mrinterested Absent Member.
Absent Member.
2905 views

How to force SSL connection?

Hello,

OK, so I'm using "Novel iFolder 3.8 Administration Guide" to enable (or force) SSL connection on Ubuntu 10.10.

Section 7.10.2 (and 8.5.2.) states to modify file /etc/apache2/vhosts.d/vhost-ssl.conf. However, I don't have a file vhost-ssl.conf anywhere, so I omit this section. The only files ending with *ssl.conf are:

/etc/apache2/mods-available/ssl.conf
/etc/apache2/mods-enabled/ssl.conf

However, there's nothing about SSLCipherSuite directive.

Section 7.10.3 states to enable SSL in the admin panel on "System" tab. The "SSL option" isn't available for me. The drop-down list isn't enabled, and it states "NONSSL". Is it because of the previous vhost-ssl.conf file?

However, when I go to "Servers" tab, and then open "Host 1", it states "LDAP SSL: Yes".

Section 8.5.3 states to modify file /usr/lib/simias/webAdmin/Web.config. I don't have this file, so I modify the following two files:

/etc/ifolder-server/admin/Web.config
/etc/ifolder-server/webaccess/Web.config

and change "http" to "https":

<add key="SimiasUrl" value="https://localhost:80/" />
<add key="SimiasCert" value="" />


However, when I then go to https://domain.com/admin or http://domain.com/admin, I can't log in, en error says that the connection with the server failed. Is it because I leave value of SimiasCert empty?

Section 8.5.4 states to modify file /etc/apache2/conf.d/ifolder_web.conf. Again, I don't have this file, so I modify the following files:

/etc/ifolder-server/apache/default/ifolder_admin.conf
/etc/ifolder-server/apache/default/ifolder_webaccess.conf

and remove comments as follows:

#Remove comments below this line to enable SSL
LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/ifolder/(.*) https://%{SERVER_NAME}/ifolder/$1 [R,L]


There's no error when I go to http://domain.com/admin or http://domain.com/ifolder, but they don't redirect me to either https://domain.com/admin or https://domain.com/ifolder, respectively. Why? When I go directly to https address it works fine, but I want to force https when somebody opens http address.

Bottom line. I'm quite confused with the guidelines, as both sections 7.10 and 8.5 deal with SSL, and they are overlapping. I'm not sure about the actual steps involved to enable and force SSL connection.

Many thanks for your help.
Labels (1)
Tags (2)
0 Likes
3 Replies
mrinterested Absent Member.
Absent Member.

Re: How to force SSL connection?

Actually, all three sections (7.10, 8.5 and 11.5) deal with SSL. And they are all overlapping.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to force SSL connection?

On 14/02/2011 15:06, mrinterested wrote:

> OK, so I'm using "Novel iFolder 3.8 Administration Guide" to enable (or
> force) SSL connection on Ubuntu 10.10.
>
> *Section 7.10.2 (and 8.5.2.)* states to modify file
> /etc/apache2/vhosts.d/vhost-ssl.conf. However, I don't have a file
> vhost-ssl.conf anywhere, so I omit this section. The only files ending
> with *ssl.conf are:
>
> /etc/apache2/mods-available/ssl.conf
> /etc/apache2/mods-enabled/ssl.conf
>
> However, there's nothing about SSLCipherSuite directive.
>
> *Section 7.10.3* states to enable SSL in the admin panel on "System"
> tab. The "SSL option" isn't available for me. The drop-down list isn't
> enabled, and it states "NONSSL". Is it because of the previous
> vhost-ssl.conf file?
>
> However, when I go to "Servers" tab, and then open "Host 1", it states
> "LDAP SSL: Yes".
>
> *Section 8.5.3* states to modify file
> /usr/lib/simias/webAdmin/Web.config. I don't have this file, so I modify
> the following two files:
>
> /etc/ifolder-server/admin/Web.config
> /etc/ifolder-server/webaccess/Web.config
>
> and change "http" to "https":
>
>
> Code:
> --------------------
> <add key="SimiasUrl" value="https://localhost:80/" />
> <add key="SimiasCert" value="" />
> --------------------
>
>
> However, when I then go to https://domain.com/admin or
> http://domain.com/admin, I can't log in, en error says that the
> connection with the server failed. Is it because I leave value of
> SimiasCert empty?
>
> *Section 8.5.4* states to modify file
> /etc/apache2/conf.d/ifolder_web.conf. Again, I don't have this file, so
> I modify the following files:
>
> /etc/ifolder-server/apache/default/ifolder_admin.conf
> /etc/ifolder-server/apache/default/ifolder_webaccess.conf
>
> and remove comments as follows:
>
>
> Code:
> --------------------
> #Remove comments below this line to enable SSL
> LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
> RewriteEngine On
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/ifolder/(.*) https://%{SERVER_NAME}/ifolder/$1 [R,L]
> --------------------
>
>
> There's no error when I go to http://domain.com/admin or
> http://domain.com/ifolder, but they don't redirect me to either
> https://domain.com/admin or https://domain.com/ifolder, respectively.
> Why? When I go directly to https address it works fine, but I want to
> force https when somebody opens http address.
>
> *Bottom line.* I'm quite confused with the guidelines, as both sections
> 7.10 and 8.5 deal with SSL, and they are overlapping. I'm not sure about
> the actual steps involved to enable and force SSL connection.
>
> Many thanks for your help.


Given the reference to Ubuntu 10.10 and the many file differences above
can I ask whether Ubuntu is the client or server, perhaps running the
open source version from iFolder.com?
--
Simon
Novell Knowledge Partner (NKP)

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
mrinterested Absent Member.
Absent Member.

Re: How to force SSL connection?

smflood;2075111 wrote:
Given the reference to Ubuntu 10.10 and the many file differences above
can I ask whether Ubuntu is the client or server, perhaps running the
open source version from iFolder.com?


Many thanks for the reply. Sorry, I didn't specify it enough. Yes, I've installed the latest open-source version on my server running Ubuntu 10.10. The server version of iFolder 3.8 works fine, except that I'm having a trouble to enable/force SSL connection. The thing is that the administration guide to it's quite confusing, as there are three separate chapters (7, 8 and 11) dealing with SSL, and their sub-section overlap (there are basically the same).

As to the differences in files and directories, I've managed, as mentioned in my first post, to find their correct directories/names on my Ubuntu. However, I couldn't find the file /etc/apache2/vhosts.d/vhost-ssl.conf (about SSLCipherSuite directive), which is described sections 7.10.2, 8.5.2 and 11.5.2.

So the question still remains: what are the actual steps to enable/force SSL connection (both on web and through client), and why there are three chapters saying basically the same thing about this?
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.