[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] ssl fix for httpd.conf in RIPE-land
- Subject: [cobalt-developers] ssl fix for httpd.conf in RIPE-land
- From: Frans ter Borg <frans@xxxxxxxxxx>
- Date: Sun Dec 1 14:27:00 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
hiya,
A client of ours recently pointed out that they had problems enabling SSL
for sites hosted on their server. Generating a self-signed certificate and
enabling ssl for a specific site on that server did indeed not work. Also
the mgmt interface became unavailable at http://server/admin but could
only be accessed via the http://server/.cobalt/sysManage pages.
It took a while to find out what was going on.
there is some dynamics in the /etc/httpd/conf/httpd.conf in which it
parses itsself and verifies the existence of a file relating to ssl for a
certain site. If so, it will generate a VirtualHost section for that site.
These dynamics are between <PERL></PERL> tags.
The code will work for most people out there, but for this client it did
not. The code mentioned the following:
s/80/443/go if (/^Rewrite/);
Sounds like a plan, but if you have an IP address which includes the
number 80, it will become mangled - ex. RIPE has recently started
allocating from 80.0.0.0/8 so addresses from that range will be changed
into 443.0.0.0/8 addresses (which obviously don't exist)
Changing the above line by
s/\:80/\:443/go if (/^Rewrite/);
Will solve the problem, as only the port section of the address lines need
to be changed.
I suppose it would be good for SUN to patch this as more and more new
servers in Europe will be deployed in the 80.0.0.0/8 IP range and more
people will run into this issue. I'm too new to this forum to know how to
make this known to SUN's people though, so I hope they'll read it here...
Regards,
Frans
--
Quanza Engineering B.V. Elandsstraat 44
Frans ter Borg 1016 SG Amsterdam
E: frans@xxxxxxxxxx www.quanza.net