How To Remove HTTPS Certificates From iSeries

General discussion on Zend Server for IBM System i
Post Reply
sikxz8_97rbi2vanvtvk
Posts: 22
Joined: Thu Jan 31, 2013 10:40 am
Location: Southampton, UK
Contact:

How To Remove HTTPS Certificates From iSeries

Post by sikxz8_97rbi2vanvtvk » Fri Dec 19, 2014 4:10 pm

A long (long long long maybe 8 years or more) time ago, my predecessors did install certificates on our old iSeries and try to use this, but I have no idea how they set it up, and our IT Manager doesn't want us to use HTTPS on our current system as it is believed that the impact will slow the system down too much.

The web sites all run fine, except for Wordpress, which is used on our B2C site to provide news for our customers, and this runs horrendously slow, especially the back end functions. It is so bad in fact, that it's almost impossible to install plugins or to perform some admin tasks because the scripts time out (we have a 30 second time out set).

Although Apache is not configured to use HTTPS, when I look at the results of the HTTPS Tester plugin I get the following:

HTTPS Tester

Since WordPress 3.7, all communication to WordPress.org is attempted over HTTPS, this is to improve security and make it harder for someone to perform a MITM attack against a WordPress site.

Unfortunately, there have been reports that some hosts configurations are not allowing it to work, this plugin is used to debug it and find out what's going on.

[PASS]: Your WordPress install claims to support HTTPS Connections
[PASS]: Checking that the HTTPS Root Certificate bundle exists and is accessible
[PASS]: cURL is installed and supports SSL communication, cURL Details: version_number=464128; age=3; features=533; ssl_version_number=0; version=7.21.0; host=powerpc-ibm-aix5.1.0.0; ssl_version=OpenSSL/0.9.7d; libz_version=; protocols=dict,file,ftp,ftps,http,https,imap,imaps,pop3,pop3s,rtsp,smtp,smtps,telnet,tftp
[PASS]: OpenSSL is installed. OpenSSL 0.9.7d 17 Mar 2004 9465935
[PASS]: Checking if stream_socket_client exists
[PASS]: Checking if openssl_x509_parse exists
[PASS]: Verifying api.wordpress.org resolves correctly.
[FAIL]: [Streams] Communication with WordPress.org failed with error: [http_request_failed]: The SSL certificate for the host could not be verified.
[FAIL]: [Streams with a POST body] Communication with WordPress.org failed with error: [http_request_failed]: The SSL certificate for the host could not be verified.
[FAIL]: [cURL] Communication with WordPress.org failed with error: [http_request_failed]: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
[FAIL]: [cURL with a POST body] Communication with WordPress.org failed with error: [http_request_failed]: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
[INFO]: PHP Version: 5.4.29


This seems to indicate that part of the ssytem thinks that HTTPS is installed, but there are problems with it.

Having given this a lot of thought, I can only think that maybe the settings and certificates were copied over from our old iSeries when this system was installed.

If that is the case, I wondered if it would be possible to "uninstall" them so that Wordpress thinks HTTPS is not installed, and I am thinking that this might eliminate the script timeouts, which Code tracing seems to point to functions like Curl trying to run using HTTPS.

If that worked, it would have a huge impact on our web site performance, but to be honest I haven't dealt with HTTPS before and with only a production environment, I am nervous about changing things without knowing that it's the right things.

If this could be achieved, and we could back out of HTTPS properly, it would be nice to add it back so that the back end of Wordpress will work properly and we can then upgrade it to the latest version.

Any help and suggestions would be much appreciated.
Tony Payne
Draper Tools Ltd
Chandlers Ford, UK
http://www.drapertools.com

zend_i5
Posts: 158
Joined: Mon Mar 23, 2009 5:22 pm

Re: How To Remove HTTPS Certificates From iSeries

Post by zend_i5 » Sun Jan 18, 2015 1:42 pm

It looks like that WordPress HTTPS settings are defined in WordPress URL definition. Go to Settings > General and make sure that the WordPress Address (URL) and Site Address (URL) is http and not https

SSL usage in IBMi requires SSL directives entries in Apache httpd.config file. For example:

#SSL start
LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
SetEnv HTTPS_PORT 443
SSLEngine On
SSLAppName SSL-APPL_NAME
#SSL end

Post Reply