Author Topic: HTTPS login configuration  (Read 9277 times)

Offline wjsolomon

  • Newbie
  • *
  • Posts: 6
HTTPS login configuration
« on: November 17, 2008, 04:05:19 PM »
I'm the newest sysadmin for our company and was assigned to migrate a dying Fedora Core 1 email server to FC9. So far so good. I have FC9 up and running with Apache, Postfix, Dovecot, and RoundCube Webmail. My only problem is I cannot get the ssl https to work.

Here's what I did:
Made the following changes to my main.inc.php file:

Code: [Select]
// To use SSL connection, enter ssl://hostname:993
// $rcmail_config['default_host'] = 'localhost';
$rcmail_config['default_host'] = 'ssl://mail.ourdomain.com:993';


Went into webmin | Servers | Apache Webserver

3 choices Default Server, My RoundCube virtual server, and a 2nd virtual server that handles port 443 requests.

Not sure if this was right but I basically copied the SSL Options from the 443 virtual server on to my RC virtual server.

Enabled: Yes
Certificate/private key file: /etc/pki/tls/certs/localhost.crt
Private key file: /etc/pki/tls/private/localhost.key
Client SSL certificate: Default
SSL log file: Default

Restart Apache and all I get at the https://mail.ourdomain.com is the Apache test page.

Do I need to create new certs via the Webmin | Webmin Configuration | SSL Encryption page?

Any assistance appreciated!

Offline wjsolomon

  • Newbie
  • *
  • Posts: 6
HTTPS login configuration
« Reply #1 on: November 20, 2008, 03:16:27 PM »
Any thoughts? Am I going about this completely wrong? I can't be the only trying to run this via https :)

Article links will work too!

Offline revo

  • Newbie
  • *
  • Posts: 7
HTTPS login configuration
« Reply #2 on: November 23, 2008, 01:00:32 AM »
The port 993 is a ssl connection for imap not https. So if you were running an imap client with a secure connection (ssl) it would connect to dovecot securely.  You should just be able to https://roundcube_virtualserver.com and have it work just fine. You are getting the default apache page because it doesn't have a virtual server configured for mail.yourdomain.com.

Offline oldschool

  • Sr. Member
  • ****
  • Posts: 406
HTTPS login configuration
« Reply #3 on: November 24, 2008, 01:04:23 PM »
Sysadministrator...
LOL!


Rgds.

Offline wjsolomon

  • Newbie
  • *
  • Posts: 6
HTTPS login configuration
« Reply #4 on: November 24, 2008, 01:24:13 PM »
Gotcha...I'm not sure that's the case though. I do have a virtual server configured for mail.domain.com in Apache and we are able to access it just fine via http://mail.example.com. In webmin under the virtual server settings for mail.domain.com - when ssl is disabled - http://mail.example.com works great. When I enable ssl options and choose defaults for the rest of the settings - http://mail.example.com - stops working and apache won't start.

Apache Error Log:
Quote
[Mon Nov 24 12:57:01 2008] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Mon Nov 24 12:57:01 2008] [notice] mod_python: using mutex_directory /tmp
[Mon Nov 24 12:57:01 2008] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
[Mon Nov 24 12:57:04 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Nov 24 12:57:04 2008] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]

So it seems to me that I haven't taken the right steps to set up a certificate for the virtual host and not sure how to do that.

Do I not need to enable the SSL options for the virtual domain?

Thanks again!

Offline wjsolomon

  • Newbie
  • *
  • Posts: 6
HTTPS login configuration
« Reply #5 on: November 24, 2008, 01:31:18 PM »
Yes, oldschool until recently I enjoyed a clean, pristine, 'it just works' Microsoft life, free from having to slum into the depths of the Linux underworld. Haha I'm just kidding, loving Linux so far but it does take a bit more work, quite a reeducation.

Anyways...revo, I think I gotcha but I'm not sure that's the case though. I do have a virtual server configured for mail.domain.com in Apache and we are able to access it just fine via http://mail.example.com. In webmin under the virtual server settings for mail.domain.com - when ssl is disabled - http://mail.example.com works great. When I enable ssl options and choose defaults for the rest of the settings - http://mail.example.com - stops working and apache won't start.

Apache Error Log:
Quote
[Mon Nov 24 12:57:01 2008] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Mon Nov 24 12:57:01 2008] [notice] mod_python: using mutex_directory /tmp
[Mon Nov 24 12:57:01 2008] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
[Mon Nov 24 12:57:04 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Nov 24 12:57:04 2008] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]


So it seems to me that I haven't taken the right steps to set up a certificate for the virtual host and not sure how to do that.

Do I not need to enable the SSL options for the virtual domain?

Thanks again!

Offline revo

  • Newbie
  • *
  • Posts: 7
HTTPS login configuration
« Reply #6 on: November 24, 2008, 07:34:19 PM »
You may just need to create the cert for the site. If you already have one created point the "SSLCertificateFile" paramenter in the config to the correct location.

Some background help

SSL-Certificates-HOWTO

apache_mod_ssl

I am not sure about the webmin settings, I rarely use it now and run lighttpd for a webserver instead of apache.

Debian Lighttpd Howto


-
« Last Edit: November 24, 2008, 07:43:54 PM by revo »

Offline oldschool

  • Sr. Member
  • ****
  • Posts: 406
HTTPS login configuration
« Reply #7 on: November 25, 2008, 01:46:37 PM »
Hi wjsolomon!

Microsoft likes all the english apes: Driving on the left side of the street...
:-)

Webmin is really great with V-Hosts.
If it´s the mainserver the handcoded config is your way.


Rgds.
« Last Edit: November 25, 2008, 01:51:56 PM by oldschool »

Offline wjsolomon

  • Newbie
  • *
  • Posts: 6
HTTPS login configuration
« Reply #8 on: November 25, 2008, 03:28:23 PM »
Ok, got it working. Was actually quite simple.

I did need to create proper certificates. Thanks for the help revo.

Here's another article that broke down the process quite clearly. Plus some other goodies.

Van's Apache SSL/TLS mini-HOWTO

Always appreciate great minds out there ready to give an assist. What comes around goes around!