On Tuesday 09 December 2003 14:29, Brian Candler wrote:
> On Tue, Dec 09, 2003 at 02:30:32PM +0100, Key Dof wrote:
> > The apache is in HTTP no SSL ( the SSL translation is done with external
> > SSL accelerators).
> > So for apache it's http but for the client it's https.
> > I think i will just bypass the SSL accelerators and install the key in
> > apache in https.
> > Thanks anyway
>
> That makes no sense whatsoever, but good luck anyway.
It makes perfect sense to me. He's using an external (i.e. "internet appliance")
hardware SSL acceleration box instead of Apache with OpenSSL.
Unfortunately, I'm sure that I would have to know how the external accelerators
integrate with Apache to have any idea how to solve Mr. Dof's problem. I personally
recommend that Mr. Dof call the company who sold and setup his external SSL
accelerator's tech support number and ask them. External SSL accelerators are
generally pricey items, so they should come with some kind of support. Just be
sure to tell them that sqwebmail is just a normal CGI program.
On a side note: If Mr. Doff really performs enough SSL transactions to require
a hardware accelerator, perhaps he should try one of these:
http://www.soekris.com/vpn1201.htm
They integrate with OpenSSL and offload most of the CPU intensive SSL stuff
from the machine's primary CPU. A new version will be available soon that includes
AES:
http://www.soekris.com/vpn1401.htm
Pricing can be found here:
http://www.soekris.com/how_to_buy.htm
I'm not affiliated with Soekris in any way. Heck, I'm not even a customer. I just
think they make/sell really cool hardware.
Good luck!
> Brian.
>
> > On Tue, 2003-12-09 at 14:25, Brian Candler wrote:
> > > Please reply to the list and not to me
> > >
> > > On Tue, Dec 09, 2003 at 01:40:13PM +0100, Key Dof wrote:
> > > > I tried the openssl, and i get this (http and not https):
> > > >
> > > > HTTP/1.1 302 Found
> > > > Date: Tue, 09 Dec 2003 12:37:07 GMT
> > > > Server: Apache/2.0.48 (Unix) DAV/2
> > > > Cache-Control: no-store
> > > > Pragma: no-cache
> > > > URI: http://my.domain.com/cgi-bin/sqwebmail/sqwebmail?index=1
> > > > Location: http://my.domain.com/cgi-bin/sqwebmail/sqwebmail?index=1
> > > > Content-Length: 339
> > > > Connection: close
> > > > Content-Type: text/html; charset=iso-8859-1
> > > >
> > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > > > <html><head>
> > > > <title>302 Found</title>
> > > > </head><body>
> > > > <h1>Found</h1>
> > > > <p>The document has moved <a
> > > > href="http://my.domain.com/cgi-bin/sqwebmail/sqwebmail?index=1";>here<
> > > >/a>.</p> <hr />
> > > > <address>Apache/2.0.48 (Unix) DAV/2 Server at my.domain.com Port
> > > > 80</address>
> > > > </body></html>
> > > > read:errno=0
> > > >
> > > >
> > > > The idea is that the apache server is in http mode, and we have
> > > > special SSL crypting appliance that translate the 443 to normal http
> > > > to the apache server.
> > >
> > > I don't know what you mean "http not https". Either you were using
> > > openssl -s_client to connect to the SSL crypto box (in which case it
> > > was https), or you are using telnet to port 80 or whatever (in which
> > > case it was http).
> > >
> > > Since you said http works just fine, then I think you should be using
> > > https for these tests, or else you don't prove anything.
> > >
> > > If the above works, then try again with
> > >
> > > GET /cgi-bin/sqwebmail/sqwebmail?index=1
> > >
> > > like it says. Continue until problem is debugged. Look in your Apache
> > > logs for errors.
> > >
> > > Brian.
> > >
> > > > Thanks
> > > >
> > > > On Tue, 2003-12-09 at 13:25, Brian Candler wrote:
> > > > > On Tue, Dec 09, 2003 at 12:06:03PM +0100, Key Dof wrote:
> > > > > > I just compiled the SqWebMail under FreeBSD 4-stable, it works
> > > > > > fine, but now i need to use SSL (redirect port from our ssl
> > > > > > encryptors), the page is empty.
> > > > > > Does anyone know a solution please?
> > > > >
> > > > > What version of sqwebmail? What webserver? How is it configured?
> > > > >
> > > > > Sqwebmail is a CGI application, and essentially doesn't care
> > > > > whether the request came over HTTP or HTTPS (except in a few places
> > > > > when deciding whether embedded URLs should contain http:// or
> > > > > https://)
> > > > >
> > > > > You can test SSL connections using openssl s_client:
> > > > >
> > > > > # openssl s_client -connect my.domain.com:443
> > > > > GET /cgi-bin/sqwebmail HTTP/1.0
> > > > > Host: my.domain.com
> > > > > <blank line>
> > > > >
> > > > > Regards,
> > > > >
> > > > > Brian.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
