Redirect Sites with SSL and Client Ceritifcate.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Good guys.

  I have this settings apache and pretend that requests made to the site www.mysite.example.com be redirected to the site mysite.example.com (without the www). Both sites have different certificates (crt, key and providers)

 if I test it in an integration server, (for which I am obliged to set the etc / hosts on my computer) I see it runs smoothly. And if I set etc/hosts with producction server IP it works. But accessing trough Internet IP it stuck waiting for load app.  With Fiddler I see that the SSL tunnel remains unrealized.

Any idea on how to solve this problem? ¿Does Apache/2.2 supports one ip and two certificates? At this point I'm not sure where I have to look: server, tomcat, browser, or internet FW.

Here the vhost settings:

Server version: Apache/2.2.15 (Unix)

NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.mysite.example.com
ServerAdmin webmaster@xxxxxxx
DocumentRoot "/extranet/tomcat/webapps/"
Alias /extranet/pdf "/extranet/pdf"
RewriteEngine on
Rewritecond %{HTTP_HOST} ^www.mysite.example.com [NC]
Rewriterule ^(.*)$ https://mysite.example.com$1 [R=301,NC,L]
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/httpd/certificados/www.mysite.example.sha2.crt"
SSLCertificateKeyFile "/etc/httpd/certificados/www.www.mysite.example.sha2.key"
SSLCertificateChainFile "/etc/httpd/certificados/gd_bundle-g2-g1.crt"
</VirtualHost>


<VirtualHost _default_:443>
ServerName  mysite.example.com
ServerAlias machinename
ServerAdmin webmaster@xxxxxxx
DocumentRoot "/extranet/tomcat/webapps/"
Alias /extranet/pdf "/extranet/pdf"
RewriteEngine on
RewriteRule ^/$ /extranet/  [PT,L]
RewriteRule ^/(extranet/)?(.*)$     /extranet/$2        [PT,L]
JkMount /* tomcat
JkUnmount /extranet/pdf/* tomcat
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/httpd/certificados/wildcard.mysite.example.crt"
SSLCertificateKeyFile "/etc/httpd/certificados/wildcard.mysite.example.key"
SSLCertificateChainFile "/etc/httpd/certificados/COMODORSAAddTrustCA.crt"
SSLCACertificateFile "/etc/httpd/certificados/ca.crt"
SSLCARevocationFile "/extranet/crl/crl.pem"
</VirtualHost>

Thanks!


--

Rubén Toribio Aldeguer
Técnico Sistemas DataCenter
Informática Área Sistemas
(+34) 971743030
www.riu.com / www.riuplaza.com

                     
Facebook Twitter Flickr Youtube Google Plus
 

This e-mail and its attachments, if any, are confidential and may be legally privileged. If you have received it in error, you are on notice of this status. Please do not copy or use it for any other purpose or disclose its contents to any other person: to do so could be a breach of confidence. You may contact us at +34 971 74 30 30 or at sender's e-mail address.

Facebook Please, consider the environment before printing this email.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux