To create an openssl key in moodle network

To create an openssl key in moodle network

by thierry duvert -
Number of replies: 20

I read all on the forum, but no  key in my moodle network

So

in /mnet/lib.php

i replaced


    $new_key = openssl_pkey_new();
    $csr_rsc = openssl_csr_new($dn, $new_key, array('private_key_bits',2048));
    $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days);

by  (replace by your path to openssl.cnf)

$config = array(
    "config" => "C:/wamp/bin/apache/Apache2.2.9/conf/openssl.cnf"
    );

    $new_key = openssl_pkey_new($config);
 $csr_rsc = openssl_csr_new($dn, $new_key, $config);
 $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days, $config);

and it works, i generated a new key and replaced it...

Any problem in your opinion ?

Average of ratings: Useful (2)
In reply to thierry duvert

Re: To create an openssl key in moodle network

by Sonia Rapado -
Thank you very much!!!
I tried a lot of posibilities and nothing worked. I began to despair. Have you found a bug with this?
Average of ratings: -
In reply to thierry duvert

Re: To create an openssl key in moodle network

by Karen Taylor -
Thanks this seemed to have done the trick... however I am now getting another error

RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

The keys appear to be correct.

Does anyone have any ideas.
Thanks!!
Average of ratings: -
In reply to thierry duvert

Re: To create an openssl key in moodle network

by Eleanor Martin -
Thank you for this, it really helped!
Average of ratings: -
In reply to Eleanor Martin

Re: To create an openssl key in moodle network

by Eleanor Martin -
Although, having said that I now get the No key match error instead.

I can't track it down either. Seems to be a problem with exploding the keypair value called back from the database in environment.php class mnet_environment->get_keypair(). But I have a feeling that the problem is storing the key in the database rather than pulling it back out again.

Anyone got any ideas on this? I'm running xampp on Windows XP using PHP 5 and Moodle 1.9.4. This is two sites on the same localhost using virtualhosts to point to the separate moodle pages.
Average of ratings: -
In reply to Eleanor Martin

Re: To create an openssl key in moodle network

by Jamie Smith -
I too am running a wamp service in Windows and had problems. Here's what I found:
Resources used are found at http://www.webidsupport.com/forums/showthread.php?t=705 AND http://www.php.net/manual/en/openssl.installation.php.

First, you need to provide the correct 'path' to the PHP openssl .dll file in the PHP installation on your drive. See the instructions below:

How do I add my PHP directory to the PATH on Windows?

On Windows NT, 2000, XP and 2003:

  • Go to Control Panel and open the System icon (Start -> Settings -> Control Panel -> System, or just Start -> Control Panel -> System for Windows XP/2003)

  • Go to the Advanced tab

  • Click on the 'Environment Variables' button

  • Look into the 'System Variables' pane

  • Find the Path entry (you may need to scroll to find it)

  • Double click on the Path entry

  • Enter your PHP directory at the end, including ';' before (e.g. ;C:\php)

  • Press OK and restart your computer

Also, you'll need to modify/add the definition of a system variable called OPENSSL_CONF which points to the location of the openssl.cnf file. See process below.
  • OPENSSL_CONF ENVIRONMENT VARIABLE
  • Go to Control Panel – System – Advanced – Environment Variables
  • Add a new system variable OPENSSL_CONF:
  • Variable name: OPENSSL_CONF
  • Variable value: c:\wamp\Apache2\conf\openssl.cnf (or the location on your computer)
Average of ratings: -
In reply to Jamie Smith

Re: To create an openssl key in moodle network

by Dan Marsden -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
or if you're using 1.9.6 or higher, you can just add the path to your config.php as mentioned in the FAQ's here:
http://docs.moodle.org/en/Moodle_Network_FAQ#Moodle_doesn.27t_generate_any_keys_on_the_networking_pages
Average of ratings: -
In reply to Dan Marsden

Re: To create an openssl key in moodle network

by Elaine Blakeman -
I added the line of code to my config.php but still my public key says it expired in 1969.
(using xampp, windows, php5, moodle 2.0 mahara 1.2)

Does anyone know how to resolve this? Thanks.
Average of ratings: -
In reply to thierry duvert

Re: To create an openssl key in moodle network

by Mark Goldberg -
Can't Moodle make php-openssl issues a thing of the past by using a pure-PHP public key crypto implementation? ie. phpseclib's Crypt_RSA?:

http://phpseclib.sourceforge.net/
Average of ratings: -
In reply to Mark Goldberg

Re: To create an openssl key in moodle network

by John Andrewartha -
You have hit on the export license issue that has been around for ever.
The US has some heavy export restrictions on crypt code. Openssl is the work around.
This of course harks back to WWII and then the Cold War.
Another package that was effected was kerberos the origional code had restrictions on the encryption being exported. The nice people at ANU developed the current implementation. I still have memorys of having to get the code for kerberos from South Africa and the ftp taking 12 hours.
Big Brother is still around.

John
Average of ratings: -
In reply to John Andrewartha

Re: To create an openssl key in moodle network

by Mark Goldberg -
I thought those restrictions had pretty much been all but lifted after PGP.

