Provider Setup

From regify WIKI
Jump to: navigation, search

Setup Hints

OUTDATED! Dont use this document anymore!

PHP

Include PHP in the following way (Windows only):

LoadModule php5_module "C:/php/php5apache2_2.dll"
AddType application/x-httpd-php .php
PHPIniDir "C:/php"

Change the following dir_module entry to also use index.php:

<IfModule dir_module>
     DirectoryIndex index.php index.html
</IfModule>

If you are getting the error Faulting application php.exe, version 5.3.5.0, faulting module php5ts.dll, please try those solutions:

  • copy libmysql.dll from the newest php folder to apache/bin folder (rename old version).
  • comment extension=php_threads.dll (disable this extension)
  • check, if extension_dir = ".." is correctly set (use full path, no end-slash)


DO NOT USE PHP 5.3.7! There is a bug in this release that affects regify security.

E-Mail

In order to allow the regify-provider e-mail sending, you need to configure the e-mail account to allow sending without authentication.

Here is a small hint for Exchange administrators:

  1. Within the EMC under Server Configuration -> Hub Transport , create a new Receive Connector.
  2. On the "Remote Network" settings tab you enter the IP-address from the server that needs to send e-mail trough your exchange without authentication.
  3. After completing the wizard right click the rule and choose "properties".
    1. Permission Groups tab -> Exchange Server (enable).
    2. Authentication tab -> TLS (already enabled) + externally secured (enable).


If you like to check the mailsystem, please ensure that the tasplaner(cronjob task for mailsens is running. Upon this, you can create test-mails using this SQL statement (please use the correct schema like use regify):

INSERT INTO tblmailjobs(
    RECIPIENTMAILADDRESS, 
    TEMPLATEID, 
    LANGUAGECODE, 
    SUBPROVIDERID
) VALUES (
    'meineMailadresse@provider.de', 
    1, 
    'DE', 
    1
)


Apache

no Apache hints until now


MySQL

If you install the database on Linux systems, the case-sensitiveness may cause problems. Because of this, you need to configure the /etc/my.cnf configuration file:

  • old_passwords = 0 -> to avoid connection problems (only if there are problems)
  • lower_case_table_names = 1 -> to threat MySQL to use all table-names in lowercase

If you need to restart MySQL, you can use the following statements:

  • /etc/init.d/mysqld restart (redhat/fedora)
  • /etc/init.d/mysql restart (debian/ubuntu)


Oracle

During installation, one should note that the correct characterset to choose is NLS_CHARACTERSET: AL32UTF8. Otherwise this needs a great effort to change later. After setup, you should check and correct the number of processes. Best is, to call the following statement:

ALTER SYSTEM SET PROCESSES = 300 SCOPE = SPFILE;

Now you should create the new schema "regify" (Table Space). Furthermore, a user is required, which has full access to this scheme. To create the database structure now, you have to edit the sup_create_oracle_structure.php script (eg using PSPad or Notepad++). You can find it at REGIFY_HP/REGIFY_PUBLIC/ADMINISTRATION/sup_create_oracle_structure.php. Please change the access parameters to fit to your environment (begins at line 17). After saving, you can call the file using a browser:

http://providerurl/ADMINISTRATION/sup_create_oracle_structure.php?x=rgf178WPg

This should now create the database structure and also enter the first data you need to start.


Linux x32 vs x64

In order to be able to run the CryptoServer (32 bit application) on a x64 system, you need to install the ia32-libs on your system (this is about 120MB of size).

For RedHat/CentOS systems:

sudo yum install ia32-libs

For Debian based systems:

sudo apt-get install ia32-libs


SSL certificates

We found out, that SSL certificates from RapidSSL caused problems on some mobile devices (Android).

We've had good results with Limitbreaker certificate from http://www.psw.net and Thawte SSL123 certificate.


Subprovider setup

In case you having seperate SSL certificates for different IP addresses, please ensure that the name of the host computer is not the same like on of the hosted domains. For example, your domain is test.com and your computer name is regify. The complete hostname of your computer now is regify.test.com. This is bad, if you like to host a page with regify.test.com as public domain. The cURL stack of the regify commandline client (and IE!) will have problems to locate the correct IP, even if DNS works fine (error 58). We currently do no know the reason, but renaming the computer to something like regify-host fixes the problem.


Others

If you have problems installing the cryptoserver service on Windows (not found in service-list), try to start the commandline-shell using "run as administrator". Now your shell has administration-rights and you can call cryptoservermanager install again.


If online creation of regify messages fails with error 2, there are several possible reasons:

  1. Is there a certificate-error? The regify SDK error-log may give you informations about this.
  2. Are there problems accessing the site because of missing the provider-url in the Trusted Sites zone? You can add the URL by opening gpedit.msc and browsing
    User Config > Admin Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
    and adding the policy: Site to Zone Assignment List. Any site you add to the list with a value of 2, will be in the trusted sites zone (eg 'https://regify.provider.domain').

Update php version for provider 3.3

Use the following setups (always using threadsafe versions):

  • httpd-2.2.23-win32-VC9.zip
    • edit httpd.conf
    • ensure DirectoryIndex index.php index.html
    • ensure LoadModule php5_module "C:\php53\php5apache2_2.dll"
    • ensure AddType application/x-httpd-php .php
    • ensure PHPIniDir "C:\php53"
  • php-5.3.14-win32-VC9-x86.msi
    • ensure short_open_tag = On
    • ensure display_errors = Off
    • ensure display_startup_errors = Off
    • ensure some valid error_log = logfile
    • ensure register_globals = Off
    • ensure include_path = ".;c:\...\provider\REGIFY_INCLUDE;C:\...\includes\php\src"
    • ensure session.use_cookies = 1
    • ensure session.use_only_cookies = 0
    • ensure session.hash_function = 1
    • ensure session.hash_bits_per_character = 5
    • comment all unused extensions like extension=php_pgsql.dll
    • ensure date.timezone = "Europe/Berlin" (or adequate)
    • ensure apc
      • extension=apc_3113_beta_php53_vc9.dll
      • apc.rfc1867=on
    • enable extension=php_cryptoc-5.3.dll