[OT] Anyone familiar with SSL on Lion Server?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[OT] Anyone familiar with SSL on Lion Server?

Patrick Larkin-2
Hello -

I've set up a new server on MacOS X Lion Server (10.7) with Lasso 8.6.

Aside from being utterly baffled by what Apple is doing with Apache and what configuration files are actually safe to use and edit, I can't get my SSL certificate to work correctly.  Something tells me that the config files are not right and I don't know what to do to fix them.

Here is our website:

http://www.beth.k12.pa.us/

Here is our website over port 443 (keep in mind that in the Server admin, I have SSL Certificate set to NONE so I'm not even sure why this is working:

https://www.beth.k12.pa.us/

Notice how it doesn't show the root of the website.  I have no idea what it is showing!  The lock in Safari shows the certificate is valid and has the proper common name.

If I turn on SSL certificates in Server Admin, everything works however I get no lock in Safari and Firefox just flat out fails.  Firefox fails all the time, actually.

I see comments about editing

/etc/apache2/extra/httpd-ssl.conf however it looks like Apple wants you to do everything via the "Site" shadow_Conf and conf files.  It's all very confusing.

In fact, in Server admin, the default website cannot be edited or deleted.  Is this just me or is that how it is?  I have a feeling that is screwing something up as well.

If there is anyone that actually understands what Apple has done and can give me a pointer or two, I'd appreciate it.

Patrick


#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: [OT] Anyone familiar with SSL on Lion Server?

Marc Vos
Hi Patrick,

I have a Lion server with Lasso 8.6 setup and I have various sites setup, but I do not use SSL (yet), so I cannot help you there.
I configure users and services via the new 'Server' app.

The path to the default site is now /Library/Server/Web/Data/Sites/Default/
The path to the Apache config files is /private/etc/apache2/sites/

The default site has config file 0000_any_80_.conf
The default SSL site has config file 0000_any_443__shadow.conf

I only use 1 IP address - for SSL you an extra IP-address, as I understand from the docs.

When the config files for the domains are created, I edit them in TextWrangler and add 'index.lasso' etc.

- -
Regards,
Marc


On 29 dec. 2012, at 16:58, Patrick Larkin <[hidden email]> wrote:

> Hello -
>
> I've set up a new server on MacOS X Lion Server (10.7) with Lasso 8.6.
>
> Aside from being utterly baffled by what Apple is doing with Apache and what configuration files are actually safe to use and edit, I can't get my SSL certificate to work correctly.  Something tells me that the config files are not right and I don't know what to do to fix them.
>
> Here is our website:
>
> http://www.beth.k12.pa.us/
>
> Here is our website over port 443 (keep in mind that in the Server admin, I have SSL Certificate set to NONE so I'm not even sure why this is working:
>
> https://www.beth.k12.pa.us/
>
> Notice how it doesn't show the root of the website.  I have no idea what it is showing!  The lock in Safari shows the certificate is valid and has the proper common name.
>
> If I turn on SSL certificates in Server Admin, everything works however I get no lock in Safari and Firefox just flat out fails.  Firefox fails all the time, actually.
>
> I see comments about editing
>
> /etc/apache2/extra/httpd-ssl.conf however it looks like Apple wants you to do everything via the "Site" shadow_Conf and conf files.  It's all very confusing.
>
> In fact, in Server admin, the default website cannot be edited or deleted.  Is this just me or is that how it is?  I have a feeling that is screwing something up as well.
>
> If there is anyone that actually understands what Apple has done and can give me a pointer or two, I'd appreciate it.
>
> Patrick
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list Lasso
> [hidden email]
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: [OT] Anyone familiar with SSL on Lion Server?

Carl Ketterling
In reply to this post by Patrick Larkin-2
Patrick,

I don't have any great advice, but I do have Lion Server with SSL
( https://store.thursby.com/store ).  I moved a working site to that
machine from Snow Leopard Server (and upgraded to Lasso 9) a few months
back, and I don't remember having any problems with SSL.

You're right that the default site can't be deleted.  I have an IP
address for the machine and then other addresses for each other site I
want to host.

I'd be happy to provide information that you can compare with your own
if that would help.  Just let me know what you'd like.

Carl


In response to this text from Patrick Larkin ([hidden email])
sent on Saturday, December 29, 2012 at 10:58 AM (-0500):

>Hello -
>
>I've set up a new server on MacOS X Lion Server (10.7) with Lasso 8.6.
>
>Aside from being utterly baffled by what Apple is doing with Apache and
>what configuration files are actually safe to use and edit, I can't get
>my SSL certificate to work correctly.  Something tells me that the
>config files are not right and I don't know what to do to fix them.
>
>Here is our website:
>
>http://www.beth.k12.pa.us/
>
>Here is our website over port 443 (keep in mind that in the Server
>admin, I have SSL Certificate set to NONE so I'm not even sure why this
>is working:
>
>https://www.beth.k12.pa.us/
>
>Notice how it doesn't show the root of the website.  I have no idea what
>it is showing!  The lock in Safari shows the certificate is valid and
>has the proper common name.
>
>If I turn on SSL certificates in Server Admin, everything works however
>I get no lock in Safari and Firefox just flat out fails.  Firefox fails
>all the time, actually.
>
>I see comments about editing
>
>/etc/apache2/extra/httpd-ssl.conf however it looks like Apple wants you
>to do everything via the "Site" shadow_Conf and conf files.  It's all
>very confusing.
>
>In fact, in Server admin, the default website cannot be edited or
>deleted.  Is this just me or is that how it is?  I have a feeling that
>is screwing something up as well.
>
>If there is anyone that actually understands what Apple has done and can
>give me a pointer or two, I'd appreciate it.
>
>Patrick
>
>
>#############################################################
>This message is sent to you because you are subscribed to
>  the mailing list Lasso
>[hidden email]
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>


#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>