RE: [cobalt-users] Has anyone successfully configured SSL on RaQ2?

["Tony Patti" <isplists@xxxxxxxxxxxx>]

Dennis,

How do you handle a ScriptAliased cgi-bin with this method?

Directory structure is:

/home/sites/ssl
/home/sites/ssl/cgi-bin
/home/sites/ssl/web

Symlinks out of the /ssl/cgi-bin are not allowed though.
FollowSymLinks and ExecCGI are in the right <directive> tags in the
httpd-ssl.conf
and cgi's are running from the main ssl url.
I get this in my ssl error log:

[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
Symbolic link not allowed:


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dennis
Sent: Sunday, January 23, 2000 12:21 PM
To: Patrick Agee; cobalt-users@xxxxxxxxxxxxx
Subject: Re: [cobalt-users] Has anyone successfully configured SSL on
RaQ2?


Patrick-

Are you using the Cobalt SSL package?

If so here is what we did.
1. Ordered a secure cert from thawte like the following:
secure.ourdomain.com
2. Followed directions in the SSL manual to generate and install cert.
3. Created a single A record in DNS pointing 'secure.domain.com' to an IP.

To set-up to that virtual customers can use:
1. Created a directory called ssl in /home/sites
2. Made the document root of the secure server /home/sites/ssl  (This can be
done by changing the path between the <Virtual Host> directives towards the
end
of the httpsd.conf file).

Now you want to be able to let your user access the secure server via their
website. Lets say it is site5
3. cd /home/sites/ssl
4. ln -s /home/sites/site5/web /home/sites/ssl/site5
*For the second path you can name "site5" anything you want. Say the domain
is
test.com so you make it /home/sites/ssl/test

Now when you go to https://secure.domain.com/test/ it will allow you to call
any
file up in secure mode that is in the site5s web directory.

Also "chmod o-r ssl" so that if someone goes to your your secure server
without
putting in a directory they are not allowed to see the directory structure
of
the ssl
directory.

We set it up this way so that only sites that we create the links for are
allowed to access the secure server.

Works great for us. Hope it helps.

    -Dennis

Patrick Agee wrote:

> I am wondering what command lines you have in your httpd.conf file and
where
> you have the crt, key and pem files located.  The directions I have found
> for this are very slim.  Thanks
>
> Patrick Agee
> Spotted Dog Computers
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Dennis
> Sent: Sunday, January 23, 2000 12:04 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Has anyone successfully configured SSL on
> RaQ2?
>
> Sue-
>
> Yes we do have the SSL secure server software running great on our RaQ2
and
> allowing our name based virtual hosting clients access to it.
>
> Please let me know what your questions are.
>
>     -Dennis
>
> Sue Green wrote:
>
> > -- [ From: Sue Green * EMC.Ver #3.1a ] --
> >
> > Please copy your reply to:   sue@xxxxxxxxxxxxx
> >
> > I have the SSL software from Cobalt installed on my RaQ2. I need to
> > configure it now, and no one seems to really know how to do it. Does
> anyone
> > have a Cobalt RaQ2, with the Red Hat Secure Server software for the RaQ2
> > from Cobalt successfully configured beyond the default settings? If you
> do,
> > and could help me with a few specific questions about setting up the
SSL,
> I
> > sure would appreciate a few minutes of your time.
> >
> > Thank you!
> >
> > Sue
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users


_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users