You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rubén Toribio Aldeguer <rt...@riu.com> on 2016/01/29 11:28:34 UTC
[users@httpd] Redirect Sites with SSL and Client Ceritifcate.
Good guys.
I have this settings apache and pretend that requests made to the site
www.mysite.example.com be redirected to the site mysite.example.com
(without the www). Both sites have different certificates (crt, key and
providers)
if I test it in an integration server, (for which I am obliged to set the
etc / hosts on my computer) I see it runs smoothly. And if I set etc/hosts
with producction server IP it works. But accessing trough Internet IP it
stuck waiting for load app. With Fiddler I see that the SSL tunnel remains
unrealized.
Any idea on how to solve this problem? ¿Does Apache/2.2 supports one ip and
two certificates? At this point I'm not sure where I have to look: server,
tomcat, browser, or internet FW.
Here the vhost settings:
Server version: Apache/2.2.15 (Unix)
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.mysite.example.com
ServerAdmin webmaster@riu.com
DocumentRoot "/extranet/tomcat/webapps/"
Alias /extranet/pdf "/extranet/pdf"
RewriteEngine on
Rewritecond %{HTTP_HOST} ^www.mysite.example.com [NC]
Rewriterule ^(.*)$ https://mysite.example.com$1 [R=301,NC,L]
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/httpd/certificados/www.mysite.example.
<https://lnkr.us/get?sourceId=15&uid=49544x240x&format=go&out=http%3A%2F%2Fwww.mysite.example.com%2F&ref=https%3A%2F%2Fmail.google.com%2Fmail%2Fu%2F0%2F%23drafts%3Fcompose%3D152890b03c897d25>
sha2.crt"
SSLCertificateKeyFile "/etc/httpd/certificados/www.www.mysite.example
<https://lnkr.us/get?sourceId=15&uid=49544x240x&format=go&out=http%3A%2F%2Fwww.mysite.example.com%2F&ref=https%3A%2F%2Fmail.google.com%2Fmail%2Fu%2F0%2F%23drafts%3Fcompose%3D152890b03c897d25>
.sha2.key"
SSLCertificateChainFile "/etc/httpd/certificados/gd_bundle-g2-g1.crt"
</VirtualHost>
<VirtualHost _default_:443>
ServerName mysite.example.com
ServerAlias machinename
ServerAdmin webmaster@riu.com
DocumentRoot "/extranet/tomcat/webapps/"
Alias /extranet/pdf "/extranet/pdf"
RewriteEngine on
RewriteRule ^/$ /extranet/ [PT,L]
RewriteRule ^/(extranet/)?(.*)$ /extranet/$2 [PT,L]
JkMount /* tomcat
JkUnmount /extranet/pdf/* tomcat
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 2
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/httpd/certificados/wildcard.mysite.example
<http://mysite.example.com/>.crt"
SSLCertificateKeyFile "/etc/httpd/certificados/wildcard.mysite.example
<http://mysite.example.com/>.key"
SSLCertificateChainFile "/etc/httpd/certificados/COMODORSAAddTrustCA.crt"
SSLCACertificateFile "/etc/httpd/certificados/ca.crt"
SSLCARevocationFile "/extranet/crl/crl.pem"
</VirtualHost>
Thanks!
--
*Rubén Toribio Aldeguer*
Técnico Sistemas DataCenter
Informática Área Sistemas
(+34) 971743030
www.riu.com / www.riuplaza.com
--
[image: Facebook] <http://www.facebook.com/Riuhoteles> [image: Twitter]
<http://twitter.com/#%21/RiuHoteles> [image: Flickr]
<http://www.flickr.com/photos/riuhotels/collections/> [image: Youtube]
<http://www.youtube.com/user/RiuHotelsandResorts> [image: Google Plus]
<https://plus.google.com/102337793674910512804/posts>
This e-mail and its attachments, if any, are confidential and may be
legally privileged. If you have received it in error, you are on notice of
this status. Please do not copy or use it for any other purpose or disclose
its contents to any other person: to do so could be a breach of confidence.
You may contact us at +34 971 74 30 30 or at sender's e-mail address.
[image: Facebook] *Please, consider the environment before printing this
email.* <http://www.riu.com/es/sostenibilidad/inicio.jsp>