[rt-users] RT SSL implementation

Nelson Pereira npereira at protus.com
Tue Apr 15 14:06:36 EDT 2008


Ok, so I got to read up a bit.

The PEM files are the .key and .crt when generating self signed ssl
certs and keys... ok I get that...

What I did is I put in the lines bellow in the
/etc/httpd/conf.d/ssl.conf
  SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Also changed the RT_SiteConfig.pm for the line bellow:
Set($WebBaseURL , "http://10.98.5.253:$WebPort");  
is now :
Set($WebBaseURL , "https://10.98.5.253");

Restarted the server and no errors, see the logs:
[Tue Apr 15 14:09:13 2008] [notice] caught SIGTERM, shutting down
[Tue Apr 15 14:09:16 2008] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Tue Apr 15 14:09:18 2008] [notice] Digest: generating secret for digest
authentication ...
[Tue Apr 15 14:09:18 2008] [notice] Digest: done
[Tue Apr 15 14:09:18 2008] [notice] mod_python: Creating 4 session
mutexes based on 256 max processes and 0 max threads.
[Tue Apr 15 14:09:18 2008] [notice] Apache/2.2.3 (Red Hat) configured --
resuming normal operations


Yet, when going to https://10.98.5.253 I still get a page cannot be
displayed and the httpd error log states:
[Tue Apr 15 14:10:30 2008] [error] [client 10.98.5.250] Invalid method
in request \x16\x03\x01

What am I missing?



Regards,
 
Nelson Pereira

-----Original Message-----
From: Drew Barnes [mailto:barnesaw at ucrwcu.rwc.uc.edu] 
Sent: Tuesday, April 15, 2008 12:47 PM
To: Nelson Pereira
Cc: Jeffrey Lee; rt-users at lists.bestpractical.com
Subject: Re: [rt-users] RT SSL implementation

SSL-specific portions from my rt.conf in /etc/httpd/conf.d/ :

  ServerAdmin root
  SSLEngine On

  SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.pem
  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/certkey.pem

I didn't have to add anything else for it to work.  You may look into 
redirecting anything that goes to port 80, but that isn't necessary.

And from RT_SiteConfig.pm :
Set($WebBaseURL , "https://server.domain");


Nelson Pereira wrote:
>
> Jeff,
>
>  
>
> Can you point me to an article on how to setup RT for SSL  (https://)?
>
> I've been trying to set this up for 2 days now, and can't seem to get 
> it going.
>
> I took the HTTPD.conf lines to SSL.conf but that did not help.
>
>  
>
> Let me know, I would be interested in looking at your RT_SiteConfig.pm

> as well as your ssl.conf and httpd.conf
>
>  
>
> Thanks
>
>  
>
>  
>
> Regards,
>
>  
>
> Nelson Pereira
>
>
------------------------------------------------------------------------
>
> *From:* rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] *On Behalf Of 
> *Jeffrey Lee
> *Sent:* Friday, April 11, 2008 2:08 PM
> *To:* rt-users at lists.bestpractical.com
> *Subject:* [rt-users] RT SSL implementation
>
>  
>
> Hi guys,
>
>  
>
> I've implemented SSL on my RT box, but for some reason anytime I 
> update or create a new ticket, Rt tries to redirect the browser to 
> http:// (my server name):443/    how do I change the redirect after 
> the creation or updating of a ticket?
>
>  
>
> -Jeff
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com



More information about the rt-users mailing list