Enable HTTPS Access

You are here:
Estimated reading time: 1 min

To enable HTTPS on a Tegsoft server, at first some files must be prepared, then transferred to the server, and the related services restarted. The following steps will help enable HTTPS access.

RELATED STEPS AND PROCEDURES

  1. Preparation of certificate files.
    1. Certificate public key (certificate.crt)
    2. Certificate private key (certificate.key)
    3. Certificate root and parent keys (bundle.crt)
  2. Preparation of ssl.conf file. This file is prepared with the text editor (for example: notepad). Copy the content and then paste it into ssl.conf file.
  3. You will need a software to move files from local PC to the server. You can use WinSCP for that.
  4. The ssl.conf file in local must be transferred to /etc/httpd/conf.d/ssl.conf on the server.
  5. The Certificate file in local must be transferred to /certificates on the server (This file must be created.).
  6. Restart the httpd server to activate the ssl engine.
    1. service httpd restart
  7. Check the https connection from browser.
    1. Your DNS access must be on a DNS name.

—-BEGIN : WITHOUT THIS LINE COPY CONTENTS TO INTO A FILE CALLED ssl.conf —-

LoadModule ssl_module modules/mod_ssl.so

Listen 443

ServerTokens Prod

ServerSignature Off

AddType application/x-x509-ca-cert.crt

AddType application/x-pkcs7-crl.crl

SSLPassPhraseDialog  builtin

SSLSessionCache        shmcb:/var/cache/mod_ssl/scache(512000)

SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256

SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost _default_:443>

       ErrorLog logs/ssl_error_log

       TransferLog logs/ssl_access_log

       LogLevel warn

       SSLEngine on

       SSLProtocol all -SSLv2

       SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

       CustomLog logs/ssl_request_log \

         “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

      SSLCertificateFile /certificates/certificate.crt

      SSLCertificateKeyFile /certificates/certificate.key

      SSLCertificateChainFile /certificates/bundle.crt

       ProxyPass /Tobe ajp://127.0.0.1:8009/Tobe

       ProxyPassReverse /Tobe ajp://127.0.0.1:8009/Tobe

       Timeout 300

# Always set these headers.

Header always set Access-Control-Allow-Origin “*”

Header always set Access-Control-Allow-Methods “POST, GET, OPTIONS, DELETE, PUT”

Header always set Access-Control-Max-Age “1000”

Header always set Access-Control-Allow-Headers “x-requested-with, Content-Type, origin, authorization, accept, client-security-token”

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.

RewriteEngine On

RewriteCond %{REQUEST_METHOD} OPTIONS

RewriteRule ^(.*)$ $1 [R=200,L]

</VirtualHost>

—–END : WITHOUT THIS LINE COPY CONTENTS TO INTO A FILE CALLED ssl.conf —-

Was this article helpful?
Dislike 0
Views: 55