Category: Technology

PHP + cURL + CA bundle + Plesk = SSL issue?

I corrected an issue with the above products on my friend’s server today. Supposedly, the payment processor changed the SSL certificate used by their payment server and broke cURL payment processing for clients. The server in question was running Plesk 8.1.1 and CentOS.

Since the fix isn’t published online, I’ll post my fix here.

I noticed quite a few posts mentioned the cURL ‘-k’ or ‘–insecure’ flag, which does not verify the SSL certificate (eg. if a self-signed certificate is being used). If you can’t verify a SSL certificate, then its authenticity is questionable. The ‘-k’ flag does NOT send communications in clear-text, as I previously noted (sorry!). That’s not something I approve of, nor something I would recommend to a friend or client.

So, what to do? First of all, I determined the path to the cURL CA bundle on the system.

grep -ir “curl” /etc
/etc/init.d/psa:CURL_CA_BUNDLE_FILE=/usr/share/curl/curl-ca-bundle.crt

From the output above, we determine that Plesk is looking for the cURL CA bundle in /usr/share/curl/ and that the filename should be curl-ca-bundle.crt.

Next, we need to download cacert.pem from http://curl.haxx.se/docs/caextract.html. I recommend using wget to download it to your server directly. You will need to rename the file to curl-ca-bundle.crt once it’s downloaded.

Copy curl-ca-bundle.crt to /usr/share/curl. If you get an error stating the path doesn’t exist, then you will need to create it using mkdir -p /usr/share/curl. Once the path exists, copy the file to the new path: cp curl-ca-bundle.crt /usr/share/curl.

This is where it gets tricky. Open curl-ca-bundle.crt in vim or your favorite editor and search for “Equifax Secure Global eBusiness CA”. Copy everything in the block, including that text and including END CERTIFICATE. We need to copy that block to one more file (search for ca-bundle.crt on your system): /usr/share/ssl/certs/ca-bundle.crt. Append the block to the bottom of the file. Remember to press ENTER after the last line. Of course, remember to ask your payment processor who their SSL vendor is and use the correct block.

Next, simply restart the Apache process: service httpd restart

That’s it. You should now be able to process transactions using cURL and SSL.

Windows XP Service Pack 3 Released

Microsoft released the last major update to its Windows XP operating system on Tuesday.

Since several people have already asked me, you can download it by clicking here (32-bit version). It weighs in at about 316 MB, so it may take awhile to download depending on your Internet connection.

Some users have complained about various issues installing SP3, ranging from random crashes to endless reboots. However, none of the seven systems (all Windows XP Pro) I updated had any issues. Well, one did. I decided to install SP3 on a co-worker’s laptop over an UNC share and the installer didn’t like that too much. Once I copied it to the desktop, the installation went smoothly. At home, I installed SP3 on a couple of systems over a network connection without any issues.

A Microsoft PDF summarizes all of the changes in SP3: click here to view it. I believe this service pack includes 1224 bug fixes (cumulative since first release).

I’ve been running SP3 for a few days now and it seems stable. Of course, if it doesn’t work out, you can always uninstall it :-)

Intel Core 2 Duo E8400 vs E6400

I finally managed to get my hands on the highly sought Intel Core 2 Duo E8400 CPU.

I’ve been waiting weeks for my reseller to receive stock on the CPU. I kicked myself for not purchasing it earlier from another reseller, as it fell to a low of $199, and recently the price surged to $260 due to a shortage of the CPU’s. I managed to acquire it for $222, which was a price I was willing to pay.

The Core 2 Duo E8400 is one of Intel’s first 45 nm CPU’s. Intel’s 45 nm CPU’s consume less power and run cooler than their 65 nm (Conroe) counterparts. They are also very overclockable. The CPU (stock) is currently running at 24C, which is significantly cooler than my E6400 at 40C.

I ran wPrime v1.61 to compare the computing power of both CPU’s. wPrime is a multithreaded benchmark that calculates the square-roots of large amounts of numbers — 32 million in this case. For this benchmark, I used Gigabyte’s P35-DS3L v2.0 motherboard (BIOS revision: F8b).

Intel Core 2 Duo E8400 (3.00 GHz): 32M test completed in 26.952 seconds.
Intel Core 2 Duo E6400 (2.13 GHz): 32M test completed in 41.297 seconds.

I realize it’s not a fair clock-for-clock comparison, but it shows the sheer computing power of each CPU. Simple math shows us that the E8400 should be approximately 29% faster than the E6400. The E8400 beat the E6400 by a significant margin (as expected), 34.7%, using a combination of higher clock speed, a faster FSB (1333 MHz vs 1066 MHz) and more L2 cache (6 MB vs 2 MB).

Given the price point of the new Intel 45 nm CPU’s (T8xxx/T9xxx), I recommend waiting out and purchasing them over the current Conroe / 65 nm CPU’s (T5xxx/T7xxx).

Upgrading Red Hat 9 to CentOS 4.5

It’s been a few months since I last posted an entry to my blog. Life has been busy. This blog has been busy, in terms of web traffic to my Anonymous Letters and Starbucks posts below.

Time for a tech post. I had the privilege of upgrading an ancient Red Hat 9 Linux box to CentOS 4.5. Red Hat Linux has been EOL for a very long time, and was superceded by Fedora, which has had seven major releases. That’s the equivalent of running Windows 3.1 😉 Well, not quite :) Anyhow, the box at hand appeared to be a custom web server. I will outline the steps I used to successfully upgrade it to CentOS 4.5.

