SSL support

Hi all,

I have just figured out (I think)the mod-perl and virtual host
configuration for RT. It is working for normal web access, but can’t make
it work for ssl, when I do https://rt.mysite I see folders list of my root
server.

Here are my virtual host configuration for rt with ssl:

SSL Virtual Host Context

<VirtualHost *:443>
ServerName rt.mysite
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key

CustomLog logs/ssl_request_log
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b”

RewriteEngine On
RewriteOptions inherit

SetHandler perl-script
PerlHandler RT::Mason

For normal access the following works just fine…

<VirtualHost *>
ServerName rt.mysite
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl

SetHandler perl-script
PerlHandler RT::Mason

Any suggestions???

Thanks in advance,

Francois

I have just figured out (I think)the mod-perl and virtual host
configuration for RT. It is working for normal web access, but can’t make
it work for ssl, when I do https://rt.mysite I see folders list of my root
server.

Any suggestions???

Have you changed the WebBaseURL in RT_SiteConfig.pm to https://…?
Cerion

I have just figured out (I think)the mod-perl and virtual host
configuration for RT. It is working for normal web access, but can’t make
it work for ssl, when I do https://rt.mysite I see folders list of my root
server.
Also, have you set the apache ‘LISTEN’ directive to include 443?
Cerion

Could not use rt with ssl and vhost, finally got it to work with straight
alias and it is now fine. Wonder what advantages there are in using
vhosts?
The advantage is simply being able to run more than one site on your server.
You can’t have more that one ssl vhost (name resolution doesn’t work with ssl,
so you can only resolve on the vhost being on port 443)… but you can have
other, non-ssl vhosts at the same time.

I did set this up last year, if you’re interested, but I’ve since moved back
to a non-ssl setup, and instead forward http connections through ssh.
Cerion

Could not use rt with ssl and vhost, finally got it to work with straight
alias and it is now fine. Wonder what advantages there are in using
vhosts?
The advantage is simply being able to run more than one site on your server.
You can’t have more that one ssl vhost (name resolution doesn’t work with ssl,
so you can only resolve on the vhost being on port 443)… but you can have
other, non-ssl vhosts at the same time.

You can do IP-based vhosts with https if you can assign more than
one address to the server. The problem with name-based vhosts
is simply that the hostname header isn’t passed until after
the browser/server have agreed on the certificate(s) involved.

Les Mikesell
les@futuresource.com