Highlighted
holub457 Absent Member.
Absent Member.
2058 views

Need Assistance with securing Webaccess under SLES Apache2

Not sure if it is okay to express frustration, so I won't. Trying to make SSL work for webaccess under SLES 11.1 Apache2, Tomcat6. Just moved from Netware. Under Netware was a piece of cake. My old method was: use new certificate in eDirectory (NDSPKI: Key Material object) that has a signed cert imported. Then point the apache conf file at this certificate name by changing the he current httpd.conf file by adding the “securelisten” line. For example, [SecureListen 443 "certname"]

How in the world is it done in SLES? I have done the eDirectory (NDSPKI: Key Material object) signed cert import stuff. Keep getting following error trying to connect to Webaccess page ssl: SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
Labels (2)
0 Likes
9 Replies
holub457 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apach

Wish I knew more, but this has to be some sort of clue. I get above error when I go to https://ipaddress/gw/webacc
However if I enter http://ipaddress:443/ I get the Apache2 server default "It works!". This tells me it is a groupwise webaccess problem, right?
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apache2

holub457 wrote:

>
> Wish I knew more, but this has to be some sort of clue. I get above
> error when I go to https://ipaddress/gw/webacc
> However if I enter http://ipaddress:443/ I get the Apache2 server
> default "It works!". This tells me it is a groupwise webaccess
> problem, right?


That says SSL isn't being used. You're using just standard http but it
happens to be listening on port 443, the SSL port. You might need to
enable mod_ssl within Apache.

--
We're your Novell--again. http://www.novell.com/promo/backtobasics.html
Enhancement Requests: http://www.novell.com/rms

Joe Marton Emeritus Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apache2

It is rather different, this is a very simple primerfor OES2

http://www.novell.com/support/viewContent.do?externalId=3771891&sliceId=1


If you want to look at the SLES setup (where there is no SSL certs
created by the install) then the following is probably closer to what
you want. You should have the CA already, and if you look at the
server you might find the .pem files already.

http://www.novell.com/communities/node/3992/setting-ssltls-apache-sles-10
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=http--wwwnovellcom-communities-node-12632-apache2-official-ssl-certificate&sliceId=&docTypeID=DT_ARTICLES_TIPS_1_1&dialogID=134972566&stateId=0%200%20288302056



On Tue, 20 Dec 2011 21:16:02 GMT, holub457
<holub457@no-mx.forums.novell.com> wrote:

>
>Not sure if it is okay to express frustration, so I won't. Trying to
>make SSL work for webaccess under SLES 11.1 Apache2, Tomcat6. Just moved
>from Netware. Under Netware was a piece of cake. My old method was: use
>new certificate in eDirectory (NDSPKI: Key Material object) that has a
>signed cert imported. Then point the apache conf file at this
>certificate name by changing the he current httpd.conf file by adding
>the ?ecurelisten? line. For example, [SecureListen 443 "certname"]
>
>How in the world is it done in SLES? I have done the eDirectory
>(NDSPKI: Key Material object) signed cert import stuff. Keep getting
>following error trying to connect to Webaccess page ssl: SSL received a
>record that exceeded the maximum permissible length. (Error code:
>ssl_error_rx_record_too_long)

0 Likes
holub457 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apach

Well all h*ll broke loose after I enable mod_ssl. Now Apache2 will not start. "Starting httpd2 (prefork) (98)Address already in uses: make_sock:could not bind to address 0.0.0.0:443 no listening sockets available shutting down unable to open logs
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apache2

holub457 wrote:

>
> Well all h*ll broke loose after I enable mod_ssl. Now Apache2 will not
> start. "Starting httpd2 (prefork) (98)Address already in uses:
> make_sock:could not bind to address 0.0.0.0:443 no listening sockets
> available shutting down unable to open logs


That's probably because somehow you have the main http engine listening
on port 443. That should be changed to only listen on 80, then the SSL
engine should be able to listen on 443 and everything should start
right up.

--
We're your Novell--again. http://www.novell.com/promo/backtobasics.html
Enhancement Requests: http://www.novell.com/rms

Joe Marton Emeritus Knowledge Partner
0 Likes
holub457 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apach

holub457;2163001 wrote:
Well all h*ll broke loose after I enable mod_ssl. Now Apache2 will not start. "Starting httpd2 (prefork) (98)Address already in uses: make_sock:could not bind to address 0.0.0.0:443 no listening sockets available shutting down unable to open logs


Just thought I'd update this. I got Apache2 to restart by using Yast to disable the SSL module. ... Strange thing is that in using netstat to check listening ports gwia is listening on 443. No idea why, not set to do so. When I unload gwia and check, cupsd starts listening on 443. Probably something simple going on ... just can't see it.
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apache2

holub457 wrote:
> No idea why, not set to
> do so. When I unload gwia and check, cupsd starts listening on 443.
> Probably something simple going on ... just can't see it.


Is it possible that somehow the "MTP" port for the GWIA got set to 443?
Or the "HTTP Monitor" port?

--
Danita

0 Likes
holub457 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apach

dzanre;2163180 wrote:
holub457 wrote:
> No idea why, not set to
> do so. When I unload gwia and check, cupsd starts listening on 443.
> Probably something simple going on ... just can't see it.


Is it possible that somehow the "MTP" port for the GWIA got set to 443?
Or the "HTTP Monitor" port?

--
Danita


Checking in Consoleone it seems to be set for http monitor port 9850, and port 443 appears no place in any setup box. ... One clue is that I have never been able to login to the monitor for gwia. Agent monitors all access just fine. Moved system from netware few days ago.
0 Likes
holub457 Absent Member.
Absent Member.

Re: Need Assistance with securing Webaccess under SLES Apach

Just for test purposes I used commands at book_sle_admin.pdf supplied as part of SLES 11 documentation and followed instructions on p 418-421 to create as self-signed test certificate. It worked. SSL functions now for Webaccess under Apache2. So I am considering this post solved. All replies were very helpful for trouble shooting purposes and getting modules started and resolving conflicts.

... I may need to issue a new post if I have trouble getting Officially Signed Certificate to work. 🙂
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.