httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mehta, Anish" <ame...@verisign.com>
Subject RE: [users@httpd] Issue with SSL configuration.
Date Thu, 30 Oct 2008 14:21:16 GMT
Define following in your httpd.conf. This will change the URL to HTTPS
even if someone types in HTTP.

 

Listen *:80

 

<VirtualHost *:80>

    ServerAdmin info@something.com

    

    RewriteEngine On

    RewriteCond          %{HTTPS} !=on

    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

    

    Header unset X-Powered-By

</VirtualHost>

 

Then make changes to your httpd/conf.d/ssl.conf VirtualHost
configuration as follows:

 

<VirtualHost _default_:443>

 

# General setup for the virtual host, inherited from global
configuration

DocumentRoot "/var/www/html"

ServerName <IP address of the web server>:443

ServerAdmin admin@something.com

 

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

 

SSLEngine on

 

SSLProtocol -ALL +SSLv3 +TLSv1

 

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

 

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

 

<Files ~ "\.(cgi|shtml|phtml|php3?)$">

    SSLOptions +StdEnvVars

</Files>

<Directory "/var/www/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

 

SetEnvIf User-Agent ".*MSIE.*" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

 

CustomLog logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

RewriteEngine On

    RewriteCond          %{HTTPS} !=on

    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

 

</VirtualHost>

 

If your application was working without SSL, it should work with SSL
(HTTPS URL) after you make these changes

 

Regards,

AM

 

________________________________

From: Vasanth Kumar ravi [mailto:josvasanth@gmail.com] 
Sent: Thursday, October 30, 2008 1:30 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Issue with SSL configuration.

 

All,
Can someone throw light on this issue.

Thanks.

On Wed, Oct 29, 2008 at 4:28 PM, Vasanth Kumar ravi
<josvasanth@gmail.com> wrote:

Thanks folks..
After posting this in the forum , I did an extensive research on the
internet and it was resolved.
Major problem was due to the Virtual host configuration..Now i am able
to use the SSL at the apache level.

wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:362)
         port 443 namevhost gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:362)
         port 443 namevhost gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:376)
*:80                   is a NameVirtualHost
         default server gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:332)
         port 80 namevhost gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:332)
         port 80 namevhost gelxd002.sony.com.sg
(/home/apache/conf/httpd.conf:343)

I need your help in some configuration ideas.
I m trying to setup something like the below.
Client <---SSL---> Apache <---HTTP---> WebLogic

I request http://<hostname>/OPSWeb/neo from the browser and it goes to
the login page and I am able to perform all the functions.
When I request https://<hostname>/OPSWeb/neo , it doesnt give a login
page, but it gives a pop-up in IE "Access is Denied. Type Error"
As stated earlier, I need to have HTTPS between the browser and the web
server and HTTP between the Apache and Weblogic.
Also there is no SSL enabled at the Weblogic level.

Do we have to write some ProxyReverse Parameters/Rewrite rules.
Let me know if you need any further details.

Please advise.






On Tue, Oct 28, 2008 at 10:35 PM, Krist van Besien
<krist.vanbesien@gmail.com> wrote:

On Tue, Oct 28, 2008 at 3:36 AM, Vasanth Kumar ravi
<josvasanth@gmail.com> wrote:

> SSLCertificateFile /usr/share/ssl/certs/server.crt/
> SSLCertificateKeyFile /usr/share/ssl/certs/server.key/

The argument to SSLCertifacateFile and  SSLCertificateKeyFile is a
_file_, not a directory. Just enter the full path to your cert and
private key here.


> I had copied the certs to the openssl certs directory and created
hashlinks
> for them.

Creating hashkeys is not necessary. Apache knows where to find its
cert if you give  SSLCertificateFile the correct value.

Krist

--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
  "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





-- 
Regards&Thanks,
Vasanth Kumar Ravi




-- 
Regards&Thanks,
Vasanth Kumar Ravi


Mime
View raw message