I am currently experiencing problems with php+SSL. We are getting visitors to our site who get the Internet Explorer "This page cannot be displayed" message.

just wondering, is there anyone on this list that has sucessfully managed to use php within an ssl connection for things like order forms and the like without getting any error messages, or that have minimized the error messages so that at least less than 10% of visitors get it.

If so I am interested in knowing what you do to manage that, what os you are using, and any other info that could help me out, like apache build, ssl build, php build etc.

Thanks much for any assistance,

Jeff

FINALLY! Someone else having the same problem as us! We are submitting forms within an https area, and it works on our development server but not the production server (we get that "page cannot be displayed" error as well, and only under IE, either 5.0 or 6.0 beta, but not Netscape). I also tried building a smaller mockup of the page on the production server, and can't get it to crash, but the fullblown page definitely does. I think the form submission is actually going through, but then we are trying to do a relocate:

header("Location: " . $gtxNextPage);

to go to the next page, and I think that's where it crashes. Why the error is so inconsistent and hard to reproduce is beyond me.

Anyone out there have any ideas?

Peter Fisera
UV Media

We are not able to reproduce this error ourselves, so far only visitors to our site can re-produce it.

Just curious, are your two machines ( testing / live ) the same setup? What is the difference?

We recently added this code to our httpd.conf file within a virtual domain section:

we tried setting this to fix our SSL error messages [altahost]

SetEnvIf User-Agent ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

But we are not sure it works yet because we are not able to reproduce the error. Have you tried this workaround?

Jeff

WOW!

I've been getting this problem too and I just can seem to figure it out. I know that it happens not only with PHP but also CGI scripts.

The only solution I've heard of is to put this in the appropriate area of your httpd.conf file somewhere within a VirtualHost area:

SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

Keep us posted on any solutions guys!

Can you give us a hint as to what we can do? :-)

I am having this problem also, check out my posting at:

http://www.phpbuilder.com/forum/read.php3?num=1&id=134260&loc=0&thread=134260

I have already tried the SetEnvIf directive in the httpd.conf and unfortunately it doesn't eliminate the problem.

I'm happy to say that I found a workaround for this issue on my Cobalt RaQ4i. It is based on the fix from:

http://www.modssl.org/docs/2.6/ssl_faq.html#io-ie

Since RaQ's are setup somewhat differently, here's how it's done.

CHANGE /etc/httpd/conf/httpd.conf FROM THIS:

if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}

TO THIS:

if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SetEnvIf User-Agent \".MSIE.\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SetEnvIf User-Agent \".MSIE.\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}

THEN RESTART APACHE WITH: /etc/rc.d/init.d/httpd restart

Done!

I nolonger have a Raq machine but when I did we tried several fixes which did not work. Finally we were able to fix this problem by adding code the site(s) with the problem.

This is what we added to the virtual site section:

SetEnvIf User-Agent ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

It works. Currently I am using Redhat 7.1 OS but did not check to see if we had the problem there. I just implemented that fix and everything works fine.

Took me months to figure out to fix that stupid problem.

Hope that helps.
Jeff