Page 1 of 1
ssl with fedora core 4
Posted: Thu Mar 09, 2006 1:41 am
by masterclyde
Hi,
I have installed v. 10 on FC4 and installed my SSL certificates. I can access SAC and SWA without SSL, however whenever I try and access it with SSL the screen launches and just hangs blank. I have checked my error logs in /etc/httpd/conf.d/ and none seem to be generating any errors. I have the install documentation, and I have loosely followed RedHat 4 instructions, but don't seem to be getting anywhere. I have noticed in some posts that their is talk about SSL keys for Tomcat, but I don't see anything in the install documentation. Can you point me to some helpful documentation for post install procedures for FC4?
Posted: Thu Mar 09, 2006 3:14 pm
by ScalixSupport
In the Post Installation Tasks, starting from page 96, in the installation guide, there are details on configuring SSL.
Cheers
Dave
Posted: Thu Mar 09, 2006 3:46 pm
by masterclyde
I have followed those directions starting at the Red Hat Linux section (page 98).
I can create my key without incident running
openssl genrsa 1024 > /keypath/server.key
A couple of strange things happen after that, I'm am not prompted for a password after running
umask 77 ; \
/usr/bin/openssl req -new -key /keypath/server.key
\
-x509 -days 365 -out /keypath/server.crt
and when I run
openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem
I recieve an error about not being able to locate a *.pem file
Posted: Thu Mar 09, 2006 4:25 pm
by ScalixSupport
For the second part of the ssl instructions covering Generating and Signing the Certificate follow the guidance of Rich Bowen's book, "Apache Cookbook" and do the following:
Code: Select all
# openssl genrsa 1024 --out /etc/httpd/conf/ssl.key/server.keyCode: Select all
# openssl req -new -key /etc/httpd/conf/ssl.key/server.key \
-out /etc/httpd/conf/ssl.csr/server/csrCode: Select all
# openssl x509 -req -days 365 -in /etc/httpd/conf/ssl.csr/server.csr \
-signkey /etc/httpd/conf/ssl.key/server.key -out \
/etc/httpd/conf/ssl/ssl.crt/server.crtThanks,
Don
Posted: Thu Mar 09, 2006 10:48 pm
by masterclyde
Thanks,
It looks like I am generating and signing my certificates now. When I go to my default page and use
https://local.localdomain.com I can see my certificate. However; when I go to either webmail or sac with https, the pages just seem to freeze without logging any errors that I can find anywhere. This is Scalix 10 for Fedora Core 4. I have no problems accessing webmail and sac without SSL.
Posted: Fri Mar 10, 2006 7:22 am
by ScalixSupport
This is related to SELinux. Please check the release notes.
Cheers,
Sascha.
Posted: Fri Mar 10, 2006 4:09 pm
by masterclyde
I have checked the release notes and tried the following
1. Switch selinux off in
/etc/sysconfig/selinux
2. Change 'SELINUX=enforcing' to
'SELINUX=disabled' or 'SELINUX=permissive'.
3. Reboot
however, when ever I try going to
https://local.localdomain.com/sac or webmail my page attempts to launch but seems to freeze. FDC4 and scalix v 10. Do I need to edit my server.xml file for Tomcat?
Posted: Tue Mar 14, 2006 1:34 am
by masterclyde
Thanks for all the support! It was the SELINUX piece. All looks good now.
Posted: Thu Mar 23, 2006 4:30 pm
by STXRich
Just to add another place to check if you're having problems.
Upgraded from 9.4 to 10 on Fedora Core 4.
Following all the steps created my certificate and key files, however the directories on where to place these files was not what apache was using.
in my case apache was looking for
Code: Select all
/etc/pki/tls/certs/localhost.crt
and
etc/pki/tls/private/localhost.keySo, if you're having problems getting your key to show up, don't forget to check your apach's SSL.conf file to see where it's actually looking.
-Rich-
Posted: Tue Mar 28, 2006 4:25 pm
by mlaniel
In my case it was the same way, althought I did not find the ssl.conf file, but when I copied both the .crt .key files in the above mentioned directory and after restarting the httpI service I could then see my generated certificate.