And another question:
How do you handle virtual hosts via nsopenssl?
Perhaps I need to elaborate a bit on the setup... Let's say I have one IP and at least two domains, say foobar.com and yada.com. I set up virtual hosts in the usual manner so that foobar.com:80 returns something different than yada.com:80. In the same fashion I set up 2 more virtual hosts but return the same content respectively, www.foobar.com:80 and www.yada.com:80. Now let's say I also want to serve foobar.com:443. However, I don't want to simply provide all the same content over 443, e.g. I want admin pages to be only on 443. So I define another server in the config files, say foobar.com-ssl which doesn't actually load nssock, has it's own pageroot, and I set the server to foobar.com:443 in the nsopenssl config section. In my browser, https://foobar.com works, https://www.foobar.com returns https://foobar.com which is basically the same thing, but https://yada.com and https://www.yada.com also return https://foobar.com which is not desirable.
Kevin
Kevin S. Davis wrote:
Thank you and the others for the help, I've got it up and running. And a couple dumb questions:
I've got CADir/File commented out as in Torben's reference. I get an error in the log that it can't find/load the CA cert file, ca.pem. Obviously because it's not there, but I'm not running a CA, I'm self signed, and I can still make SSL connections without this file. Is this a bug or am I not understanding something here? Can I just ignore this error?
It also seems the default CipherSuite has an extra '+' in there.
What's *not* encrypted? Just the hostname? How about the URL, usernames/passwords via nsperm?
Thanks again, Kevin
Torben Brosten wrote:
Kevin,
Here's a direct url to the config.tcl file:
http://cvs.openacs.org/cvs/*checkout*/openacs-4/etc/config.tcl?rev=1.19.2.21
cheers,
Torben
On Feb 22, 2005, at 8:31 AM, Trenton Cameron wrote:
http://openacs.org/doc/openacs-5-1/install-nsopenssl.html is a pretty good tutorial on howto install nsopenssl on aolserver
Janine Sisk wrote:
That's good for installation, but not so much for configuration. However, if you download the OpenACS tarball and grab the config file (etc/config.tcl, IIRC) it has a section in it for nsopenssl that will show you one way it can be done (I'm sure there are others).
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
