Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
72
Views
1
Helpful
0
Comments

How to enable SSL for DMZ configuration

cdnadmin
Level 11
Level 11

on ‎01-24-2014 03:46 PM

This document was generated from CDN thread

Created by: ROD TAGUCHI on 01-10-2011 07:04:57 PM
Is there a guide for configuring the WebEx Social web server to accept SSL connections?

Subject: RE: How to enable SSL for DMZ configuration
Replied by: James Maudlin on 02-10-2011 09:06:25 AM
1. Creating a self signed sertificate. Use the following script:

    *  openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt -subj '/O=Company/OU=Department/CN=www.example.com'

    * -x509 identifies that a certificate is required, rather than just a certificate request (see below).
    * -days 365 sets the certificate to expire in a year.
    * -sha1 specifies that SHA1 encryption should be used.
    * -rsa:1024 sets the key as 1024 bit RSA.
    * -nodes specifies no passphrase.
    * -keyout and -out specify where to store the certificate and key. The key should be root-readable only  the
certificate can be world-readable, and must be readable by the user that Apache runs as.
    * -subj flag sets the company name, department name, and the web site address. If you leave these out, you'll be
prompted for them. The CN must be the same as the address of your web site, otherwise the certificate won't match and users

2. Install the server.key  and server.crt in <apache_install_dir>/conf. The path to the server.key, and server.crt should be described in <apache_install_dir>/conf/extra/httpd-ssl.conf using SSLCertificateKeyFile and SSLCertificateFile directives.

3. Include conf/extra/httpd-ssl.conf in your <apache_install_dir>/conf/htpd.conf file

4. Configure <apache_install_dir>/conf/extra/httpd-ssl.conf
    - Add Listen 443 directive
    - In the virtual host listening on 443 <VirtualHost  _default_:443> add the folowing rules
   
    Options +FollowSymLinks
    RewriteEngine On
    RewriteLogLevel 0
    RewriteLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/rewrite.log"
    RewriteRule ^/pub-sub/https-bind/ http://10.62.73.180:7070/http-bind/
    RewriteRule ^/pub-sub/http-bind/ http://10.62.73.180:7070/http-bind/
    RewriteRule ^/pub-sub/test http://www.google.bg
    RewriteRule ^/chat-proxy/(.+) $1
    RewriteRule ^/stproxy/(.+) $1
    JkMount /* ajp13_worker
    <Location /stproxy/>
    ProxyPassReverseCookiePath / /stproxy/
    </Location>

Subject: RE: How to enable SSL for DMZ configuration
Replied by: Christopher Chandler on 17-11-2011 11:06:44 AM
Just a quick note on the subject line: We do not currently support WebEx Social being installed in the DMZ. SSL is indeed supported via SSL offload to an ACE or other device that can terminate SSL and shoot plain HTTP to WebEx Social.

SSL termination on WebEx Social nodes is targeted for the Albani release (roughly Feb 2012, subject to change).
Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
Discussions
Customers Also Viewed These Support Documents