https can;t be good for work

Fri Sep 21 17:33:00 UTC 2007

James Kosin wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
> 
>edwardspl at ita.org.mo wrote:
>  
>
>>James Kosin wrote:
>>
>>    
>>
>>>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>>edwardspl at ita.org.mo wrote:
>>>
>>>
>>>      
>>>
>>>>Dear All,
>>>>
>>>>I can't to enable the https as the following :
>>>>
>>>><VirtualHost webmail.ita.org.mo> Redirect /
>>>>https://webmail.ita.org.mo:443 </VirtualHost>
>>>>
>>>><VirtualHost webmail.ita.org.mo> DocumentRoot ... ServerName
>>>>webmail.ita.org.mo ErrorLog ... TransferLog ... SSLEngine on
>>>>SSLCertificateFile server.crt SSLCertificateKeyFile server.key
>>>><Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars
>>>></Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars
>>>></Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive
>>>>ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
>>>>CustomLog /var/log/itawm-ssl_request_log \ "%t %h
>>>>%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
>>>>
>>>>
>>>>error log of web server : [Fri Sep 21 22:42:44 2007] [warn] RSA
>>>>server certificate CommonName (CN) `localhost' does NOT match
>>>>server name!? [Fri Sep 21 22:42:44 2007] [warn] RSA server
>>>>certificate is a CA certificate (BasicConstraints: CA == TRUE
>>>>!?) [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate
>>>>CommonName (CN) `localhost' does NOT match server name!? [Fri
>>>>Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>>>certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21
>>>>22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>>>`localhost' does NOT match server name!? [Fri Sep 21 22:43:29
>>>>2007] [warn] RSA server certificate is a CA certificate
>>>>(BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007]
>>>>[warn] RSA server certificate CommonName (CN) `localhost' does
>>>>NOT match server name!?
>>>>
>>>>ssl error log : [Fri Sep 21 22:43:29 2007] [warn] RSA server
>>>>certificate is a CA certificate (BasicConstraints: CA == TRUE
>>>>!?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate
>>>>CommonName (CN) `localhost.localdomain' does NOT match server
>>>>name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate
>>>>is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep
>>>>21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>>>`localhost.localdomain' does NOT match server name!?
>>>>
>>>>So, what mistake about the config ?
>>>>
>>>>Remark : The ssl is self-signed SSL Certificate, and the Web
>>>>Server come with FC6 System.
>>>>
>>>>Thanks !
>>>>
>>>>Edward.
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>Edward,
>>>
>>>You didn't do anything wrong.  You will have to create a
>>>certificate for webmail.ita.org.mo for this to work without the
>>>warnings.  The default cert does not handle external
>>>connections... I believe the cets will be in the /etc/httpd/conf
>>>directory.
>>>
>>>
>>>
>>>      
>>>
>>Hello Jame,
>>
>>After the config and restart the web server... I found that we
>>can't to connect to http://webmail.ita.org.mo ( include redirect
>>problem : https ) ! So, would you mind to give me more help ?
>>
>>Thanks !
>>
>>Edward.
>>
>>    
>>
>Do you have SELinux enabled?  You will have to setup the
>web-permissions for the webserver to work properly.
>It looks like the redirection is working.
>Do you have a firewall setup?  If so, you may have to allow or
>redirect port 443.
>Does the pages work without the redirection to https?
>Are the HTML pages there in the /var/www/html (root) directory?  If
>you are using squirelmail as the web interface, the redirection should
>be https://webmail.ita.org.mo/webmail
>
>Let me know if I have hit anything.
>- -James
>  
>
Hello James,
1, SELinux is disable.
2, Firewall enable 443 port.
3, how about the permission for the ssl files ?
4, Before the https enabled, the http is good for work !

Thanks !

Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070922/8ebc2ab0/attachment-0001.html 