HowTo Configure Apache SSL For davfs, subversion, etc.

From NST Wiki
Jump to navigationJump to search

Manually Configuring SSL

When accessing an NST system using the https protocol, you may run into troubles with some applications if your SSL configuration is not setup correctly. Most likely, the configuration issue will be that the ServerName parameter in "/etc/httpd/conf.d/ssl.conf" is not set to exactly match the host name of the system you are connecting to.

The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system:

[joe@bogey tmp]$ svn ls https://192.168.1.20/svn-vmvdi/vmvdi
svn: OPTIONS of 'https://192.168.1.20/svn-vmvdi/vmvdi': SSL handshake failed: \
SSL error code -1/1/336032856 (https://192.168.1.20)

The above failed because the ServerName parameter was not set to 192.168.1.20 in "/etc/httpd/conf.d/ssl.conf" on the SVN web server.

To fix this problem in this example, you need to:

  • SSH into NST system: 192.168.1.20
ssh root@192.168.1.20
  • Edit the file: "/etc/httpd/conf.d/ssl.conf" and set the ServerName parameter to IP Address '192.168.1.20'.
vi /etc/httpd/conf.d/ssl.conf
  • Restart the web server using the command:
service httpd restart 

NOTE: This issue is often run into when you setup a NST system using a static IP Address, or when using the NetworkManager service instead of the network service.

Automatically Configuring SSL

If your NST system is configured to use DHCP and the network service, the "/etc/dhcp/dhclient-exit-hooks" script will automatically set the ServerName in your "/etc/httpd/conf.d/ssl.conf". You won't need to do any manual configuration.

However, there are some situations where you may not want your SSL configuration file updated. If you would like to disable the automatic SSL configuration, do the following:

  • Editing the file: "/etc/dhcp/dhclient-exit-hooks"
vi /etc/dhcp/dhclient-exit-hooks
  • Set the ENABLE_AUTO_SSL variable near the top of the file to false.
  • Restart the network service.
service network restart

Configuring SSL For A Host Name

If you would like to configure SSL so that users can connect using a host name (like: "mysvn") instead of a IP address, you must:

  • Set the ServerName parameter in "/etc/httpd/conf.d/ssl.conf" to the new name ("mysvn").
  • Make sure that "mysvn" resolves to the proper IP address. There are many ways to accomplish this. In the worst case scenario, you can edit the "/etc/hosts" file on ALL systems involved.
  • Restart the web server.