General :: Apache, Https & Certificates Per Directory?
Nov 23, 2010
I was wondering if it is possible to have different certificates for different directories in a https-directory ?So what I want is that for a specificry a specific TLS-certificate is needed by the http-client to be authorized to the directory.Directory /var/www/html/secure/1 needs a certificate A.Directory /var/www/html/secure/2 need a different certificate B.So I have 1 CA, which signs the other certificates of the specific directory. The http-client gets the certificate A or certificate B (to be authenticated for secure/1 of secure/2)
View 5 Replies
ADVERTISEMENT
May 1, 2011
On one of my servers (Centos 5.5), I have been hosting articularly complex CRM application for one of my clients. Recently they have asked about configuring SSL connections to the CRM. Problem is, SSL is already configured for their main domain but not the sub-domain where the CRM application is accessed. Rather than purchasing another SSL certificate for their sub-domain (and probably another IP address),ld it be possible to setup a redirection from the subdomain to a sub-directory in the SSL directory using mod_rewrite. I have searched online and through the other posts on LinuxQuestions but nothing I have tried works.For example:[URl]
View 2 Replies
View Related
Sep 29, 2009
I used the Center for Internet Security Benchmark for Apache Web Server v2.1 (January 2008) manual.
This is the guidelines I have to follow when installing and configuring Apache...So the problem arises when we get to page:28
Just after running this command: openssl x509 -in url | more
We get this error:unable to load certificate 31352:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
View 2 Replies
View Related
Mar 7, 2011
For some of the files that I share using Apache, I want to make sure that they are served ONLY via https.
How can I configure this for Apache?
View 1 Replies
View Related
Apr 4, 2010
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
View 14 Replies
View Related
Jan 9, 2011
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies
View Related
Aug 24, 2010
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
View 7 Replies
View Related
Jan 17, 2009
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies
View Related
Apr 11, 2011
I am trying to get name based virtual hosts all running on HTTPS (port 443) so I can run multiple sites on the one IP.
The DocumentRoot needs to be different for each host.
[URL]
However, I am unable to find where to actually enable these hosts in the configs. The apache website says to put it in httpd.conf however that file is empty on my machine.
The existing default virtual hosts are in "/etc/apache2/sites-available/default" and "default-ssl"
The main config file is /etc/apache2/apache2.conf
I am running version 2.2.16 of apache
I need to use the same .htpasswd file for all the sites.
I have configured CNAMES on my domain for all of these hosts.
View 4 Replies
View Related
Apr 1, 2010
I have configured apache using mod_jk to front tomcat. Then I configured tomcat and my application to use https. but after that I cannot access it through https without adding port 8080 in the URL. I think I need to add some configurations to apache to cope with this situation, but I still couldn't find the proper config though I tried many.
View 4 Replies
View Related
Nov 3, 2010
For some years now I have been able to use openssl (apache-mod_ssl) to process encrypted traffic because I had, in effect, only one host - the main server - as the sole entry in our ssl_vhost.conf file.
Now we are working toward serving a couple of more secure sites for closely related organizations, but with their own distinct identities. This, in the past, would have meant additional static IPs with matching nic cards for starters. But my understanding is that since 2007/8 we have been able to use gnutls (apache-mod_gnutls) which gets around the old problem of Apache not being able to direct name-based traffic because that would not yet have been decoded. This is referred to as SNI - Server Name Indication.
Here my confusion begins. Is there an overlap between SSL and TLS? For instance, I would have generated RSA keys and a self-signed certificate with the genrsa command. Is this sufficient for gnutls or does it need to generate its own keys and certificates? I realize gnutls is relatively a new kid on the block but it is appealing and I'd like to give it a try.
I am working with the Mandriva/Mageia cooker with an x86_64 architecture so all packages are up-to-the-minute.
