Yes, a topic that seems to be repeated like bad beans here..

fthomas · Postby **fthomas** » Mon Jan 15, 2007 11:44 am

Sorry,

But I need to re-bring up the setup of https for scalix. I've followed ALL the recommendations within the forum as well as in the manuals and the faq's and I CANNOT get https working properly. I must say that I am very impressed with everything about scalix, EXCEPT, the lack of clear cut instructions on setting up ssl for it. That surprises me too. I would think that ssl would be the default for using the web client and anything else a change from the default. Please, please, please, offer a procedure to properly setup https for the web client and I'm sure you will put some of us out of our misery. Also, how to completely disable the normal port 80 for the scalix software would be of help too. To offer my configuration, I am running centos 4 (rhel4) with the latest community software, version 11.

Thanks in advance,
Frank.

dkelly · Postby **dkelly** » Mon Jan 15, 2007 12:59 pm

Have you read the FAQs that are posted at the top of each forum ? One in particular talks about the Apache set up.

Please come back if you have any more questions after you've read it.

Cheers

Dave

fthomas · Postby **fthomas** » Mon Jan 15, 2007 2:24 pm

yes I did and it was of no help to me. I looked into the faq's and discovered it talked a lot about ver 10, but not 11. But I did try to use the faq's with no results.

Frank.

dkelly · Postby **dkelly** » Mon Jan 15, 2007 2:30 pm

Do you mean http://www.scalix.com/forums/viewtopic.php?t=5651 at the top of this forum ? That's the Scalix 11 FAQs. They don't talk about 10 other than to describe what changed.

In particular, you want ot look at http://www.scalix.com/wiki/index.php?title=HowTos/ApacheConfiguration

Cheers

Dave

fthomas · Postby **fthomas** » Mon Jan 15, 2007 2:54 pm

First off, thanks so far for the help. I don't call out for help, unless I've looked for as much as possible.

Ok, I did go to this fact, and used it to alter the two files (instance-mail.conf) under /etc/opt/scalix-tomcat/connector/ajp and .../jk to read the following:
<VirtualHost mail.thethomasproject.com:443>
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.*.conf
</VirtualHost>
And it doesn't work at all. I get a "page cannot be found" error in IE.

Help.

Frank.

dkelly · Postby **dkelly** » Mon Jan 15, 2007 3:05 pm

Does the URL that you are using match up with the hostname in the VirtualHost entry ?

Cheers

Dave

dkelly · Postby **dkelly** » Mon Jan 15, 2007 3:06 pm

Is it also the case that you removed the SSL settings from the :443 entry or that they were never there ?

Cheers

Dave

fthomas · Postby **fthomas** » Mon Jan 15, 2007 4:23 pm

Yes to question number 1 and I have no idea what you mean in question number 2.

Cheers,

Frank.

dkelly · Postby **dkelly** » Mon Jan 15, 2007 4:27 pm

For question 2, the VirtualHost entry should look something like this:

Code: Select all

<VirtualHost domain.com:443>
       SSLEngine on
       SSLProtocol all -SSLv2
       SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
       SSLCertificateFile /etc/pki/tls/certs/localhost.crt
       SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
       Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>

Cheers

Dave

fthomas · Postby **fthomas** » Mon Jan 15, 2007 4:37 pm

Hi Dave,

In what file is this supposed to be? My entries in the two files for scalix are as I posted them earlier...

All I did was change the :80 in each file to :443.

Thanks!

fthomas · Postby **fthomas** » Mon Jan 15, 2007 5:15 pm

By the way, this is what I just tried in my two files: /etc/opt/scalix-tomcat/connector/ajp/instance-mail.confand /etc/opt/scalix-tomcat/connector/jk/instance-mail.conf.

<VirtualHost mail.domain.com:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>

Still displays that page cannot be found. (404).
Frank.

fthomas · Postby **fthomas** » Tue Jan 16, 2007 1:40 pm

Any ideas?

Thanks,

Frank.

fthomas · Postby **fthomas** » Wed Jan 17, 2007 4:22 pm

Sorry to bug, but does anyone know how to fix this simple issue?

Thanks,

Frank.

jryden · Postby **jryden** » Thu Jan 18, 2007 6:27 pm

You need to first read up on how to configure an SSL virtual host with Apache. Changing :80 to :443 is not enough by a far stretch.

masterclyde · Postby **masterclyde** » Fri Jan 19, 2007 1:26 am

Try getting ssl working first with apache. This is done with your vhost.conf file in apache2. Once that works correctly, edit the vhost.conf and remove reference to 443 (I just removed the whole file). Finally edit the /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf with the configurations Dave mentioned earlier.

<VirtualHost domain.com:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>

Also make sure the include line is properly configured in /etc/apache2/conf.d/ -->

# ---------------------------------------------------------------------------
# mod_proxy_ajp connector configuration
# ---------------------------------------------------------------------------

<IfModule mod_proxy_ajp.c>

Include /etc/opt/scalix-tomcat/connector/ajp/instance-*.conf

</IfModule>

Scalix Forums

Yes, a topic that seems to be repeated like bad beans here..

Yes, a topic that seems to be repeated like bad beans here..

Who is online