Re: https can;t be good for work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
edwardspl@xxxxxxxxxx wrote:
> James Kosin wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> edwardspl@xxxxxxxxxx wrote:
>>
>>
>>> Dear All,
>>>
>>> I can't to enable the https as the following :
>>>
>>> <VirtualHost webmail.ita.org.mo> Redirect /
>>> https://webmail.ita.org.mo:443 </VirtualHost>
>>>
>>> <VirtualHost webmail.ita.org.mo> DocumentRoot ... ServerName
>>> webmail.ita.org.mo ErrorLog ... TransferLog ... SSLEngine on
>>> SSLCertificateFile server.crt SSLCertificateKeyFile server.key
>>> <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars
>>> </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars
>>> </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive
>>> ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
>>> CustomLog /var/log/itawm-ssl_request_log \ "%t %h
>>> %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
>>>
>>>
>>> error log of web server : [Fri Sep 21 22:42:44 2007] [warn] RSA
>>> server certificate CommonName (CN) `localhost' does NOT match
>>> server name!? [Fri Sep 21 22:42:44 2007] [warn] RSA server
>>> certificate is a CA certificate (BasicConstraints: CA == TRUE
>>> !?) [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate
>>> CommonName (CN) `localhost' does NOT match server name!? [Fri
>>> Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>> certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21
>>> 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>> `localhost' does NOT match server name!? [Fri Sep 21 22:43:29
>>> 2007] [warn] RSA server certificate is a CA certificate
>>> (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007]
>>> [warn] RSA server certificate CommonName (CN) `localhost' does
>>> NOT match server name!?
>>>
>>> ssl error log : [Fri Sep 21 22:43:29 2007] [warn] RSA server
>>> certificate is a CA certificate (BasicConstraints: CA == TRUE
>>> !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate
>>> CommonName (CN) `localhost.localdomain' does NOT match server
>>> name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate
>>> is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep
>>> 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>> `localhost.localdomain' does NOT match server name!?
>>>
>>> So, what mistake about the config ?
>>>
>>> Remark : The ssl is self-signed SSL Certificate, and the Web
>>> Server come with FC6 System.
>>>
>>> Thanks !
>>>
>>> Edward.
>>>
>>>
>>>
>> Edward,
>>
>> You didn't do anything wrong.  You will have to create a
>> certificate for webmail.ita.org.mo for this to work without the
>> warnings.  The default cert does not handle external
>> connections... I believe the cets will be in the /etc/httpd/conf
>> directory.
>>
>>
>>
> Hello Jame,
>
> After the config and restart the web server... I found that we
> can't to connect to http://webmail.ita.org.mo ( include redirect
> problem : https ) ! So, would you mind to give me more help ?
>
> Thanks !
>
> Edward.
>
Do you have SELinux enabled?  You will have to setup the
web-permissions for the webserver to work properly.
It looks like the redirection is working.
Do you have a firewall setup?  If so, you may have to allow or
redirect port 443.
Does the pages work without the redirection to https?
Are the HTML pages there in the /var/www/html (root) directory?  If
you are using squirelmail as the web interface, the redirection should
be https://webmail.ita.org.mo/webmail

Let me know if I have hit anything.
- -James

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFG8/sZkNLDmnu1kSkRAiDiAJ9MdQ0vItGeD/WODqhUtsG4eDWn7wCdHOyx
+zEUVGbnKm+Cb7yVLqnzfoc=
=Y3+p
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux