search for: sslcertificatekeyfil

...st ipaddr:443> ServerAdmin webmaster at domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... </VirtualHost> only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ... what is missing in my config.? Thanks, Walter

...<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost> EOF thanks

...the certificate is not the problem. I used cacert.org to complete it. When I made the certificate, it was for the sub-domain but the certificate for the top-level domain is the certificate that appears. In the <VirtualHost> section for the sub-domain, I have pointed to the sub-domain key: SSLCertificateKeyFile /etc/httpd/conf/ssl.key/subdomain.key. This is how I made the key: openssl req -nodes -keyout private.key -out subdomain.key Any help would be greatly appreciated.

...ongrel it says that hostkey/cert must be owned by puppet:puppet. I tried to keep original path (and also owner) of both files and seems to puppet still works... what problems could it cause to my conf? # grep lib mongrel.conf SSLCertificateFile /var/lib/puppet/ssl/certs/gridinstall.pic.es.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/gridinstall.pic.es.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem TIA, Arnau --~--~---------~--~----~-----...

...h /etc/certs total 12K -rw-r--r-- 1 root root 981 sep 20 11:06 microlinux.crt -rw-r--r-- 1 root root 716 sep 20 11:04 microlinux.csr -rw-r--r-- 1 root root 887 sep 20 11:11 microlinux.key I'm not sure about the correct syntax to use SSL on this one. Where do I configure SSLCertificateFile and SSLCertificateKeyFile? In the virtual host stanza? Before trying various haphazard configurations, I thought I'd better ask here. Niki

...RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] CustomLog logs/desq-access.log common ErrorLog logs/desq-error.log SSLEngine on SSLCertificateFile /home/user/ssl.crt SSLCertificateKeyFile /home/user/ssl.key </VirtualHost> <VirtualHost *:80> ServerName server.domain.com Redirect permanent / https://server.domain.com </VirtualHost> Also, the cluster YML file: --- port: 3000 pid_file: log/mongrel.pid servers: 2 address: 127.0.0.1 cwd: /home/user/d...

...dexes FollowSymLinks >> AllowOverride None >> Require all granted >> </Directory> >> </VirtualHost> >> <VirtualHost *:443> >> SSLEngine On >> SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt >> SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key >> <Directory "/var/www/html"> >> Options Indexes FollowSymLinks >> AllowOverride None >> Require all granted >> </Directory> >> </VirtualHost> >> EOF >&...

...ng: rsa_cert_file=/usr/share/ssl/certs/inet06cert.pem which is the public certificate and this: rsa_cert_file=/usr/share/ssl/private/inet06key.pem which is the server private key. Both these are in use by the apache web server as : SSLCertificateFile /usr/share/ssl/certs/inet06cert.pem and SSLCertificateKeyFile /usr/share/ssl/private/inet06key.pem respectively and I have no trouble using ssl with that service. As far as I can tell the certificates are in the right places and do the right things for apache but vsftpd chokes. Since vsftpd does not deign to log what is going on I cannot tell what it f...

...efer not to introduce a different one just for this purpose. Here is my virtual host configuration for this: ================================== <VirtualHost xxx.xxx.xxx.xxx:443> ServerName testproxy.domain.com SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On LogLevel debug <Location /exchange> ProxyPass http://yyy.yyy.yyy.yyy/exchange ProxyPassReverse http://yyy.yyy.yyy.yyy/exchange SSLRequi...

...n /etc/httpd/conf.d/ssl.conf. I kept the default options for everything else. --8<------------------------------------------------ ... DocumentRoot "/var/www/html/default/html" ServerName sd-41893.dedibox.fr:443 ... SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem --8<------------------------------------------------ After restarting Apache, the website shows up correctly. https://sd-41893.dedibox.fr/ But when I test it...

..._request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel info SSLEngine on SSLProxyEngine On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key ProxyRequests Off ProxyPreserveHost On ProxyPass / http://192.168.1.5:5100/ ProxyPassReverse / http://192.168.1.5:5100/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "444" RewriteEngine On RewriteRule ^/(.*) h...

...usr/bin/ruby CustomLog "/var/log/httpd/puppet_access_log" common ErrorLog "/var/log/httpd/puppet_error_log" SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/ puppetmaster.foo.bar.pem SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/ private_keys/puppetmaster.foo.bar.pem SSLCertificateChainFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem SSLCACertificateFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem # CRL checking should be enabled; if you have problems with Apach...

...On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ <puppetmaster>.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optiona...

...ome relevant apache config info: # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDe...

I''m having a problem but don''t know what is causing it so I don''t know exactly where to post, please bear with me. I''m trying to set up https access however whenever I go to https://url_for_site the root route renders but the url is rewritten to http://url_for_site. The ssl request shows in the apache logs but obviously no further ssl requests show up.

...ualHost 69.1.254.101:443> ServerName new.identry.com ErrorLog "/var/log/www/new.identry.com-error.log" CustomLog "/var/log/www/new.identry.com-access.log" combined SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP:+eNULL SSLCertificateKeyFile "/usr/local/etc/apache22/certs/ new.identry.com/server.key" SSLCertificateFile "/usr/local/etc/apache22/certs/new.identry.com/ server.crt" #DocumentRoot "/home/identry/public_html" RequestHeader set X_FORWARDED_PROTO ''https'' ProxyPass...

...uppet master''s key store. Here''s that Apache configuration I was talking about: <VirtualHost 10.1.0.165:443> SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StdEnvVars ErrorLog /var/log/httpd/ssltest-error.log CustomLog /var/log/http...

...IFY My apache vhost is configured like this: <VirtualHost 192.168.1.60:8140> SSLEngine on SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, di...

...AutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL...

Hello All, I don''t seem to be able to get reports to display on the foreman interface. I copied extras/puppet/foreman/files/foreman-report.rb to / usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/ lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/ Passenger, Puppet 0.25.4. The reports are coming from the clients, because I can see them in