Difference between revisions of "Scalix with https"

From Scalix Wiki
Jump to: navigation, search
 
Line 2: Line 2:
  
 
  root@scalix:~# yum install -y mod_ssl.i386 openssl.i386 openssl-devel.i386
 
  root@scalix:~# yum install -y mod_ssl.i386 openssl.i386 openssl-devel.i386
 +
 +
Modify file of openssl
 +
 +
root@scalix:~# vi /etc/pki/tls/openssl.cnf
 +
 +
        countryName_default            = SP
 +
        stateOrProvinceName_default    = Barcelona
 +
        localityName_default            = Sabadell
 +
        0.organizationName_default      = Ilba
 +
        organizationalUnitName_default  = Ilba
 +
 +
Change directory and create the certificate
 +
 +
root@scalix:~# cd /etc/pki/tls/misc/
 +
root@scalix:/etc/pki/tls/misc# ./CA -newca
 +
root@scalix:/etc/pki/tls/misc# ./CA -newreq
 +
root@scalix:/etc/pki/tls/misc# ./CA -sign
 +
root@scalix:/etc/pki/tls/misc# mkdir /var/myCA
 +
root@scalix:/var/myCA# cp -a /etc/pki/CA/cacert.pem cacert.pem          <- Clave pública (CA)
 +
root@scalix:/var/myCA# cp -a /etc/pki/CA/private/cakey.pem cakey.pem    <- Clave privada (CA)
 +
root@scalix:/var/myCA# cp -a /etc/pki/tls/cert.pem cert.pem            <- Certificado Servidor
 +
root@scalix:/var/myCA# cp -a /etc/pki/tls/misc/newcert.pem newcert.pem
 +
 +
Verify:
 +
 +
root@scalix:/var/myCA# cat cacert.pem
 +
        -----BEGIN CERTIFICATE-----
 +
        MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
 +
        -----END CERTIFICATE-----
 +
root@scalix:/var/myCA# cat cakey.pem
 +
        -----BEGIN CERTIFICATE-----
 +
        MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
 +
        -----END CERTIFICATE-----
 +
 +
root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf
 +
        SSLCertificateFile /var/myCA/cacert.pem
 +
        SSLCertificateKeyFile /var/myCA/cakey.pem
 +
 +
root@scalix:/var/myCA# cp cakey.pem cakey.bak
 +
root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem
 +
Enter pass phrase for cakey.bak:
 +
writing RSA key
 +
root@scalix:/var/myCA# /etc/init.d/httpd restart
 +
 +
root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old
 +
root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old
 +
 +
root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf
 +
#<VirtualHost scalix.ilba.cat:80>
 +
#    Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
 +
#</VirtualHost>
 +
<VirtualHost *:443>
 +
  Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
 +
  <LocationMatch "^/sac/*">
 +
    RewriteEngine on
 +
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 +
  </LocationMatch>
 +
  <LocationMatch "^/webmail/*">
 +
    RewriteEngine on
 +
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 +
  </LocationMatch>
 +
</VirtualHost>
 +
JkWorkerProperty worker.scalix.type=ajp13
 +
JkWorkerProperty worker.scalix.host=scalix.ilba.cat
 +
JkWorkerProperty worker.scalix.port=8009
 +
JkWorkerProperty worker.scalix.lbfactor=50
 +
JkWorkerProperty worker.scalix.cachesize=10
 +
JkWorkerProperty worker.scalix.cache_timeout=600
 +
JkWorkerProperty worker.scalix.socket_keepalive=1
 +
JkWorkerProperty worker.scalix.recycle_timeout=300
 +
 +
root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf
 +
#<VirtualHost scalix.ilba.cat:80>
 +
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
 +
#</VirtualHost>
 +
<VirtualHost *:80>
 +
  Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
 +
  <LocationMatch "^/sac/*">
 +
    RewriteEngine on
 +
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 +
  </LocationMatch>
 +
  <LocationMatch "^/webmail/*">
 +
    RewriteEngine on
 +
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 +
  </LocationMatch>
 +
</VirtualHost>
 +
 +
root@scalix:~# /etc/init.d/scalix-tomcat restart
 +
root@scalix:~# /etc/init.d/httpd restart
 +
 +
¿ Como hacer para que funcione https://xxx/webmail  ?
 +
 +
root@scalix:~# vi /etc/httpd/conf.d/ssl.conf
 +
        # poner al final del fichero
 +
 +
        Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
 +
        </VirtualHost>