View 3 Replies
View Related
Oct 30, 2015
How to best manage both http and https pages on the same apache-server without conflicts. For example, if i have both 000-default.conf and 000-default-ssl.conf pointing to mydomain.com, and don't want users who visit mydomain.com without specifically type the https-prefix to be redirected to the https-page - how to handle users using browserplugins such as https-everywhere etc?
Another option would be to create a subdomain ssl.mudomain.com and have users who want to reach the ssl site to have to type ssl. I have tested several things with https everywhere enabled in my own browser, and it seems really hard to make this working the way i want, in one way or another i always end up getting redirected to the ssl-site automatically.
The reason i need this to work is because i run one site that i don't care much about SSL, that is the "official" part of that site, and i also host some things for friends and family on the SSL-part. This would not have been a problem if it wasn't that i use self-signed certificates for my ssl-site and the major user become afraid when a certificate-warning pops up in their browser and therefor leave the site.
View 2 Replies
View Related
Jan 17, 2010
I have 2 web server in my office : http and https. You will find attached the httpd.conf and ssl.conf. I can acces the https server from home, but not the http one.
What I did :
configure the router to forward port 80 to my fedora 11 machine
open port 80 with system-config-network
created a virtualhost
The same exact steps have been done for port 443
I can access both server locally but only the https server remotelly.
Here are my iptables :
Code:
you can try to acces my servers using [url]
I made httpd to listen to port 8080, and done all the port forwarding/opening stuf, and it works. so is it a bug ?
Finally found my error seams like turning off UseCanonicalName to off did the trick
I really think it's a bug now. It was definitively working last week, I just added content to the main host of my website, and now i can't acces it from port 80. If someone think it's not a bug or find someting missing/wrong in my conf file.
View 2 Replies
View Related
Aug 13, 2010
Has anyone successfully kickstarted a rhel/fedora/centos over HTTPS ? In other words, is it possible to do the rhel/fedora/centos install from running apache with SSL enabled?
View 1 Replies
View Related
Nov 8, 2010
I am using Apache/2.2.3 on Centos 55. I am having an issue that is pretty strange to me. Whenever I navigate to a url on my webserver from outside my network. I have to put a '/' in the directory path for example When I type in: mydomain.com/directory1 it winds up redirecting to the hostname for my server HOWEVER When I type in mydomain.com/directory1/ it works, since I am adding the '/' at the end of the path. I suspect it is because I do not have my FQDN set up correctly.I did not have this issue when I was using Ubuntu 10.04 , I suspect because Ubuntu automagically set this up for me. Is there a particular way I need to setup my FQDN in centos to get this to work properly? I have tried going into /etc/hosts and adding my FQDN in there, but I do not think I did it properly, is there a particular way the /etc/hosts file needs to be setup?
View 1 Replies
View Related
Sep 22, 2010
I have an old Apache version (1.3.11) and an old Redhat release (2.1.12-20 - Cartman)and need to authenticate a Windows 2003 domain. The authentication to an NT domain already works as expected (see below) but unfortunately I am unable to find the correct LDAP module for V1.3.11 to allow authentication.
From what I have read the LDAP module needs to be compiled with Apache but I am really not sure. Unfortunately I am unable to upgrade to Apache2 when I could presumibly use the authnz_ldap_module but if someone could point me to the correct LDAP module for 1.3.11 it .
Ive installed openldap-1.2.9-6 and openldap-devel-1.2.9-6 but don't particulary want to go down configuring LDAP when hopefully I can simply add the LDAP module to Apache which was not compiled in Apache initially.
Also, do I need to specifiy the AD domain password in the directives or can the Windows lads just create any account I can use.
View 7 Replies
View Related
Oct 18, 2009
I have been following the steps mentioned at [URL] Now I want to add authentication through .htaccess.
View 1 Replies
View Related
Feb 13, 2011
When I try to install Apache Directory Studio through eclipse 3.3.The procedure I follow: Go to help (Eclipse Interface)----> Software Updates ----> Find and Install When I press Find and Install nothing happens and eclipse becomes unresponsive.
