[Zope] SSL config question
AM
list_subscriber@neurobs.com
Thu, 23 Jan 2003 09:37:40 -0800
This is a multi-part message in MIME format.
--------------080509030404080604060309
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I am running Zope 2.6 on RH7.3 with Python 2.1.3 and Apache 2.x
In my setup I have a firewall running open bsd and the zope server
running on another box running behind it. The firewall lets in HTTP and
HTTPS based on ports to the internal machine based on a specific IP. I
have managed to configure the zope server as a virtual host on the machine.
When I tried to set it up for SSL I ran into problems. When I type in
https://.... my browser just waits forever.
I have included my ssl.conf. The SSL for the apache works, but it doesnt
work for th zope part.
Any help would be appreciated.
TIA
AM
--
==================================================================
Aseem Mohanty
Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706
(R) 510 7696011 (M) 510 3014871 (O) 510 5279231
==================================================================
"I saw `cout' being shifted "Hello world" times to the left and
stopped right there!!" -- Steve Gonedes
==================================================================
--------------080509030404080604060309
Content-Type: text/plain;
name="ssl.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ssl.conf"
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
NameVirtualHost 192.168.10.172:443
<VirtualHost 192.168.10.172:443>
UseCanonicalName Off
DocumentRoot "/var/local/apache/htdocs"
ServerName www.domain.com:443
ServerAdmin webmaster@domain.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/share/ssl/nbs.crt
SSLCertificateKeyFile /usr/share/ssl/nbs.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.10.172:443>
UseCanonicalName Off
ServerName nbs.neuro-bs.com:443
ServerAdmin webmaster@domain.com
RewriteEngine On
RewriteRule ^/(.*) https://192.168.10.172:8080/VirtualHostBase/http/nbs.domain.com:80/nbs.domain.com/VirtualHostRoot/$1 [L,P]
ProxyVia On
ErrorLog logs/zope_ssl_error_log
TransferLog logs/zope_ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/share/ssl/nbs-zope.crt
SSLCertificateKeyFile /usr/share/ssl/nbs.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
--------------080509030404080604060309--