search for: sslengine

...tc/httpd/conf/vhosts/vhost-ssldom2-box.conf both 'vhost'-files are like this: <VirtualHost ipaddr:443> ServerAdmin webmaster at domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... </VirtualHost> only https://domain1.com/... works https://domain2.co...

...llent for getting apache tls config up-to-date. > > https://wiki.mozilla.org/Security/Server_Side_TLS I'm not 100% on any differences in ciphers available, but I don't think there should be much difference between EL7 and Fedora. This config gets my an A+ rating on the sslabs test: SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" <IfModule mod_headers.c> Header always set Strict-Transport-Sec...

...1 ServerAdmin $admin_email ServerName $your_host_tld <VirtualHost *:80> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory&g...

Hi, I''m trying to do ssl offload on amazon ELB for my puppetmaster servers, it seems amazon ELB is not sending ssl_client_header & client_verify_header puppetmaster Listen 8141 <VirtualHost *:8141> SSLEngine off DocumentRoot /etc/puppet/rack/puppetmaster_8141/public/ RackBaseURI / <Directory /etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on Options None AllowOverride None Order allow,deny allow from all </Directory> Se...

...sr/bin/ruby <Proxy balancer://puppet_ca> BalancerMember http://puppet-master1.test.net:8140 </Proxy> ProxyPassMatch ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppet_ca/ ProxyPassReverse ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppet_ca/ Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master2.test.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master4.test.net.pem #SSLCertificateCha...

...AME} !maintenance.html RewriteRule ^/$ /index.html [QSA] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] CustomLog logs/desq-access.log common ErrorLog logs/desq-error.log SSLEngine on SSLCertificateFile /home/user/ssl.crt SSLCertificateKeyFile /home/user/ssl.key </VirtualHost> <VirtualHost *:80> ServerName server.domain.com Redirect permanent / https://server.domain.com </VirtualHost> Also, the cluster YML file: --- port:...

...st *:80> >> <Directory "/var/www/html"> >> Options Indexes FollowSymLinks >> AllowOverride None >> Require all granted >> </Directory> >> </VirtualHost> >> <VirtualHost *:443> >> SSLEngine On >> SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt >> SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key >> <Directory "/var/www/html"> >> Options Indexes FollowSymLinks >> AllowOverride None >>...

...it? All our environment consists of the same distribution and I would prefer not to introduce a different one just for this purpose. Here is my virtual host configuration for this: ================================== <VirtualHost xxx.xxx.xxx.xxx:443> ServerName testproxy.domain.com SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On LogLevel debug <Location /exchange> ProxyPass http://yyy.yyy....

...alhost is: NameVirtualHost 192.168.1.5:444 <VirtualHost 192.168.1.5:444> ServerName myweb01.local.domain ErrorLog logs/ssl_error.log CustomLog logs/ssl_access.log combined CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel info SSLEngine on SSLProxyEngine On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key ProxyRequests Off ProxyPreserveHost On ProxyPass / http...

.../usr/lib/ruby/gems/1.8/gems/ passenger-2.2.11/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11 PassengerRuby /usr/bin/ruby CustomLog "/var/log/httpd/puppet_access_log" common ErrorLog "/var/log/httpd/puppet_error_log" SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/ puppetmaster.foo.bar.pem SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/ private_keys/puppetmaster.foo.bar.pem SSLCertificateChainFile /drbd01/puppet/var/lib/pupp...

...PassengerDefaultRuby /usr/bin/ruby # TODO evaluate benefit of ThrottleRate PassengerStatThrottleRate 120 PassengerHighPerformance On PassengerMaxPoolSize 12 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem...

I''m having a problem but don''t know what is causing it so I don''t know exactly where to post, please bear with me. I''m trying to set up https access however whenever I go to https://url_for_site the root route renders but the url is rewritten to http://url_for_site. The ssl request shows in the apache logs but obviously no further ssl requests show up.

...roxyPassReverse / http://new.identry.com:3000/ ProxyPreserveHost on </VirtualHost> <VirtualHost 69.1.254.101:443> ServerName new.identry.com ErrorLog "/var/log/www/new.identry.com-error.log" CustomLog "/var/log/www/new.identry.com-access.log" combined SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP:+eNULL SSLCertificateKeyFile "/usr/local/etc/apache22/certs/ new.identry.com/server.key" SSLCertificateFile "/usr/local/etc/apache22/certs/new.identry.com/ server.crt" #DocumentRoot &quo...

...I ran puppetca --clean against this particular Puppet node''s certificate, and expected it to just plain not work any more, and thereby updating my Puppet master''s key store. Here''s that Apache configuration I was talking about: <VirtualHost 10.1.0.165:443> SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem...

...assfile = $vardir/classes.txt localconfig = $vardir/localconfig pluginsync = true [master] autosign = true ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY My apache vhost is configured like this: <VirtualHost 192.168.1.60:8140> SSLEngine on SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem...

.../puppetmasterd (works perfect) # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem...

Hello All, I don''t seem to be able to get reports to display on the foreman interface. I copied extras/puppet/foreman/files/foreman-report.rb to / usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/ lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/ Passenger, Puppet 0.25.4. The reports are coming from the clients, because I can see them in

....1.5:444 > <VirtualHost 192.168.1.5:444> > ServerName myweb01.local.domain > ErrorLog logs/ssl_error.log > CustomLog logs/ssl_access.log combined > CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > LogLevel info > SSLEngine on > SSLProxyEngine On > SSLProtocol -ALL +SSLv3 +TLSv1 > SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 > SSLCertificateFile /etc/httpd/certs/server.crt > SSLCertificateKeyFile /etc/httpd/certs/server.key > ProxyRequests Off > Pro...

...vhost'-files are like this: > > <VirtualHost ipaddr:443> > ServerAdmin webmaster at domain#.com > > ServerName vhost.domain#.com:443 > ServerAlias box.domain#.com:443 > ServerAlias calcbox.domain#.com:443 > ServerAlias proxybox.domain#.com:443 > > ... > SSLEngine on > > SSLStrictSNIVHostCheck on > > SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key > SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt > > ... > </VirtualHost> > &gt...

...ate. >> >> https://wiki.mozilla.org/Security/Server_Side_TLS > > I'm not 100% on any differences in ciphers available, but I don't > think there should be much difference between EL7 and Fedora. > > This config gets my an A+ rating on the sslabs test: > > SSLEngine on > SSLProtocol all -SSLv2 -SSLv3 > SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 > EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES > !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" > > <IfModule mod_headers.c> > Hea...