SuSE SLES 9 - new install fine, anabled SSL, now inacessible

[gearheadloco]

Hi,

Mine is a SuSE Linux Enterprise Server 9 install, and just a few days into the 60 day evaluation period. Everything was fine until I decided to IMPROVE things, and now I'm paying the price!

I followed the Scalix Installation Guide Chapter 2 "Post-installation Tasks" to enable SSL. Created the keytab as described on page 37, then edited the server.xml file in Tomcat. The first thing I noticed is that (contrary to the manual) both ports 8080 and 8443 were commented out, and only 8009 was enabled. The manual would have you think that Tomcat was listening on port 8080, but my server.xml stated (in comments) that this port was disabled by the Scalix installer. I un-commented out port 8443, configured my Cisco PIX to pass 8443, stopped and re-started Tomcat, and now the system is completely inaccessible from any port. This is true whether I try from the SLES 9 server itself (localhost) or from a PC in our network.

The Cisco was only allowing port 80 requests to pass (from outside our network) before I made this change, and would have blocked any 8080 requests. Perhaps this is why Scalix opted to work around port numbers in the URL?

I've tried going back to a server.xml file with 8443 and 8080 commented and 8009 not (like the initial installation that did work - once) and have also tried to remove the SSL key with:
./keytool -delete -alias tomcat
which did seem to work.

I've checked tomcat and apache with ps and they seem to re-start fine each time I change the server.xml file.

Any ideas? Did I mess things up with SSL to the point where I need to re-install Scalix and/or SLES 9?

Clearly I'm NOT a Linux expert!

Thanks for whatever help you can give.

Phil in San Diego

[gearheadloco]

Hi again,

Still experimenting - I've done some additional work based on what worked with other folks with similar problems:

(1) checked that /etc/hosts has an entry for localhost. It did, but I added the localhost.localdomain part as others have tried:

127.0.0.1 localhost.localdomain localhost

there is also an entry that Scalix (?) made for the server itself:

192.168.50.27 mydomain.org email

(2) I also un-commented ports 8080, 8443 and 8009 just to see what might happen.

At this point:

- I CAN login as user sxadmin from a PC using http://email.mydomain:8080/webmail

- When I log into http://email.mydomain:8080/sac I am prompter for user/password, but
then I get the error "Could Not Login Could not fetch configuration information.
Possible problem with administration server."

- If I try to login to webmail or sac at https://email.mydomain:8443/ the connection times out and nothing.

Thanks,
Phil in San Diego

[florian]

Curios - what version of Scalix are you using?

From 10.0.x onwards, we actually recommend (and install through our installer) mod_jk which makes Tomcat not directly accessible anymore, instead we are accessing Tomcat through Apache for better security and performance.

In this case, SSL would need to be setup on the apache side. I believe the Scalix 10 docs tell you how. No keytab for tomcat would need to be generated and no changes to server.xml would be necessary.

Also, by default Apache would be available over port 80/http and port 443/https, so the firewall would need to be setup accordingly.

Cheers,
Florian.