RE: rewrite to 443..please help me

danielitob <gbattine@xxxxxxxxxxxxx> · Tue, 28 Jul 2009 07:05:49 -0700 (PDT)

Thanks to everyone...
I went on my linux server and I run

openssl x509 -in cert.crt -noout -subject

In output I've
subject= /C=IT/ST=***/L=***/O=***/OU=***/OU=Terms of use at
www.trustitalia.it/rpa (c) 04/OU=Authenticated by Trust Italia,
S.p.A./OU=Member, VeriSign Trust Network/CN=www.grandhotelduegolfi.com

When I go to 
http://www.grandhotelduegolfi.com
it works correctly.

If I run a request for /protected, so 
http://www.grandhotelduegolfi.com

as I expected browser redirects to
https://www.grandhotelduegolfi.com/backend 

and an error appears. Error is not significative, cause on my server, when a
request doesn't reach something correctly, it redirects to a default
application, so please skip it.
I read log and I found

[warn] RSA server certificate CommonName (CN)  `www.grandhotelduegolfi.com'
does NOT match server name!?

Here is configuration of my virtual host
<VirtualHost IP:80>
        ServerName www.grandhotelduegolfi.com
        ServerAlias grandhotelduegolfi.com 
        DocumentRoot /var/www/www.grandhotelduegolfi.com
        CustomLog logs/hotelduegolfi_log combined
        RewriteEngine On
        RewriteLog "logs/rewrite.log"
        RewriteLogLevel 5
        RewriteRule ^/backend/(.*)
https://www.grandhotelduegolfi.com/backend/$1 [R=301,L]
	<Directory /var/www/www.grandhotelduegolfi.com>
		AllowOverride FileInfo
	</Directory>

</VirtualHost>

My doubt now is...what I've to put in my ssl.conf?
Some of significative data are below

LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.pem

SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/key.pem

but I've nothing under

<VirtualHost _default_:443>,

cause my virtualhost is configured on port 80, on a specific file.

What I'm missing?
Please help me

> -----Original Message-----
> From: danielitob [mailto:gbattine@xxxxxxxxxxxxx] 
> Sent: Tuesday, July 28, 2009 9:06 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  rewrite to 443..please help me
> 
> 
> Ok..
> that is configuration. What I need is running a we site on 
> http, but when I
> send request to a protected/* page, request mu be managed under ssl.
> What I'm missing?Is this only configuration I have to do?
> In ssl.conf, I configured certificate. It seems I did it 
> well, cause when I
> run application and I click on certificate, it seems 
> correctly configured.
> But when I run a page under /protected, it gives me error
> 
> [warn] RSA server certificate CommonName (CN) 
> `www.mysite.com' does NOT
> match server name!?
> 
> Why is it so difficult and there isn't a working example on 
> internet?:(
> 
> This is virtual host
> 
> <VirtualHost IP:80>
>         ServerName www.mysite.it
>         DocumentRoot /var/www/www.mysite.com
>         RewriteEngine on
>         RewriteLog "log/rewrite.log"
>         RewriteLogLevel 5
>         RewriteRule ^/protected/(.*) 
> https://www.mysite.com/protected:443/$1
> [R=301,L]

It is still not clear: as Igor says, the domain name in the rewrite-rule
is different from the domain-name of your HTTP site. Do you have both
the .it and the .com domains registered?

If you could bear to publish the real domain name, we could check it.
Otherwise, we only have your word that fields are the same - you could
have a typing error that you are failing to notice..

>         <Directory /var/www/www.mysite.com>
>                 AllowOverride FileInfo
>         </Directory>
> </VirtualHost>
> 
> Thanks for your help, you're my last hope..
> 
> 
> 
> Igor Cicimov wrote:
> > 
> > sorry i lost your initial email with the configuration, can 
> you send it
> > again please so i can have another look?
> > 
> > 
> > On Tue, Jul 28, 2009 at 3:01 AM, danielitob <gbattine@xxxxxxxxxxxxx>
> > wrote:
> > 
> >>
> >> Hello Igor..
> >>
> >> I checked but it was my digit error.
> >> Fields are equal but I have always same problem..
> >>
> >> What I'm missing?
> >> I configured virtual host on port 80 and did a redirect 
> for a subfolder
> >> to
> >> 443.
> >> i need other configuration?
> >>
> >> Please help me, I'm crazying..
> >>
> >>
> >> Igor Cicimov wrote:
> >> >
> >> > I don't know if typo or not but in the redirect rule you have
> >> > mysite.cominstead
> >> > mysite.it
> >> >
> >> > On Fri, Jul 24, 2009 at 6:24 PM, danielitob 
> <gbattine@xxxxxxxxxxxxx>
> >> > wrote:
> >> >
> >> >>
> >> >> Sorry...you're right.
> >> >> I analyzed error log and I found that...it's strange
> >> >>
> >> >> [Fri Jul 24 10:12:19 2009] [warn] RSA server 
> certificate CommonName
> >> (CN)
> >> >> `www.mysite.com' does NOT match server name!?
> >> >>
> >> >> what does mean?
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Ray Van Dolson-3 wrote:
> >> >> >
> >> >> > On Thu, Jul 23, 2009 at 09:51:38AM -0700, danielitob wrote:
> >> >> >> The issue is when I click on
> >> >> >>
> >> >> >> https://www.mysite.it/protected
> >> >> >>
> >> >> >> and error appears.
> >> >> >
> >> >> > More information on the error please.  An error in 
> your Apache log
> >> >> > file?  An error in the browser (perhaps corresponding 
> with a self
> >> >> > signed certificate)?
> >> >> >
> >> >> > Ray
> >> >> >
> >> >> >
> >> 
> ---------------------------------------------------------------------
> >> >> > The official User-To-User support forum of the Apache 
> HTTP Server
> >> >> Project.
> >> >> > See <URL:http://httpd.apache.org/userslist.html> for 
> more info.
> >> >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >> >> >    "   from the digest: 
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >> >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >> 
> http://www.nabble.com/rewrite-to-443..please-help-me-tp2462994
2p24640563.html
> >> >> Sent from the Apache HTTP Server - Users mailing list archive at
> >> >> Nabble.com.
> >> >>
> >> >>
> >> >> 
> ---------------------------------------------------------------------
> >> >>  The official User-To-User support forum of the Apache 
> HTTP Server
> >> >> Project.
> >> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >> >>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> 
> http://www.nabble.com/rewrite-to-443..please-help-me-tp2462994
2p24684493.html
> >> Sent from the Apache HTTP Server - Users mailing list archive at
> >> Nabble.com.
> >>
> >>
> >> 
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server
> >> Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>
> >>
> > 
> > 
> 
> -- 
> View this message in context: 
> http://www.nabble.com/rewrite-to-443..please-help-me-tp2462994
2p24693609.html
> Sent from the Apache HTTP Server - Users mailing list archive 
> at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. If you receive
this message in error, please notify the sender urgently and then
immediately delete the message and any copies of it from your system. Please
also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications
through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

-- 
View this message in context: http://www.nabble.com/rewrite-to-443..please-help-me-tp24629942p24698126.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx