-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 edwardspl@xxxxxxxxxx wrote: > James Kosin wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> edwardspl@xxxxxxxxxx wrote: >> >> >>> Dear All, >>> >>> I can't to enable the https as the following : >>> >>> <VirtualHost webmail.ita.org.mo> Redirect / >>> https://webmail.ita.org.mo:443 </VirtualHost> >>> >>> <VirtualHost webmail.ita.org.mo> DocumentRoot ... ServerName >>> webmail.ita.org.mo ErrorLog ... TransferLog ... SSLEngine on >>> SSLCertificateFile server.crt SSLCertificateKeyFile server.key >>> <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars >>> </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars >>> </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive >>> ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 >>> CustomLog /var/log/itawm-ssl_request_log \ "%t %h >>> %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> >>> >>> >>> error log of web server : [Fri Sep 21 22:42:44 2007] [warn] RSA >>> server certificate CommonName (CN) `localhost' does NOT match >>> server name!? [Fri Sep 21 22:42:44 2007] [warn] RSA server >>> certificate is a CA certificate (BasicConstraints: CA == TRUE >>> !?) [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate >>> CommonName (CN) `localhost' does NOT match server name!? [Fri >>> Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA >>> certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 >>> 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>> `localhost' does NOT match server name!? [Fri Sep 21 22:43:29 >>> 2007] [warn] RSA server certificate is a CA certificate >>> (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007] >>> [warn] RSA server certificate CommonName (CN) `localhost' does >>> NOT match server name!? >>> >>> ssl error log : [Fri Sep 21 22:43:29 2007] [warn] RSA server >>> certificate is a CA certificate (BasicConstraints: CA == TRUE >>> !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate >>> CommonName (CN) `localhost.localdomain' does NOT match server >>> name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate >>> is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep >>> 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>> `localhost.localdomain' does NOT match server name!? >>> >>> So, what mistake about the config ? >>> >>> Remark : The ssl is self-signed SSL Certificate, and the Web >>> Server come with FC6 System. >>> >>> Thanks ! >>> >>> Edward. >>> >>> >>> >> Edward, >> >> You didn't do anything wrong. You will have to create a >> certificate for webmail.ita.org.mo for this to work without the >> warnings. The default cert does not handle external >> connections... I believe the cets will be in the /etc/httpd/conf >> directory. >> >> >> > Hello Jame, > > After the config and restart the web server... I found that we > can't to connect to http://webmail.ita.org.mo ( include redirect > problem : https ) ! So, would you mind to give me more help ? > > Thanks ! > > Edward. > Do you have SELinux enabled? You will have to setup the web-permissions for the webserver to work properly. It looks like the redirection is working. Do you have a firewall setup? If so, you may have to allow or redirect port 443. Does the pages work without the redirection to https? Are the HTML pages there in the /var/www/html (root) directory? If you are using squirelmail as the web interface, the redirection should be https://webmail.ita.org.mo/webmail Let me know if I have hit anything. - -James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8/sZkNLDmnu1kSkRAiDiAJ9MdQ0vItGeD/WODqhUtsG4eDWn7wCdHOyx +zEUVGbnKm+Cb7yVLqnzfoc= =Y3+p -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net
