|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Experts !!! I Need HELP immediately..! | amol_helwatkar | High Level Programming | 3 | 06-20-2008 01:18 PM |
| forums to hire unix experts | itmgr | Shell Programming and Scripting | 3 | 05-08-2007 07:06 PM |
| Calling All Aix Experts | Courtney3216 | AIX | 0 | 03-17-2006 05:30 PM |
| Need help - from awk, sed experts | Srini75 | Shell Programming and Scripting | 4 | 12-07-2005 08:15 AM |
| Help from lint experts needed | amatsaka | High Level Programming | 2 | 03-29-2002 05:42 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#1
07-10-2008
|
|||
|
|||
|
Apache ssl questions for experts
Hi,
I have configured apache 2.0.59 with mod_ssl to set up a proxy to my app server. Incomming traffic https outgoing http. The listen port for the ssl port is 8050 not 443. When I start the server and I test it i get an error message. I googled for it and found the following expaination. Your error: "[Hint: Subject CN in certificate not server name or identical to CA!?]" means: the Common Name in the certificate is not the same as the ServerName in the URL - e.g. the certificate belongs to abcdef.com but you are using it in a server whose URL is uvwxyz. This makes the browser think your site is impersonating another site and so throws a warning. But what do I have to do to sove it? Cheers Markus 
|
| Forum Sponsor | ||
|
|
|
#2
07-10-2008
|
|||
|
|||
|
You should regenerate your Apache server cert to reflect how people will access from the URL.
However, be noted that if your setup requires name-based virtual hosting this will not work. Make sure you read the following two FAQs and your case does not apply: http://httpd.apache.org/docs/2.0/ssl...q.html#vhosts2 SSL/TLS Strong Encryption: FAQ - Apache HTTP Server
|
|
#3
07-11-2008
|
|||
|
|||
|
Hi,
here my configuration: The simple question is. Is this possible or not? ---------------------- #SSL PORT 1, LISTENS ON BOTH INTERFACES TO MAKE A LATER MIGRATION EASIER Listen web1.service.de2.sp.somecompany.com:58401 Listen web1-fe.service.de2.sp.somecompany.com:58401 NameVirtualHost web1.service.de2.sp.somecompany.com:58401 NameVirtualHost web1-fe.service.de2.sp.somecompany.com:58401 #SSL PORT 2, LISTENS ON BOTH INTERFACES TO MAKE A LATER MIGRATION EASIER Listen web1-fe.service.de2.sp.somecompany.com:58406 Listen web1.service.de2.sp.somecompany.com:58406 NameVirtualHost web1.service.de2.sp.somecompany.com:58406 NameVirtualHost web1-fe.service.de2.sp.somecompany.com:58406 ###################################################################### ### ### Host for HTTPS access ### <VirtualHost web1.service.de2.sp.somecompany.com:58401 web1-fe.service.de2.sp.somecompany.com:58401> ServerName service-lit-uk.sp.somecompany.com SSLEngine on LogLevel warn ErrorLog "|/opt/SP/apacheas/current/bin/rotatelogs \ /opt/SP/apacheas/current/logs/http_error_58401_log.%Y%m%d%H%M 600 120" CustomLog "|/opt/SP/apacheas/current/bin/rotatelogs \ /opt/SP/apacheas/current/logs/http_access_58401_log.%Y%m%d%H%M 600 120" combined SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ProxyPass / http://l1-v10.service.de2.sp.somecompany.com:8081/ ProxyPassReverse / http://l1-v10.service.de2.sp.somecompany.com:8081/ ProxyHTMLURLMap http://l1-v10.service.de2.sp.somecompany.com:8081/ / RequestHeader unset Accept-Encoding SSLCertificateFile /opt/SP/apacheas/current/conf/service-uk.crt/service-uk.cer SSLCertificateKeyFile /opt/SP/apacheas/current/conf/service-uk.crt/service-uk.key SSLProtocol -all +TLSv1 +SSLv3 </VirtualHost> ################################## ### ### Host for OTHER Trigger ### <VirtualHost web1.service.de2.sp.somecompany.com:58406 web1-fe.service.de2.sp.somecompany.com:58406> ServerName service-lit-uk.sp.somecompany.com SSLEngine on LogLevel warn ErrorLog "|/opt/SP/apacheas/current/bin/rotatelogs \ /opt/SP/apacheas/current/logs/http_error_58406.%Y%m%d%H%M 600 120" CustomLog "|/opt/SP/apacheas/current/bin/rotatelogs \ /opt/SP/apacheas/current/logs/http_access_58406.%Y%m%d%H%M 600 120" combined SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 RequestHeader unset Accept-Encoding ProxyPass / http://l1-v10.service.de2.sp.somecompany.com:8050/ ProxyPassReverse / http://l1-v10.service.de2.sp.somecompany.com:8050/ ProxyHTMLURLMap http://l1-v10.service.de2.sp.somecompany.com:8050/ / SSLCertificateFile /opt/SP/apacheas/current/conf/service-uk.crt/service-uk.cer SSLCertificateKeyFile /opt/SP/apacheas/current/conf/service-uk.crt/service-uk.key SSLCACertificateFile /opt/SP/apacheas/current/conf/service-uk.crt/ca.cer SSLProtocol -all +TLSv1 +SSLv3 </VirtualHost> ------------------------------------
|
|
#4
07-11-2008
|
|||
|
|||
|
I think your case matches the name-based virtual hosting scenario mentioned in the FAQ, and dedicated SSL is only possible if you can switch to IP-based virtual hosting (that means multiple IP addresses one for each virtual host).
|
|||
| Google The UNIX and Linux Forums |
Linear Mode
