Difference between revisions of "HowTo Configure Apache SSL For davfs, subversion, etc."
(Created page with 'When accessing a NST system using the ''https'' protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the config…') |
|||
| Line 1: | Line 1: | ||
| + | == Manually Configuring SSL == | ||
| + | |||
When accessing a NST system using the ''https'' protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the configuration issue will be that the ''ServerName'' parameter in ''/etc/httpd/conf.d/ssl.conf'' is not set to exactly match the host name of the system you are connecting to. | When accessing a NST system using the ''https'' protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the configuration issue will be that the ''ServerName'' parameter in ''/etc/httpd/conf.d/ssl.conf'' is not set to exactly match the host name of the system you are connecting to. | ||
The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system: | The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system: | ||
| − | + | tortilla-e:tmp pkb$ svn ls https://192.101.77.44/svn-trash/trash | |
| − | + | svn: OPTIONS of 'https://192.101.77.44/svn-trash/trash': could not connect to server (https://192.101.77.44) | |
| − | + | tortilla-e:tmp pkb$ | |
| + | |||
| + | The above failed because the ''ServerName'' parameter was not set to ''192.101.77.44'' in ''/etc/httpd/conf.d/ssl.conf''. | ||
| + | |||
| + | To fix this problem, you need to: | ||
| + | |||
| + | * Edit the file: ''/etc/httpd/conf.d/ssl.conf'' | ||
| + | |||
| + | vi /etc/httpd/conf.d/ssl.conf | ||
| + | |||
| + | * Restart the web server using the command: | ||
| + | |||
| + | service httpd restart | ||
| + | |||
| + | '''NOTE''': This issue is often run into when you set up a NST system using a static IP address, or when using the ''NetworkManager'' service instead of the ''network'' service. | ||
| + | |||
| + | |||
| + | == Automatically Configuring SSL == | ||
| + | |||
| + | If your NST system is configured to use DHCP and the ''network'' service, the ''/etc/dhcp/dhclient-exit-hooks'' script will automatically set the ''ServerName'' in your ''/etc/httpd/conf.d/ssl.conf''. You won't need to do any manual configuration. | ||
| + | |||
| + | However, there are some situations where you may not want your SSL configuration file updated. If you would like to disable the automatic SSL configuration, do the following: | ||
| + | |||
| + | * Editing the file: ''/etc/dhcp/dhclient-exit-hooks'' | ||
| + | |||
| + | vi /etc/dhcp/dhclient-exit-hooks | ||
| + | |||
| + | * Set the ''ENABLE_AUTO_SSL'' variable near the top of the file to ''false''. | ||
| + | |||
| + | * Restart the ''network'' service. | ||
| − | + | service network restart | |
Revision as of 13:12, 26 May 2010
Manually Configuring SSL
When accessing a NST system using the https protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the configuration issue will be that the ServerName parameter in /etc/httpd/conf.d/ssl.conf is not set to exactly match the host name of the system you are connecting to.
The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system:
tortilla-e:tmp pkb$ svn ls https://192.101.77.44/svn-trash/trash svn: OPTIONS of 'https://192.101.77.44/svn-trash/trash': could not connect to server (https://192.101.77.44) tortilla-e:tmp pkb$
The above failed because the ServerName parameter was not set to 192.101.77.44 in /etc/httpd/conf.d/ssl.conf.
To fix this problem, you need to:
- Edit the file: /etc/httpd/conf.d/ssl.conf
vi /etc/httpd/conf.d/ssl.conf
- Restart the web server using the command:
service httpd restart
NOTE: This issue is often run into when you set up a NST system using a static IP address, or when using the NetworkManager service instead of the network service.
Automatically Configuring SSL
If your NST system is configured to use DHCP and the network service, the /etc/dhcp/dhclient-exit-hooks script will automatically set the ServerName in your /etc/httpd/conf.d/ssl.conf. You won't need to do any manual configuration.
However, there are some situations where you may not want your SSL configuration file updated. If you would like to disable the automatic SSL configuration, do the following:
- Editing the file: /etc/dhcp/dhclient-exit-hooks
vi /etc/dhcp/dhclient-exit-hooks
- Set the ENABLE_AUTO_SSL variable near the top of the file to false.
- Restart the network service.
service network restart
