Banner does show under SSL

RT Users
1

Well I finally got RT 3.06 runnning under SSL on my RedHat 8 box. I seem
to recall before hearing something abt that having to do with name
resolution. But when looked thru the archives I came up empty.
My Apache CONF file looks like:

ServerName rt.server.com
ServerAdmin root@server.com
DocumentRoot /opt/rt3/share/html
ErrorLog logs/rt/error_log
TransferLog logs/rt/access_log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.server.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.server.com.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ “.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars

PerlModule Apache2 Apache::compat
PerlModule Apache2 Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl
<Directory /opt/rt3/share/html>
SSLOptions +StdEnvVars
Order allow,deny
Allow from all
Options All
AllowOverride All
AddDefaultCharset UTF-8
<Files *.html>
SetHandler perl-script
PerlHandler RT::Mason


<Directory /opt/rt3/share/html/Ticket/Attachment>
SSLOptions +StdEnvVars
SetHandler perl-script
PerlHandler RT::Mason

<Directory /opt/rt3/share/html/SelfService/Attachment>
SSLOptions +StdEnvVars
SetHandler perl-script
PerlHandler RT::Mason

<Directory /opt/rt3/share/html/REST>
SSLOptions +StdEnvVars
SetHandler perl-script
PerlHandler RT::Mason

Not sure what part of RT_SiteConfig is needed for diagnosing

Would certainly appreciate an assist on this last little hump.

Most anything is easy after you’ve done it successfully a few times

Leon Sonntag
Innovative Web Applications
leon at iwa-solutions dot com

2

Did you rem to set “WebBaseURL” to https in RT_SiteConfig.pm?
The name resolution stuff was just that you can’t have multiple ssl virtual
hosts, 'cos the ssl handshake happens before the hostname is resolved…

Your httpd.conf looks a little complex… try the changes below
(I have ssl working, also ‘requiring’ client certificates - lemme know if you
want that configuration too)
Cerion

Well I finally got RT 3.06 runnning under SSL on my RedHat 8 box. I seem
to recall before hearing something abt that having to do with name
resolution. But when looked thru the archives I came up empty.
My Apache CONF file looks like:

You don’t need/want the servername in the VH directive.

<Virtualhost *:443>
ServerName rt.server.com:443 # port not necessary here, but better.
ServerAdmin root@server.com
DocumentRoot /opt/rt3/share/html
ErrorLog logs/rt/error_log
TransferLog logs/rt/access_log

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.server.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.server.com.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ “.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars

PerlModule Apache2 Apache::compat
PerlModule Apache2 Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl

AddDefaultCharset UTF-8

SetHandler perl-script PerlHandler RT::Mason

<Directory /opt/rt3/share/html>

SSLOptions +StdEnvVars # the ‘Files’ directive does this already

Order allow,deny
Allow from all

Options All # sure you want this?

AllowOverride All # and this?

AddDefaultCharset UTF-8 # I put this above…

<Files *.html> # and this I put in the

SetHandler perl-script

PerlHandler RT::Mason

The rest shouldn’t be necessary.

<Directory /opt/rt3/share/html/Ticket/Attachment>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

<Directory /opt/rt3/share/html/SelfService/Attachment>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

<Directory /opt/rt3/share/html/REST>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

3

At 11:26 PM 3/12/04, Cerion Armour-Brown wrote:

Did you rem to set “WebBaseURL” to https in RT_SiteConfig.pm?
The name resolution stuff was just that you can’t have multiple ssl virtual
hosts, 'cos the ssl handshake happens before the hostname is resolved…

Yes, I did…Thnx anyway

Your httpd.conf looks a little complex… try the changes below
(I have ssl working, also ‘requiring’ client certificates - lemme know if you
want that configuration too)
Cerion

I tried the revised configuration and the vhost won’t even start, so I went
back to the orgiinal config. However, on the good side, the banner shows
up just fine today. On the bad side, it appears to of caused some
problems with my email interface (but that is a separate issue)>On Friday 12 March 2004 23:59, Leon Sonntag wrote:

Well I finally got RT 3.06 runnning under SSL on my RedHat 8 box. I seem
to recall before hearing something abt that having to do with name
resolution. But when looked thru the archives I came up empty.
My Apache CONF file looks like:

You don’t need/want the servername in the VH directive.

<Virtualhost *:443>
ServerName rt.server.com:443 # port not necessary here, but better.
ServerAdmin root@server.com
DocumentRoot /opt/rt3/share/html
ErrorLog logs/rt/error_log
TransferLog logs/rt/access_log

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.server.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.server.com.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ “.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars

PerlModule Apache2 Apache::compat
PerlModule Apache2 Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl

AddDefaultCharset UTF-8

SetHandler perl-script PerlHandler RT::Mason

<Directory /opt/rt3/share/html>

SSLOptions +StdEnvVars # the ‘Files’ directive does this already

Order allow,deny
Allow from all

Options All # sure you want this?

AllowOverride All # and this?

AddDefaultCharset UTF-8 # I put this above…

<Files *.html> # and this I put in the

SetHandler perl-script

PerlHandler RT::Mason

The rest shouldn’t be necessary.

<Directory /opt/rt3/share/html/Ticket/Attachment>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

<Directory /opt/rt3/share/html/SelfService/Attachment>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

<Directory /opt/rt3/share/html/REST>

SSLOptions +StdEnvVars

SetHandler perl-script

PerlHandler RT::Mason

rt-users mailing list
rt-users@lists.bestpractical.com
The rt-users Archives

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

Most anything is easy after you’ve done it successfully a few times

Leon Sonntag
Innovative Web Applications
leon at iwa-solutions dot com