Saturday, 6 January 2018

Http to https Redirect through Apache

Case 1: Redirect URL: It will make your login url shorter easier and user friendly. In place or port number you can easily mention only Server IP and login path.
Step 1: Do redirect URL entry in Apache file.
sudo vim /etc/httpd/conf/httpd.conf
ProxyPass             /login     http://localhost:8822/isb
ProxyPassReverse     /login     http://localhost:8822/isb
Step 2: Restart httpd service.
/etc/init.d/httpd restart
*********************************************************************
Case 2: Redirect all http url's to https redirect: It increased security, better referral data, and a possible boost in SEO rankings.
It is required to mentioned https certificate entry in tomcat file and enable it in Apache file.
Step 1:  Enable default listen ports 80 and 443 in Apache.
sudo vim /etc/httpd/conf/httpd.conf
Listen 80
Listen 443
Step 2:  Enable https in tomcat.conf of all related service:
vim /dacx/var/ameyo/dacxdata/com.drishti.dacx.server.product/conf/tomcat.conf
vim /dacx/var/ameyo/dacxdata/com.drishti.ameyo.seh.product/conf/tomcat.conf
vim /dacx/var/ameyo/dacxdata/com.drishti.ameyo.consort.product/conf/tomcat.conf     (Same kind https certificate entry in all 3 files)
connector.https.secure=true
connector.https.httpsPort=8821
connector.https.https=https
connector.https.SSLEnabled=true
connector.https.sslProtocol=TLS
connector.https.clientAuth=false
connector.https.keystoreFile=/dacx/var/ameyo/dacxdata/pki/tls/certs/insidesalesbox-server-keystore.jks
connector.https.keystorePass=Me'.^"9HwLE-
connector.https.keyAlias=ameyo-server
Step 3:  Do SSL redirect URL entry in Apache file.
sudo vim /etc/httpd/conf/httpd.conf
(when only server DNS url use, this entry will redirect login page.
<VirtualHost *:80>
ServerName insidesalesbox.com
ServerAlias insidesalesbox.com
RedirectPermanent / https://test.insidesalesbox.com/login
</VirtualHost>
(when only server DNS url use, this entry will redirect HTTPS login page.
<VirtualHost *:443>
ServerName insidesalesbox.com
#DocumentRoot /path/to/your/document/root/htdocs
SSLEngine ON
SSLCertificateFile /etc/ssl/certs/STAR_insidesalesbox_com.
SSLCertificateKeyFile /etc/ssl/certs/insidesalesbox.com.key
SSLCertificateChainFile /etc/ssl/certs/STAR_insidesalesbox.pem
RedirectPermanent / https://test.insidesalesbox.com/login
</VirtualHost>
Step 4: Restart httpd service.
/etc/init.d/httpd restart
Now verify and test all services should be redirect to https. No error should be come in inspect element.
*********************************************************************
Case 3:  If SSL Certificate is not trusted on Mobile.
When SSL certificate is not working with mobile phone's chrome browser, this was happened due to SSL chain issue.
What we need to do and verify:-
Step 1.Make .pem file from certificate:-
cat STAR_insidesalesbox_com.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > STAR_insidesalesbox_com.pem
Step 2.Copy this .pem file into
cp STAR_insidesalesbox_com.pem /etc/ssl/certs/
Step 3. Put the path of .pem file into httpd.conf and ssl.conf
sudo vim /etc/httpd/conf.d/ssl.conf
### overwrite the following parameters ###
SSLCertificateFile /etc/ssl/certs/texocc_certs/STAR_texocc_com.crt
SSLCertificateKeyFile /etc/ssl/certs/texocc_certs/texocc.key
SSLCertificateChainFile /etc/ssl/certs/STAR_insidesalesbox.pem
sudo vim /etc/httpd/conf/httpd.conf
<VirtualHost *:443>
#DocumentRoot /path/to/your/document/root/htdocs
SSLEngine ON
SSLCertificateFile /etc/ssl/certs/STAR_insidesalesbox_com.crt
SSLCertificateKeyFile /etc/ssl/certs/insidesalesbox.com.key
SSLCertificateChainFile /etc/ssl/certs/STAR_insidesalesbox.pem
</VirtualHost>
Step 4: Restart httpd service.
/etc/init.d/httpd restart



4. verify the Certificate and validity:

No comments:

Step-by-step OpenLDAP Installation and Configuration on server

This tutorial describes how to install and configure an OpenLDAP server and also an OpenLDAP client. Step by Step Installation and Conf...