Hello Max, Thanks for your response,
I Installed the packages, openca_tools-1.3.0 , Openca-base-1.1.0 and I use apache2. And I didn't patch the system! Now about your points: 1- I changed the protocol type to * and I get the "HTTP 500 Internal server error"! 2- In the log folder of openca there's not any error_log file! There's just some another log files. In the stderr_log file I found this error: Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE / at /usr/local/lib/openca/perl_modules/perl5/OpenCA/AC.pm line 730. Compilation failed in require at /usr/local/etc/openca/openca_start line 65. and really I don't know what it is about. 3- I checked the apache's log files and in the access_log file I found a noticeable log! when I use the Http protocol to access the Ra and Pub Interface there are two lines as this: 192.168.21.55 - - [24/Aug/2010:10:56:32 -0400] "GET //pub/menu/C/menu.xml HTTP/1.1" 304 - "http://ca.modern.com/cgi-bin/pub/pki?cmd=getStaticPage&name=homePage"; "Mozilla/4.0 ... 192.168.21.55 - - [24/Aug/2010:11:10:12 -0400] "GET //ra/menu/C/menu.xml HTTP/1.1" 200 3522 "http://ca.modern.com/cgi-bin/ra/RAServer"; "Mozilla/4.0 .... But when I use the https protocol to access the Ra Interface there's not any log like that! Now I really don't know what I should do. I will appreciate any response. Best Regards, Zaxary Massimiliano Pala-3 wrote: > > Hello Zaxary, > > It is definitely an access config problem. It normally works with > http/https. > What happens if you set the protocol to '*', can you access it via https ? > Have you checked the logs in PREFIX/var/openca/log/errlog ? Also, check > the > Apache logs for the possible error (maybe it is an https config error > there). > > For the ra.xml configuration, the most liberal one for https is something > like the following: > <openca> > <access_control> > <channel> > <type>mod_ssl</type> > <protocol>ssl</protocol> > <source>.*</source> > <asymmetric_cipher>.*</asymmetric_cipher> > <asymmetric_keylength>0</asymmetric_keylength> > <symmetric_cipher>.*</symmetric_cipher> > <symmetric_keylength>128</symmetric_keylength> > </channel> > ... > > Does this works or do you still have issues ? Lat two usual questions: > - Which version of OpenCA are you using ? > - Have you installed all the patches for your version ? > > Later, > Max > > On 08/21/2010 03:58 AM, zaxary wrote: >> >> Hi all, >> >> I Installed OpenCA on a server with Apache 2 and it works correctly under >> http for Public interface. >> but RA is not works under https as the top menu is not displayed, but >> when I >> changed the access_control/ra.xml file so it can work with http it works >> correctly and there's no problem. >> >> now I don't know what the cause of the problem is. >> Is it the fault of apache's config or openca's config? >> >> can anybody help me to solved the problem? >> >> Regards, >> Zaxary >> > > > -- > > Best Regards, > > Massimiliano Pala > > --o------------------------------------------------------------------------ > Massimiliano Pala [OpenCA Project Manager] > ope...@acm.org > > project.mana...@openca.org > > Dartmouth Computer Science Dept Home Phone: +1 (603) > 369-9332 > PKI/Trust Laboratory Work Phone: +1 (603) > 646-8734 > --o------------------------------------------------------------------------ > People who think they know everything are a great annoyance to those of us > who do. > -- Isaac Asimov > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > > -- View this message in context: http://old.nabble.com/Top-menu-is-not-displayed-under-https%21-tp29497354p29519354.html Sent from the openca-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
