[Davical-general] SSL setup

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Davical-general] SSL setup

Sam Reyes
I have davical running on ubuntu lucid lynx (10.04) and syncing calendar with an iphone thanks to the great install instructions. I havent been able to get it running through SSL on Apache.  I know this is more of an Apache issue but does anyone have a good info source on how to set this up.

thanks

---sam

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
kmv
Reply | Threaded
Open this post in threaded view
|

Re: SSL setup

kmv

On 16 May 2011, at 17:00, Sam Reyes wrote:

> I have davical running on ubuntu lucid lynx (10.04) and syncing calendar with an iphone thanks to the great install instructions. I havent been able to get it running through SSL on Apache.  I know this is more of an Apache issue but does anyone have a good info source on how to set this up.

I can confirm that it works fine through SSL and Apache - it is my standard config.

Assuming everything is installed on your lucid box (e.g. OpenSSL, etc.) and assuming that you actually have an SSL certificate, then enabling SSL in Apache only takes a few changes in the Apache .conf file you have set up for davical.

First you need to set the virtual server to listen on an appropriate port, distinct from any other virtual servers you may have on the machine.  I use port 8443 because I have other stuff running on 443 so the start of my .conf looks like this:

    NameVirtualHost [IP address]:8443
    Listen 8443
    <VirtualHost [IP address]:8443>

Inside the VirtualHost block the only change you need to make is to turn SSL on and tell the virtual server where to find the certificate files:

    SSLEngine on
    SSLCACertificateFile "/[path]/cacert.pem"
    SSLCertificateFile "/[path]/calendar_cert.pem"
    SSLCertificateKeyFile "/[path]/calendar_key.pem"

If you have any doubts about the setup then I recommend connecting with a browser before using an caldav client - so you may want to move your DocumentRoot while you are testing.  If a browser can connect to Apache with SSL then there is no reason a caldav client won't be able to.

There is one exception however:  If you are using self-signed certificates then you are opening yourself up to a bunch of hurt.  While just about every browser on the planet will allow you to install a server certificate of your own, not all caldav clients will.  Depending upon your setup you might be able to use self-signed certificates, but I recommend you don't.


Regards,
Keith.
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (5K) Download Attachment