View 2 Replies
View Related
Aug 9, 2011
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
View 6 Replies
View Related
Feb 22, 2011
I will be doing actual development and testing on the same machine as the server. It is a single user machine in the sense that I will be the only one working on the machine. There will be multiple hosted languages, specifically PHP and RoR while possibly expanding later. I'd like the setup to translate well to a production environment. With those 3 things in mind there are a couple of things I've had in the back of mind.Seeing as it's a single user machine I haven't been able to decide whether or not I should be working on things out of my home directory or if they should be located outside of it.I'm feeling that outside of a user directory would be better as it would translate better to a production environment, but I'm also not sure if that will come with any permission annoyances or concerns seeing as I'll be working on the same machine. Hosting multiple languages seems like it may be a bit quirky. With PHP I've found you're generally just dumping the project somewhere in the document root where as something like a Rails app you have the entire project and you only want the public directory in the document root.
View 1 Replies
View Related
May 22, 2011
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
View 7 Replies
View Related
Feb 1, 2010
I have RHEL5 with apache installed and running. I have a directory off of / called software that I would like to have show up as a directory listing so if I go to [URL] I get the directory listing. I have tried searching around and nothing seems to work for me. So out of the box how do I get this to work? My server properly resolves to [URL] so I am good there.
View 8 Replies
View Related
Nov 9, 2010
We have a apache server which have a ssl certificate like www.abc.com. We hosting a website is a online giving shop which need ssl cetificate in https. website of this is www.123.com, it will redirect tow this website owner don't want to show What can I do to achieve this ? Can I use rewrite function in apache to achieve this? How? or we need to buy any other ssl certificate for www.123.com? How can I install multiple sslcertificate in one apache server?
View 4 Replies
View Related
May 16, 2011
How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies
View Related
Sep 17, 2010
i have a quick question about using plesk on centos 5.x server and installation of ssl certificates. if anyone out there has expertise with above,
View 1 Replies
View Related
Feb 15, 2011
I am installing some SSL certificates on my web server, however I have a couple questions, as I'm not familiar with this process
1) I'm not sure which directory to put them in? What is good practice? Is /var/www/secure a good location so long as I restrict access to the secure directory?
2) I am told to edit the following in my ssl.conf file of apache2
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
However, I cannot find this file, ssl.conf. Nor can I find the above directives in my main apache2.conf file. Where is the ssl.conf file? Or alternatively, could I just add the above directives to my apache2.conf file?
View 2 Replies
View Related
Sep 24, 2010
I created a website in my apache server. I just need to secure that when everyone try to access any folder on my root directory, it will show "Forbidden".
View 3 Replies
View Related
Oct 8, 2010
I'm just wondering how many people out there use a load balancer of some kind for terminating HTTPS/TLS/SSL before sending requests onto backend web servers?
And if you send the requests onto those backend servers using an Stunnel of some sort to keep the data encrypted between your load balancer and your webservers?
View 4 Replies
View Related
Apr 18, 2011
I have issue with lwp. A https get request returns 400 error. How ever I am able to get 200 response using a browser. I am not using any proxy.
View 1 Replies
View Related
Nov 20, 2009
I have searched the forum high and low for the solution with no success, so I will now post this problem, with all known facts. Linux (and Fedora) is brand new to me so I'm somewhat illiterate with the language and recommendations from reading other threads. Please bare with me. I'm reading the book Beginning PHP and MySQL from Novice to Professional by Cristian Darie.The book has you create an Alias directory for creating the tshirtshop web-based application.
The book uses the directory /home/username/tshirtshop. However, I did not want this in the /home directory, so I created a new directory from the root directory /workspace/tshirtshop. Below are the areas of interest in the file httpd.conf (I restarted the httpd service each time I edited this file):
Code:
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
[Code]....
View 1 Replies
View Related
