search for: ssloption

I''m having a problem but don''t know what is causing it so I don''t know exactly where to post, please bear with me. I''m trying to set up https access however whenever I go to https://url_for_site the root route renders but the url is rewritten to http://url_for_site. The ssl request shows in the apache logs but obviously no further ssl requests show up.

...his does not happen all the time, seldom it shows my params variable even when on SSL. This is how I configured SSL Client Auth on Apache: <Location /myapp> SSLVerifyClient require SSLVerifyDepth 10 </Location> <Files ~ "\.(cgi|fcgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars +ExportCertData </Files> Please help, I''m stuck and frustrated, could this be a bug? Thanks. -Ofir -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Grou...

...Directory works) # Use htpasswd -c /etc/httpd/conf/passwd/plainpasswd user1 # this will create the user and passwd file # after that use htpasswd /etc/httpd/conf/passwd/plainpasswd user1 # I Know digest is better, but it doesn't always # work <Directory "/var/swww/html/maint"> SSLOptions +StdEnvVars AllowOverride All AuthType Basic AuthName "Receptionist / Admin access Only!" AuthUserFile /etc/httpd/conf/passwd/plainpasswd Require user user1 user2 user3 </Directory> <Directory "/var/swww/html/meetme"> SSLOptions +StdEnvVars AllowOverride All AuthTy...

...Suite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile "/home/sasi/test.key" SSLCACertificateFile "/home/sasi/test.cer" SSLCertificateChainFile "/home/sasi/test1.cer" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/apache2/logs...

...cateFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the nex t line # SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On Docu...

...ppetmaster>.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLI...

...t/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory> Any ideas? I...

...LCertificateFile /var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StdEnvVars ErrorLog /var/log/httpd/ssltest-error.log CustomLog /var/log/httpd/ssltest-access.log combined </VirtualHost> Pretty simple, right? Am I doing this properly? A little background: I am in the process of building AMIs for Amazon''s EC2, which will eventu...

...SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e PassengerHighPerformance...

...# If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ RackBaseURI / <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,deny allow from all...

Hello All, I don''t seem to be able to get reports to display on the foreman interface. I copied extras/puppet/foreman/files/foreman-report.rb to / usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/ lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/ Passenger, Puppet 0.25.4. The reports are coming from the clients, because I can see them in

I''ve configured our DMZ apache webserver to proxy connections from our roaming users into our internal puppet master running under passenger/apache. Everything is pretty much working but because I am using SSL between the proxy server and the puppet master, the master treats the connection as authenticated as the proxy. My current work around is to allow access to all catalog and

Hi, We''re trying to follow the instructions at http://reductivelabs.com/trac/puppet/wiki/UsingMongrel (Just using a single puppetmaster/mongrel instance and plain mod_proxy for now, instead of balancer one) We got past the "Server is not a class" error by modifying mongrel.rb We also kind-of got past the: /opt/bin/puppetmasterd:293: undefined method `daemonize'' for

...# If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost&g...

...lid signatures on the CRL, you can > try disabling > # CRL checking by commenting the next line, but this is not > recommended. > SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > > ErrorLog logs/puppet_error_log > TransferLog logs/puppet_access_log > LogLevel warn > # This header needs to be set if using a loadbalancer or proxy > #RequestHeader unset X-Forwarded-For > > #RequestHead...

Hi, Is there a way to have puppetmaster sign new clients'' certificates when using apache+mongrel for serving, without having a separate puppetmaster instance running webrick on a different port/IP? I guess this does not work out of the box because apache is told to do the verification very early in the connection process, at which point it does not yet know that the client is going to

...r/lib/puppet/ssl/private_keys/hostname.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHe...

..._crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On DocumentRoot /usr/shar...

...can try disabling # CRL checking by commenting the next line, but this is not recommended. #SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_...

Been doing some research but haven''t been able to determine much - has anyone had any experience parsing incoming [on the request] x.509 certificates? Specifically, getting name, CA, etc. Here''s how you do in Java Servlets for reference: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); Thanks. --