Re: [cobalt-users] SSL on RAQ2

["TC Concepts" <fred@xxxxxxxxxxxxxx>]

James K. Wade wrote:

> Hello All,

> I need to setup SSL on a raq2. I would appreciate any
> help with this. I have loaded on the software but I am
> having trouble configuring the httpd-ssl.conf & srm-ssl.conf.

> Can someone send me an example of there conf files
> or tell me how to do the following:

> 1) How do you setup different virtual sites?
> 2) How do you setup different certificates for each site?

> Thanks...James

James -

I don't believe you need to do anything to srm-ssl.conf.  There are some
things you may wish to enable on httpd-ssl.conf, but that is going to
depend primarily on your own preferences and the notes in the file
aren't too bad (more on that later).  As for your questions, I'll let
someone else respond to number two, as:

    a) I'm not sure, and
    b) I think it's somewhat more difficult

As for your first question, the way I did it was with symbolic links.
Don't hold me to this, because I'm doing it from memory, but I think
this is how I did it.  For purposes of this discussion, I am using the
term "client" as "customer", not as in a client-server relationship.
Okay.  Let's assume your certificate is for ssl.yourmaindomain.ext and
you have a virtual site (for a client, for example) named
www.your-clients-domain.com.

First (I think), just use your ftp program to go to your client's site,
and create a directory called "ssl" (actually, you could call it
anything, but this is what we will refer to later with the symbolic
link; it's also just a pretty good idea).

Telnet into your server as admin, and then run the following command:
su -
When prompted, just use your same password as admin.  This will switch
your identity from "admin" to "root" so that you will have full access
to files.  Next:
cd /home/httpd/html/
This will get you to the default location for where your ssl pages are
served from.

Create a symbolic link, as follows:

ln -s /home/sites/site##/web/ssl xxx

where "site##" is the actual corresponding site number for your client's
domain and "xxx" is some shortened version of your client's name or his
domain name.  This will create a symbolic link on the ssl server called
"xxx" which points to the "ssl" server on your client's site.  You may
have to play with the permissions some, but you (and your client) should
then be able to place files into the ssl directory on his own site, and
reference them as https://ssl.yourmaindomain.ext/xxx/.  I know this
isn't as good as ssl.your-clients-domain.com, but it's the next best
thing, and more than most hosting companies provide.  It also saves you
the trouble (as a provider) from having to upload his files for him.

Finally, one of the things you will likely want to do is enable cgi.  We
did two things in httpd-ssl.conf (MAKE A BACK-UP FIRST).  First, we
modified the line that looks like this:

    Options Indexes FollowSymLinks Includes

to look like this:

    Options Indexes FollowSymLinks Includes ExecCGI

Then, we uncommented the line that looks like this:

AddHandler cgi-script .cgi

You should read the notes above these sections before you do it, and
again, MAKE A BACKUP first.  Well, there you are.  If you have a problem
with this, repost and I'll check my permissions to see if I did anything
special there.  Good luck.

Fred Watt
Owner, TC Concepts
mailto:fred@xxxxxxxxxxxxxx
http://tcconcepts.com
936-756-2292