Displaying 20 results from an estimated 51 matches for "sslengine".
2016 Nov 20
3
CentOS 6, Apache 2.2.15 and SNI?
...tc/httpd/conf/vhosts/vhost-ssldom2-box.conf
both 'vhost'-files are like this:
<VirtualHost ipaddr:443>
ServerAdmin webmaster at domain#.com
ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443
...
SSLEngine on
SSLStrictSNIVHostCheck on
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
...
</VirtualHost>
only
https://domain1.com/...
works
https://domain2.co...
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
...llent for getting apache tls config up-to-date.
>
> https://wiki.mozilla.org/Security/Server_Side_TLS
I'm not 100% on any differences in ciphers available, but I don't
think there should be much difference between EL7 and Fedora.
This config gets my an A+ rating on the sslabs test:
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES
!CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4"
<IfModule mod_headers.c>
Header always set Strict-Transport-Sec...
2017 May 05
6
tabs ignored in here document
...1
ServerAdmin $admin_email
ServerName $your_host_tld
<VirtualHost *:80>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt
SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory&g...
2013 Aug 22
1
ssl ofloading on amazon ELB for puppetmasters
Hi,
I''m trying to do ssl offload on amazon ELB for my puppetmaster servers, it
seems amazon ELB is not sending ssl_client_header & client_verify_header
puppetmaster
Listen 8141
<VirtualHost *:8141>
SSLEngine off
DocumentRoot /etc/puppet/rack/puppetmaster_8141/public/
RackBaseURI /
<Directory /etc/puppet/rack/puppetmaster_8141/>
PassengerEnabled on
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
Se...
2012 Dec 17
1
multiple puppet masters
...sr/bin/ruby
<Proxy balancer://puppet_ca>
BalancerMember http://puppet-master1.test.net:8140
</Proxy>
ProxyPassMatch ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppet_ca/
ProxyPassReverse ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppet_ca/
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master2.test.net.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master4.test.net.pem
#SSLCertificateCha...
2007 Jan 17
2
mongrel cluster (+ Apache 2.2.4 + proxy balancer) not redirecting correctly
...AME} !maintenance.html
RewriteRule ^/$ /index.html [QSA]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI}
[P,QSA,L]
CustomLog logs/desq-access.log common
ErrorLog logs/desq-error.log
SSLEngine on
SSLCertificateFile /home/user/ssl.crt
SSLCertificateKeyFile /home/user/ssl.key
</VirtualHost>
<VirtualHost *:80>
ServerName server.domain.com
Redirect permanent / https://server.domain.com
</VirtualHost>
Also, the cluster YML file:
---
port:...
2017 May 05
2
tabs ignored in here document
...st *:80>
>> <Directory "/var/www/html">
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> Require all granted
>> </Directory>
>> </VirtualHost>
>> <VirtualHost *:443>
>> SSLEngine On
>> SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt
>> SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key
>> <Directory "/var/www/html">
>> Options Indexes FollowSymLinks
>> AllowOverride None
>>...
2006 Jan 05
1
Apache reverse proxy authentication problem on RHEL based distribs only
...it? All our environment consists of the same
distribution and I would prefer not to introduce a different one just
for this purpose.
Here is my virtual host configuration for this:
==================================
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName testproxy.domain.com
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
RequestHeader set Front-End-Https "On"
ProxyRequests Off
ProxyPreserveHost On
LogLevel debug
<Location /exchange>
ProxyPass http://yyy.yyy....
2016 Feb 29
4
Problems with ProxyPass to a local ip (using SSL)
...alhost is:
NameVirtualHost 192.168.1.5:444
<VirtualHost 192.168.1.5:444>
ServerName myweb01.local.domain
ErrorLog logs/ssl_error.log
CustomLog logs/ssl_access.log combined
CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel info
SSLEngine on
SSLProxyEngine On
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/httpd/certs/server.crt
SSLCertificateKeyFile /etc/httpd/certs/server.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http...
