Difference between revisions of "HowTo Configure Apache SSL For davfs, subversion, etc."
(→Manually Configuring SSL) |
|||
Line 1: | Line 1: | ||
== Manually Configuring SSL == | == Manually Configuring SSL == | ||
− | When accessing | + | When accessing an NST system using the ''https'' protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the configuration issue will be that the ''ServerName'' parameter in ''/etc/httpd/conf.d/ssl.conf'' is not set to exactly match the host name of the system you are connecting to. |
The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system: | The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system: | ||
Line 22: | Line 22: | ||
'''NOTE''': This issue is often run into when you set up a NST system using a static IP address, or when using the ''NetworkManager'' service instead of the ''network'' service. | '''NOTE''': This issue is often run into when you set up a NST system using a static IP address, or when using the ''NetworkManager'' service instead of the ''network'' service. | ||
− | |||
== Automatically Configuring SSL == | == Automatically Configuring SSL == |
Revision as of 13:22, 26 May 2010
Manually Configuring SSL
When accessing an NST system using the https protocol, you may run into troubles with some applications if your SSL configuration is not set correctly. Most likely, the configuration issue will be that the ServerName parameter in /etc/httpd/conf.d/ssl.conf is not set to exactly match the host name of the system you are connecting to.
The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system:
tortilla-e:tmp pkb$ svn ls https://192.101.77.44/svn-trash/trash svn: OPTIONS of 'https://192.101.77.44/svn-trash/trash': could not connect to server (https://192.101.77.44) tortilla-e:tmp pkb$
The above failed because the ServerName parameter was not set to 192.101.77.44 in /etc/httpd/conf.d/ssl.conf.
To fix this problem, you need to:
- Edit the file: /etc/httpd/conf.d/ssl.conf
vi /etc/httpd/conf.d/ssl.conf
- Restart the web server using the command:
service httpd restart
NOTE: This issue is often run into when you set up a NST system using a static IP address, or when using the NetworkManager service instead of the network service.
Automatically Configuring SSL
If your NST system is configured to use DHCP and the network service, the /etc/dhcp/dhclient-exit-hooks script will automatically set the ServerName in your /etc/httpd/conf.d/ssl.conf. You won't need to do any manual configuration.
However, there are some situations where you may not want your SSL configuration file updated. If you would like to disable the automatic SSL configuration, do the following:
- Editing the file: /etc/dhcp/dhclient-exit-hooks
vi /etc/dhcp/dhclient-exit-hooks
- Set the ENABLE_AUTO_SSL variable near the top of the file to false.
- Restart the network service.
service network restart
Configuring SSL For A Host Name
If you would like to configure SSL so that users can connect using a host name (like: "mysvn") instead of a IP address, you must:
- Set the ServerName parameter in /etc/httpd/conf.d/ssl.conf to the new name ("mysvn").
- Make sure that "mysvn" resolves to the proper IP address. There are many ways to accomplish this. In the worst case scenario, you can edit the /etc/hosts file on ALL systems involved.
- Restart the web server.