ssl with fedora core 4

[masterclyde]

Hi,

I have installed v. 10 on FC4 and installed my SSL certificates. I can access SAC and SWA without SSL, however whenever I try and access it with SSL the screen launches and just hangs blank. I have checked my error logs in /etc/httpd/conf.d/ and none seem to be generating any errors. I have the install documentation, and I have loosely followed RedHat 4 instructions, but don't seem to be getting anywhere. I have noticed in some posts that their is talk about SSL keys for Tomcat, but I don't see anything in the install documentation. Can you point me to some helpful documentation for post install procedures for FC4?

[ScalixSupport]

In the Post Installation Tasks, starting from page 96, in the installation guide, there are details on configuring SSL.

Cheers

Dave

[masterclyde]

I have followed those directions starting at the Red Hat Linux section (page 98).

I can create my key without incident running

openssl genrsa 1024 > /keypath/server.key

A couple of strange things happen after that, I'm am not prompted for a password after running

umask 77 ; \
/usr/bin/openssl req -new -key /keypath/server.key
\
-x509 -days 365 -out /keypath/server.crt

and when I run

openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem

I recieve an error about not being able to locate a *.pem file

[ScalixSupport]

For the second part of the ssl instructions covering Generating and Signing the Certificate follow the guidance of Rich Bowen's book, "Apache Cookbook" and do the following:

Code: Select all

# openssl genrsa 1024 --out /etc/httpd/conf/ssl.key/server.key

Code: Select all

# openssl req -new -key /etc/httpd/conf/ssl.key/server.key \
  -out /etc/httpd/conf/ssl.csr/server/csr

Code: Select all

# openssl x509 -req -days 365 -in /etc/httpd/conf/ssl.csr/server.csr \
  -signkey /etc/httpd/conf/ssl.key/server.key -out \
  /etc/httpd/conf/ssl/ssl.crt/server.crt

Code: Select all

# service httpd restart

Thanks,
Don

[masterclyde]

Thanks,

It looks like I am generating and signing my certificates now. When I go to my default page and use https://local.localdomain.com I can see my certificate. However; when I go to either webmail or sac with https, the pages just seem to freeze without logging any errors that I can find anywhere. This is Scalix 10 for Fedora Core 4. I have no problems accessing webmail and sac without SSL.

[ScalixSupport]

This is related to SELinux. Please check the release notes.

Cheers,

Sascha.

[masterclyde]

I have checked the release notes and tried the following

1. Switch selinux off in

/etc/sysconfig/selinux
2. Change 'SELINUX=enforcing' to

'SELINUX=disabled' or 'SELINUX=permissive'.
3. Reboot

however, when ever I try going to https://local.localdomain.com/sac or webmail my page attempts to launch but seems to freeze. FDC4 and scalix v 10. Do I need to edit my server.xml file for Tomcat?

[masterclyde]

Thanks for all the support! It was the SELINUX piece. All looks good now.

[STXRich]

Just to add another place to check if you're having problems.
Upgraded from 9.4 to 10 on Fedora Core 4.

Following all the steps created my certificate and key files, however the directories on where to place these files was not what apache was using.

in my case apache was looking for

Code: Select all

/etc/pki/tls/certs/localhost.crt
  and
etc/pki/tls/private/localhost.key

So, if you're having problems getting your key to show up, don't forget to check your apach's SSL.conf file to see where it's actually looking.

-Rich-

[mlaniel]

In my case it was the same way, althought I did not find the ssl.conf file, but when I copied both the .crt .key files in the above mentioned directory and after restarting the httpI service I could then see my generated certificate.