you need for existing sites on the server.

 

eCommerce Platforms, On-line Shops, Web store, Cloud Trading

Call it what you will, the on-line sales process kicked-off barely 20 years ago, and I opened my first store in 1999, and swapped into osCommerce in 2000 / 2001 and stuck with it until last year.

I have worked with a large number of eCommerce solutions and other open source platforms over the years for myself and clients.

With a lot of other pressures I stopped searching and became complacent with my store leaving it run for too many years without an update. I worked with clients modifying platforms to suit their needs but in following the osCommerce method of hard-coding so much of the system any chance of a simple upgrade path was killed in a forked path that ultimately leads to a dead-end.

So, what to do next?  The open source store market is flourishing with more offerings than you can ‘poke-a-stick-at’.

There are pure open-source solutions, open-source commercial products, 2-tier open / commercial offerings, pure commercial tools, as well as a lot of noise from service providers.

Bricks and mortar stores have been changing, large shopping malls are being up-sized, or stagnating, with empty floor space. What-ever cannot be sold by mail-order is still viable in-store, but there are only so many coffee-shops, hair-dressers, nail salons, etc. that can survive in a centre, but I digress.

So for the mail-order products, i.e. anything that can be posted, parceled, or containerised, is eligible for an ecommerce site. Is anyone not selling on-line ?  While it may seem that everything is on-line it is simply not the case.

Some studies show that consumers still want a physical shopping experience.

http://www.businessnewsdaily.com/7756-online-shopping-preferences.html

http://smallbiztrends.com/2014/08/consumers-prefer-shopping-in-a-store.html

There is also an older but more in-depth commentary from the Harvard Business Review on physical vs ecommerce.

In Australia, government studies from only 18 months ago, showed that small and medium enterprises a lagging in this country with their on-line presence and capability. There are obviously still great opportunities in all markets for any business to commence their on-line presence and include on-line trading in one form or another.

So, #1 there is a large percentage of businesses not online who could be, and #2 consumers will make use of both bricks and mortar and virtual stores without exclusion of one over the other.

So the questions that I am trying to answer include: What is the answer (and is that answer singular?) to on-line trading for Australian businesses? What platforms will provide a good solution now and potentially the future? What are the strategies that will work to marry both a shop of bricks and one of ether ?

Particularly I am interested in retail and small end retail, the Mum & Dad store that many years ago was in a strip-centre of a dozen stores or less.

I don’t have answers but I am working on them.

osCommerce 3 the Un – roadmap

Hmm,  what you will not find here is a roadmap.

To paraphrase a StarTrek statement “She’s dead Jim!”.

Well, probably not dead to the handful of folks that are intimately engaged with it,2015-03-31 20_08_36-Pulse · osCommerce_oscommerce · GitHub but to the outsiders like myself, a long-term, like I have been a since-it-started user, I only need to look at the GitHub repository and note that it does not have a pulse.

 

Reviewing the commits shows that even Harald 2015-03-31 20_08_19-osCommerce_oscommerce · GitHubhas been silent on the V3.0.x version with nothing for over 3 years, and even then the ‘latest’ stuff includes items from 4 years ago, and a solitary update to a ‘ReadMe’ file 2 years ago.

2015-03-31 20_09_09-Contributors to osCommerce_oscommerce · GitHub This GitHub activity graph highlights the few peaks and mostly troughs of in-activity and only two players involved.

This was all a snap-shot from GitHub at 31/3/2015. It might have changed since and you can check the latest at https://github.com/osCommerce/oscommerce/graphs/contributors

 

Why am I publishing this?  I need to be sure that the platform I am using and recommending to clients is contemporary and of value. I have long campaigned as a pro open-source user and developer (albeit part-time as most OS people are). Seriously, version 2 of osC and all the forks, including osCmax, which has been a favourite for a number of years, have all fallen behind in terms of ability to deliver. The causes include developer needs being satisfied, end-users engaging with developers and then not wanting to invest any more time or cash, GFC’s or similar global phenomena, general apathy, and the fact that for an OS developer, you invest a stack of time for the joy of making it work, and that rush stops working.

Responsive templates, Google Mobile testing, image management, are all critical these days, and a platform that is struggling to remain relevant is not a path I think we should persist with.

Granted, version 2 of osCommerce has been kind of active and still has a strong community, but is it relevant, even if the plan is to, perhaps one day, reach an automated migration from 2.x to 3.x, if v3.x is already 9 years out-of-date. (osC 3 was first actively promoted in September 2006)

Technology moves too damn fast, time to move on.

NextGen Gallery image file name change thumbnail error occurred

The NextGen Gallery is one of the plugins that I use on lots of WordPress sites.

I’d never struck this before and the information from all the blogs and forum posts I looked at did not or could not resolve how to fix this issue.

The situation arises when you rename an image file directly in the file manager, or in my case the linux command line. The filename is actually stored in the database in the wp_ngg_pictures table and for manual correction you would expect that updating the filename column would be sufficient.

Then selecting the image and the recreate thumbnail option is expected to do just that, but it doesn’t. You may see an “error occurred” message in the thumbnail creation screen but it is not a helpful message.

The issue is in fact that the thumbnail details are stored in another column called metadata in the same table and this column is referenced for the thumbnail update and not the filename, i.e. NGG is still the original thumbnail filename and recreating that file not the new file.

There are two steps required, change the filename in that column and delete the metadata field value back to null or empty. Then you can re-create your thumbnails and they will work with the new filename.