1. Download the CentOS 4.5 CD set or DVD image from www.centos.org.
2. Put in CD 1 or the DVD image.
3. Reboot the old Red Hat 9 box and ensure that the BIOS allows booting from the CD/DVD drive.
4. Enter the following at the linux boot prompt and press Enter: linux upgradeany
5. The system will happily hum along while Red Hat 9 is upgraded to CentOS 4.5.
6. If ‘yum’ wasn’t installed, you will need to install it:
rpm -ivh http://centos.arcticnetwork.ca/4.5/os/i386/CentOS/RPMS/python-elementtree-1.2.6-5.el4.centos.i386.rpm
rpm -ivh http://centos.arcticnetwork.ca/4.5/os/i386/CentOS/RPMS/sqlite-3.3.6-2.i386.rpm
rpm -ivh http://centos.arcticnetwork.ca/4.5/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -ivh http://centos.arcticnetwork.ca/4.5/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
rpm -ivh http://centos.arcticnetwork.ca/4.5/os/i386/CentOS/RPMS/yum-2.4.3-3.el4.centos.noarch.rpm
7. Now, run the following command and press Enter: yum update
8. Allow yum to run and update the required packages. Reboot if yum downloads and installs a new kernel.
9. Since the box in question had a custom Apache and PHP configuration, I reinstalled them manually:
yum install httpd
yum install php
yum install mysql
yum install mysql-server
yum install php-mysql
10. I had to update the MySQL configuration to point to the correct socket:
Update my.cnf:
socket=/var/lib/mysql/mysql.sock
instead of
socket=/tmp/mysql.sock
and add the following to use your existing database passwords
old_passwords=1
11. Copy any required PHP extensions to new system path:
cp -R /usr/local/lib/php/extensions/* /usr/lib/php4
12. Edit /etc/php.ini:
error_reporting = E_ALL & ~E_NOTICE
extension=mysql.so
13. Finally, set services to start up automatically:
chkconfig –level 345 httpd on
chkconfig –level 345 mysqld on
chkconfig –level 345 sendmail on
14. There you have it. The server should be happily running CentOS 4.5 now. Remember to keep it up-to-date by running yum update regularly.

Now Running Ubuntu Server 7.10

I got a little ahead of myself today and decided to upgrade to the latest release of Ubuntu. On the release date, no less.

I shelled into my server remotely and executed the required upgrade command (one-liner: sudo apt-get install update-manager-core && sudo do-release-upgrade). The new installer detects if you are running it via a SSH session and automatically spawns a “backup” SSH session on port 9004. The reason for this is if the main SSH connection disconnects, you can continue by using the backup session on port 9004. A very good move, in my opinion. Someone must have been reading my blog 😉

The download process took a little over 2.5 hours, at a pathetic 22 KB/s. An overloaded US Ubuntu server was to blame, but was expected. I normally receive updates from the Ubuntu server at over 600 KB/s. That tells you how overloaded their server was.

The installation itself went smoothly, but for some odd reason ntp was removed upon installation. A quick Google search proved that there were problems with the ntp daemon and client. Again, a recompile of eAccelerator was necessary due to the new PHP version included with Ubuntu 7.10: PHP 5.3.2.

I’ll update this blog post once the ntp issue has been resolved.

Update:

Running sudo apt-get install ntp installs the ntp daemon again.

Now Running Ubuntu Server 7.04

I finally decided to upgrade my Ubuntu Server 6.10 install to the latest version, 7.04 (Feisty Fawn). Out of habit, I now wait a few weeks before upgrading to the latest version of anything to ensure any last minute bugs get worked out.

Best of all, I upgraded the entire OS remotely using SSH. Upgrading your OS remotely is usually not a good idea, but if you know what you’re doing, go for it! Ensure you backup any custom/modified configuration files just in case you press a wrong key during the upgrade! :) The upgrade worked well, with the exception of recompiling eAccelerator (to work with PHP 5.2.2) and updating a line (see below) of code in WordPress to make everything work smoothly.

Immediately following the upgrade, I noticed that my WordPress blog was loading very slowly and I also noticed random strings of hexadecimal characters at the top of the main blog page.

If you upgrade your server to Ubuntu Server 7.04 and run WordPress 2.1.x, ensure that you change line 832 in wp-includes/functions.php to the following (all on one line):

@header($_SERVER[“SERVER_PROTOCOL”].” “.$header.” “.$text, true, $header);

Once you make the above change, your blog should load normally.

Update (5.15.2007):

With WordPress 2.2 (released today), the aforementioned WordPress fix is now irrelevant.

Configuring Ubuntu – Part 2

Opps. I just checked a few of my older blog posts and quickly realized I neglected to post part 2 of my ‘Configuring Ubuntu – Part 1’ guide.

Well, here it is!

By default, Ubuntu Server installs MySQL and PHP. However, it doesn’t tweak the system for performance. If you run a WordPress blog on your server, you may not realize that your blog could run more efficiently. WordPress relies on both PHP and MySQL. PHP scripts need to be read from a server’s hard drive, parsed by the web server software and then executed. Wouldn’t it be nice if the server could just skip the first two steps and just execute PHP scripts as quickly as plain HTML?

That’s where eAccelerator comes in. eAccelerator is a free, open-source PHP accelerator and cache. I’ve been using it for nearly seven years on personal and commercial servers. In other words, it’s very stable for a free product.

Let’s get started.
Continue reading “Configuring Ubuntu – Part 2”