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
.../usr/lib/ruby/gems/1.8/gems/
passenger-2.2.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11
PassengerRuby /usr/bin/ruby
CustomLog "/var/log/httpd/puppet_access_log" common
ErrorLog "/var/log/httpd/puppet_error_log"
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/
puppetmaster.foo.bar.pem
SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/
private_keys/puppetmaster.foo.bar.pem
SSLCertificateChainFile /drbd01/puppet/var/lib/pupp...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...PassengerDefaultRuby /usr/bin/ruby
# TODO evaluate benefit of ThrottleRate
PassengerStatThrottleRate 120
PassengerHighPerformance On
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem...
2008 Oct 07
6
https problems
I''m having a problem but don''t know what is causing it so I don''t know
exactly where to post, please bear with me.
I''m trying to set up https access however whenever I go to https://url_for_site
the root route renders but the url is rewritten to http://url_for_site.
The ssl request shows in the apache logs but obviously no further ssl
requests show up.
2008 Jan 17
6
Apache22+mod_proxy+mongrel+ssl
...roxyPassReverse / http://new.identry.com:3000/
ProxyPreserveHost on
</VirtualHost>
<VirtualHost 69.1.254.101:443>
ServerName new.identry.com
ErrorLog "/var/log/www/new.identry.com-error.log"
CustomLog "/var/log/www/new.identry.com-access.log" combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/
new.identry.com/server.key"
SSLCertificateFile "/usr/local/etc/apache22/certs/new.identry.com/
server.crt"
#DocumentRoot &quo...
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
...I ran puppetca --clean against this particular Puppet node''s
certificate, and expected it to just plain not work any more, and
thereby updating my Puppet master''s key store.
Here''s that Apache configuration I was talking about:
<VirtualHost 10.1.0.165:443>
SSLEngine On
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile
/var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...assfile = $vardir/classes.txt
localconfig = $vardir/localconfig
pluginsync = true
[master]
autosign = true
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
My apache vhost is configured like this:
<VirtualHost 192.168.1.60:8140>
SSLEngine on
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem...
2010 Aug 20
5
puppet dashboard gui looks odd from apache2
.../puppetmasterd (works perfect)
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem...
2010 Jun 09
12
Foreman -- Reporting
Hello All,
I don''t seem to be able to get reports to display on the foreman
interface. I copied extras/puppet/foreman/files/foreman-report.rb to /
usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/
lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/
Passenger, Puppet 0.25.4.
The reports are coming from the clients, because I can see them
in
2016 Feb 29
0
Problems with ProxyPass to a local ip (using SSL)
....1.5:444
> <VirtualHost 192.168.1.5:444>
> ServerName myweb01.local.domain
> ErrorLog logs/ssl_error.log
> CustomLog logs/ssl_access.log combined
> CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> LogLevel info
> SSLEngine on
> SSLProxyEngine On
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
> SSLCertificateFile /etc/httpd/certs/server.crt
> SSLCertificateKeyFile /etc/httpd/certs/server.key
> ProxyRequests Off
> Pro...
2016 Nov 20
0
CentOS 6, Apache 2.2.15 and SNI?
...vhost'-files are like this:
>
> <VirtualHost ipaddr:443>
> ServerAdmin webmaster at domain#.com
>
> ServerName vhost.domain#.com:443
> ServerAlias box.domain#.com:443
> ServerAlias calcbox.domain#.com:443
> ServerAlias proxybox.domain#.com:443
>
> ...
> SSLEngine on
>
> SSLStrictSNIVHostCheck on
>
> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
>
> ...
> </VirtualHost>
>
>...
2017 Apr 26
0
Apache + SSL: default configuration rated "C" by Qualys Labs
...ate.
>>
>> https://wiki.mozilla.org/Security/Server_Side_TLS
>
> I'm not 100% on any differences in ciphers available, but I don't
> think there should be much difference between EL7 and Fedora.
>
> This config gets my an A+ rating on the sslabs test:
>
> SSLEngine on
> SSLProtocol all -SSLv2 -SSLv3
> SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
> EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES
> !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4"
>
> <IfModule mod_headers.c>
> Hea...