APACHE SSL AND ZOPE.... - Zope - Zope lists

newer
RE: [Zope] Persistence - I know...

APACHE SSL AND ZOPE....

older
Problem with Topic Index

Bill

3 Jun 2003 3 Jun '03

3:50 a.m.

Basically, I am trying to stick Zope behind n APACHE Server/mod_ssl configuration. Following the instructions for Proxying, I can connect to apache and then redirect to Zope - but when I do, the lock icon in the browser switches back to "insecure", the Browser complains that there is unencrypted text being passed and it doesnt *look* like I am in SSL anymore. Obviously, I am missing something here -s if anyone can help I would appreciate it... On another semi-related issue - how does one pass the certificate generated by apache to the Zserver for a kind of "single signon"? TIA WPH

Reply

Sign in to reply online Use email software

Show replies by date

Jamie Heilman

3 Jun 3 Jun

4:03 a.m.

New subject: [Zope] APACHE SSL AND ZOPE....

Basically, I am trying to stick Zope behind n APACHE Server/mod_ssl configuration. Following the instructions for Proxying, I can connect to apache and then redirect to Zope - but when I do, the lock icon in the browser switches back to "insecure", the Browser complains that there is unencrypted text being passed and it doesnt *look* like I am in SSL anymore.

Zope must still be generating URLs that refer back to itself via http and not https. This would imply your rewrite rule is is using /VirtualHostBase/http/... instead of /VirtualHostBase/https/... -- Jamie Heilman http://audible.transient.net/~jamie/ "It's almost impossible to overestimate the unimportance of most things." -John Logue

Reply

Sign in to reply online Use email software

Lennart Regebro

9:18 a.m.

New subject: [Zope] APACHE SSL AND ZOPE....

Bill wrote:

On another semi-related issue - how does one pass the certificate generated by apache to the Zserver for a kind of "single signon"?

Well, you don't pass the certificate, you pass the certificate information. This is done via environment variables named stuff like SSL_CLIENT_I_DN_CN and other cryptic names, and can only be done with CGI. So you'll need to setup Apache and Zope to use CGI. Luckily, you can use the normal Apache CGI, since the patches made by Zope com are only there to pass http login information, and you don't need that. Then you need to use that information from the SSL_* variables to login. This can be done in various ways, by modyfying the Cookie Crumbler or by making modified versions of the user folder.

Reply

Sign in to reply online Use email software

8342

Age (days ago)

8342

Last active (days ago)

2 comments

3 participants

tags

participants (3)

Bill
Jamie Heilman
Lennart Regebro