Firefox and Thunderbird include some fairly potent encryption. Diffie-Hellman key exchange, RSA or DSA server signature verification, up to AES 256 encryption, etc. And they don't require OpenSSL be installed on the host OS - they include all the cryptographic routines built-in. Do different laws apply to Moodle? Is there some sort of "Moodle exception" in the existing laws?
Average of ratings: -
In reply to Mark Goldberg

Re: To create an openssl key in moodle network

by Mark Goldberg -
To quote from http://tools.ietf.org/html/rfc2712 :

 The 40-bit ciphersuites defined in this memo are included only for
 the purpose of documenting the fact that those ciphersuite codes have
 already been assigned. 40-bit ciphersuites were designed to comply
 with US-centric, and now obsolete, export restrictions. They were
 never secure, and nowadays are inadequate even for casual
 applications. Implementation and use of the 40-bit ciphersuites"
 defined in this document, and elsewhere, is strongly discouraged.

So, per that, it would seem that the restrictions you're thinking of are no longer in place.
Average of ratings: -
In reply to Mark Goldberg

Re: To create an openssl key in moodle network

by John Andrewartha -
Some of the restrictions may have been lifted. I know that BSD's Openssl bundel won't do one or other of the encryptions. Can't remember which. (Sign of early dementia)
From a developer point it is easier to use what is shipped with the OS. No reinventing the wheel.
John
Average of ratings: -
In reply to Mark Goldberg

Re: To create an openssl key in moodle network

by Dan Marsden -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
It's interesting to note that this is also being raised by the Drupal community:
http://drupal.org/node/609592

I haven't looked much at the phpseclib before - but it seems to be supported predominantly by a single developer.-

Is their Crypt_RSA version the same as the one mentioned here:
http://pear.php.net/package/Crypt_RSA/
(which is no longer maintained)

When Mnet was first conceived, PHPseclib wasn't around (at least not from what I can see)

But - it's always worth looking at ways to improve! - Thanks to Mark for opening up the discussion!

*edit* - also Wordpress:
http://core.trac.wordpress.org/ticket/10348
Average of ratings: -
In reply to thierry duvert

Re: To create an openssl key in moodle network

by az incorp -
Hey man, I've just got a very easiest way to generate openssl key in moodle network for XAMPP server.

Hope this is the right place for me to share this good solution.

follow step by step of my instruction:
1) Open php.ini in your xampp/apache/bin/php.ini
uncomment extension=php_openssl.dll that mean you must remove the symbol of ';'

2) Open config.php in your moodle folder xampp\htdocs\moodle\config.php

3) This is the tricky one. Just include $CFG->opensslcnf ='C:\xampp\apache\bin\openssl.cnf'; -> you must insert the right path to your openssl.cnf and a very simple in xampp you can find it in xampp\apache\bin\openssl.cnf
see the config.php file below with text blue color. I use XAMPP 1.7.0 and Moodle 1.9.7 Stable version and it works.

<?php /// Moodle Configuration File

unset($CFG);

$CFG->dbtype = 'mysql';
$CFG->dbhost = 'localhost';
$CFG->dbname = 'moodle';
$CFG->dbuser = 'root';
$CFG->dbpass = '*****';
$CFG->dbpersist = false;
$CFG->prefix = 'mdl_';
$CFG->opensslcnf ='C:\xampp\apache\bin\openssl.cnf';
$CFG->wwwroot = 'http://localhost/moodle';
$CFG->dirroot = 'C:\xampp\htdocs\moodle';
$CFG->dataroot = 'C:\xampp/moodledata';
$CFG->admin = 'admin';
$CFG->directorypermissions = 00777; // try 02777 on a server in Safe Mode
$CFG->passwordsaltmain = 'Vol!d;`!{[FFFO,YVX5{^;N?9r~G';

require_once("$CFG->dirroot/lib/setup.php");
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
?>

*REMEMBER* Dont try to do something funny to install opensll in XAMPP, reminder... OpenSSL is already installed in your XAMPP machine. Its great, isnt it?? wink

4) Then thats it. Login to administrator > Networking > Setting... now you have generate your key big grin
hope this will help you

5) But i have a problem to generate networking key in MAHARA... have anyone solved the problem? please let me know. TQ
Average of ratings: Useful (5)
In reply to az incorp

Re: To create an openssl key in moodle network

by Dan Marsden -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
yeah - that patch isn't in Mahara yet - will try to get some time to put it in over the next couple of weeks.
Average of ratings: -
In reply to Dan Marsden

Re: To create an openssl key in moodle network

by az incorp -
hai Dan, I've try so much to generate openssl key in MAHARA but it doesnt work,
I have also try this instruction
http://gprasu.blogspot.com/2009/07/mahara-site-not-available-could-not.html

but it also dont work. Mahoodle is an awesome combination. It should makes a lot of changes in online education. I need to present to my bos within this week but I cannot generate MAHARA key by now. Is there any suggestion?
Average of ratings: -
In reply to az incorp

תשובה ל: Re: To create an openssl key in moodle network

by Miki Alliel -
Picture of Translators
hey
thanks' this solution seemed to eliminate my warnings
thanks
Average of ratings: -