Revision as of 11:56, 11 November 2007

Install openssl

root@scalix:~# yum install -y mod_ssl.i386 openssl.i386 openssl-devel.i386

Modify file of openssl

root@scalix:~# vi /etc/pki/tls/openssl.cnf
       countryName_default             = SP
       stateOrProvinceName_default     = Barcelona
       localityName_default            = Sabadell
       0.organizationName_default      = Ilba
       organizationalUnitName_default  = Ilba

Change directory and create the certificate

root@scalix:~# cd /etc/pki/tls/misc/
root@scalix:/etc/pki/tls/misc# ./CA -newca
root@scalix:/etc/pki/tls/misc# ./CA -newreq
root@scalix:/etc/pki/tls/misc# ./CA -sign
root@scalix:/etc/pki/tls/misc# mkdir /var/myCA
root@scalix:/var/myCA# cp -a /etc/pki/CA/cacert.pem cacert.pem          <- Clave pública (CA)
root@scalix:/var/myCA# cp -a /etc/pki/CA/private/cakey.pem cakey.pem    <- Clave privada (CA)
root@scalix:/var/myCA# cp -a /etc/pki/tls/cert.pem cert.pem             <- Certificado Servidor
root@scalix:/var/myCA# cp -a /etc/pki/tls/misc/newcert.pem newcert.pem

Verify:

root@scalix:/var/myCA# cat cacert.pem
       -----BEGIN CERTIFICATE-----
       MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
       -----END CERTIFICATE-----
root@scalix:/var/myCA# cat cakey.pem
       -----BEGIN CERTIFICATE-----
       MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
       -----END CERTIFICATE-----
root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf
       SSLCertificateFile /var/myCA/cacert.pem
       SSLCertificateKeyFile /var/myCA/cakey.pem

root@scalix:/var/myCA# cp cakey.pem cakey.bak
root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem
Enter pass phrase for cakey.bak:
writing RSA key
root@scalix:/var/myCA# /etc/init.d/httpd restart

root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old

root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf

  1. <VirtualHost scalix.ilba.cat:80>
  2. Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
  3. </VirtualHost>

<VirtualHost *:443>

 Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
 <LocationMatch "^/sac/*">
   RewriteEngine on
   RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 </LocationMatch>
 <LocationMatch "^/webmail/*">
   RewriteEngine on
   RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 </LocationMatch>

</VirtualHost> JkWorkerProperty worker.scalix.type=ajp13 JkWorkerProperty worker.scalix.host=scalix.ilba.cat JkWorkerProperty worker.scalix.port=8009 JkWorkerProperty worker.scalix.lbfactor=50 JkWorkerProperty worker.scalix.cachesize=10 JkWorkerProperty worker.scalix.cache_timeout=600 JkWorkerProperty worker.scalix.socket_keepalive=1 JkWorkerProperty worker.scalix.recycle_timeout=300

root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf

  1. <VirtualHost scalix.ilba.cat:80>
  2. Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
  3. </VirtualHost>

<VirtualHost *:80>

 Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
 <LocationMatch "^/sac/*">
   RewriteEngine on
   RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 </LocationMatch>
 <LocationMatch "^/webmail/*">
   RewriteEngine on
   RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 </LocationMatch>

</VirtualHost>

root@scalix:~# /etc/init.d/scalix-tomcat restart root@scalix:~# /etc/init.d/httpd restart

¿ Como hacer para que funcione https://xxx/webmail  ?

root@scalix:~# vi /etc/httpd/conf.d/ssl.conf

       # poner al final del fichero
       Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
       </VirtualHost>