HowTo Configure Apache SSL For davfs, subversion, etc.

From NST Wiki
Revision as of 13:25, 26 May 2010 by Paul Blankenbaker (talk | contribs) (Manually Configuring SSL)
Jump to navigationJump to search

Manually Configuring SSL

When accessing an NST system using the https protocol, you may run into troubles with some applications if your SSL configuration is not setup correctly. Most likely, the configuration issue will be that the ServerName parameter in "/etc/httpd/conf.d/ssl.conf" is not set to exactly match the host name of the system you are connecting to.

The following shows an example of the output of Subversion when trying to connect to a improperly configured NST system: 

tortilla-e:tmp pkb$ svn ls https://192.168.1.3/svn-trash/trash
svn: OPTIONS of 'https://192.168.1.3/svn-trash/trash': could not connect to server (https://192.101.77.44)
tortilla-e:tmp pkb$

The above failed because the ServerName parameter was not set to 192.101.77.44 in "/etc/httpd/conf.d/ssl.conf".

To fix this problem, you need to:

  • Edit the file: "/etc/httpd/conf.d/ssl.conf"
vi /etc/httpd/conf.d/ssl.conf
  • Restart the web server using the command:
service httpd restart

NOTE: This issue is often run into when you setup a NST system using a static IP address, or when using the NetworkManager service instead of the network service.

Automatically Configuring SSL

If your NST system is configured to use DHCP and the network service, the /etc/dhcp/dhclient-exit-hooks script will automatically set the ServerName in your /etc/httpd/conf.d/ssl.conf. You won't need to do any manual configuration.

However, there are some situations where you may not want your SSL configuration file updated. If you would like to disable the automatic SSL configuration, do the following:

  • Editing the file: /etc/dhcp/dhclient-exit-hooks
vi /etc/dhcp/dhclient-exit-hooks
  • Set the ENABLE_AUTO_SSL variable near the top of the file to false.
  • Restart the network service.
service network restart


Configuring SSL For A Host Name

If you would like to configure SSL so that users can connect using a host name (like: "mysvn") instead of a IP address, you must:

  • Set the ServerName parameter in /etc/httpd/conf.d/ssl.conf to the new name ("mysvn").
  • Make sure that "mysvn" resolves to the proper IP address. There are many ways to accomplish this. In the worst case scenario, you can edit the /etc/hosts file on ALL systems involved.
  • Restart the web server.
Retrieved from "https://wiki.networksecuritytoolkit.org/nstwiki/index.php?title=HowTo_Configure_Apache_SSL_For_davfs,_subversion,_etc.&oldid=2307"