Menu
▾
▴
RE: [IPCop-user] Changing IPCop admin port 445 - ssl_engine_log
|
From: Stephen M. <ip...@3l...> - 2004-12-01 00:55:01
|
I wonder if I have just stumbled onto a clue as why this doesn't work. Checking the log file /var/log/httpd/ssl_engine_log, I have the = following lines since restarting the httpd service: [01/Dec/2004 11:07:38 25678] [info] Server: Apache/1.3.33, Interface: mod_ssl/2.8.22, Library: OpenSSL/0.9.7e-fips [01/Dec/2004 11:07:38 25678] [info] Init: 1st startup round (still not detached) [01/Dec/2004 11:07:38 25678] [info] Init: Initializing OpenSSL library [01/Dec/2004 11:07:38 25678] [info] Init: Loading certificate & private = key of SSL-aware server gateway:444 [01/Dec/2004 11:07:38 25678] [info] Init: Seeding PRNG with 136 bytes = of entropy [01/Dec/2004 11:07:38 25678] [info] Init: Generating temporary RSA = private keys (512/1024 bits) [01/Dec/2004 11:07:38 25678] [info] Init: Configuring temporary DH parameters (512/1024 bits) [01/Dec/2004 11:07:38 25679] [info] Init: 2nd startup round (already detached) [01/Dec/2004 11:07:38 25679] [info] Init: Reinitializing OpenSSL = library [01/Dec/2004 11:07:38 25679] [info] Init: Seeding PRNG with 136 bytes = of entropy [01/Dec/2004 11:07:38 25679] [info] Init: Configuring temporary RSA = private keys (512/1024 bits) [01/Dec/2004 11:07:38 25679] [info] Init: Configuring temporary DH parameters (512/1024 bits) [01/Dec/2004 11:07:38 25679] [info] Init: Initializing (virtual) = servers for SSL [01/Dec/2004 11:07:38 25679] [info] Init: Configuring server = gateway:444 for SSL protocol [01/Dec/2004 11:07:38 25679] [warn] Init: (gateway:444) RSA server certificate CommonName (CN) `gateway.mydomain.com' does NOT match server name!? I named the firewall 'gateway' during the setup routine and notice that = the last line is rejecting the RSA certificate (In the log entry above, I = have replaced my domain name with 'mydomain.com'). > Well, after I changed my httpd.conf and header.pl, I can get to my > IPCop web admin by > https//myname.dyndns.org:446/ (by DNS name) I haven't actually delegated the domain name gateway.mydomain.com to the = red interface of my IPCop firewall so I would expect to be able to access https://gateway.mydomain.com:444. Is this essential I certainly haven't = seen it documented)? > but I can't goto > https://xxx.xxx.xxx.xxx:446/ (my public IP) > It seems that the SSL virtual host is not responding to requests with > xxx.xxx.xxx.xxx (my public IP) in the HTTP header. > I have dynamic public IP on the RED interface, BTW. Are you accessing the web interface using a domain name from the Green = zone? Does this also work remotely? > On Tue, 30 Nov 2004 21:27:24 +0100, Achim Weber <dot...@gm...> = wrote: > > > I'm still having problems accessing the web interface. = Consolidating > advice > > > from several sources, I have made the following changes: > >=20 > > > 1. Modified the following lines in /etc/httpd/conf/httpd.conf: > > =20 > > > Listen 444 > > > .... > > > <VirtualHost _default_:444> > >=20 > > > 2. Modified /var/ipcop/header.pl: > >=20 > > > <VirtualHost _default_:444> > >=20 > > > 3. Modified /home/httpd/cgi-bin/portfw.cgi: > >=20 > > > print "Location: > > > https://$ENV{'SERVER_ADDR'}:4445/$ENV{'PATH_INFO'}\r\n\r\n"; > >=20 > > above is in header.pl not portfw.cgi, and her you use 4445, not 444 = as > > elsewere! > >=20 > > > 4. Modified /var/ipcop/xtaccess/config adding the line: > >=20 > > > tcp,0.0.0.0/0,444,on,0.0.0.0 > >=20 > > > 5. Restarted the webserver by running the commands: > >=20 > > > #killall httpd > > > #httpd -DSSL > >=20 > > Are there something in /var/log/httpd/error_log when you re-start > > apache?? > > BTW do you use IPCop 1.4 as there is option "-DSSL" not needed as = fare > > as i remember. > >=20 > > > I have repeated these steps several times and substituted = different port > > > numbers), but I am unable to open in a browser. When I try = accessing > > > http://nnn.nnn.nnn.nnn:81 in Mozilla I get the following error = message "The > > > connection was refused when connecting to nnn.nnn.nnn.nnn:444. IE6 just > > > gives "The page cannot be displayed" > >=20 > > have you tryed https://nnn.nnn.nnn.nnn:444 ??? > >=20 > > > I have tried a port scan from both the red zone and green zone and = the only > > > port opened are 81 and 222. > >=20 > > > Have I missed anything? > >=20 > > > Cheers, > >=20 > > > Stephen > >=20 > > Achim > >=20 |
