Forum OpenACS Q&A: Re: how to config for multiple aolserver instances

Collapse
20: Re: how to config for multiple aolserver instances (response to 1)
Posted by Brad Duell on 08/07/03 07:37 PM
Bart,

Welcome back - hope you had a good time!

No, I don't experience that problem.  As an example:

http://www.kyoteproductions.com and
https://www.kyoteproductions.com

Both use the squid configuration outlined in this thread.

I put my cacert.pem in the ca directory of the server, and my key.pem in the modules/nsopenssl directory of the server.  Perhaps you're experiencing a permissions problem?

I'd be interested in seeing the much-needed changes in Pound.  Since I don't use SSL for any sites (but my own), and since I don't need to restrict SSL for certain parts of my site, the current configuration works fine.

If Pound is able to resolve the subsite SSL issues then I'll simply plug it in to the same configuration that I have with tinydns and be good to go.

As it is, the current configuration with Squid proxy is the most sound solution I've come across thus far.

Collapse
21: Re: how to config for multiple aolserver instances (response to 20)
Posted by Bart Teeuwisse on 08/08/03 01:29 AM
Brad,

the problem I'm expriencing is not with the SSL configuration of AOLserver but with the SSL configuration of Squid. When running virtual servers behind a Squid proxy, then it is Squid who handles the SSL connection with the client.

Connecting a web browser (other than links, who doesn't seem to care about the CA cert) to Squid results in complaints that the certificate path is broken. My impression is that this is because Squid doesn't know where the CA cert is.

Anyone else who could comment?

/Bart

Collapse
22: Re: how to config for multiple aolserver instances (response to 21)
Posted by Bart Teeuwisse on 08/08/03 01:42 AM
Brad,

in fact, your https example suffers the same problem. Maybe you don't notice it anymore because you accepted the incomplete certificate for ever in the past. But when I follow the link to https://www.kyoteproductions.com I get the same error as with my servers.

/Bart