Forum OpenACS Q&A: getting nsopenssl to work with aolserver 4 - config.tcl options?

Hi,

I've followed the instructions to install nsopenssl at https://openacs.org/doc/openacs-5-0-0/install-nsopenssl.html
and am unable to find the "OpenSSL 3 with AOLserver4" section of the config.tcl file... with my openacs 5.0.2 install. i tried following the info in the readme and it didn't work. I was wondering if anybody would be willing to share the relavent nsopenssl sections from their config.tcl file?

Thanks.

thanks, okay i've got it working. in case anybody else is interested here is the ssl section of my config file. You need to create the files /var/lib/aolserver/service0/etc/certs/certfile.pem and /var/lib/aolserver/service0/etc/certs/keyfile.pem. Also you need to uncomment the line
ns_param   nsopenssl          ${bindir}/nsopenssl.so
in your config file and then add and nsopenssl section as below.

#---------------------------------------------------------------------
#
# OpenSSL, nsopenssl and aolserver 4
#
#---------------------------------------------------------------------
#
# SSL contexts. Define the ssl contexts for this server.

ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param ssl_incoming_requests_context   "SSL context used for regular user access to the website"
ns_param ssl_outgoing_context            "SSL context used for outgoing script socket connections"

ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server               ssl_incoming_requests_context
ns_param client               ssl_outgoing_context

ns_section "ns/server/${server}/module/nsopenssl/sslcontext/ssl_incoming_requests_context"
ns_param Role                  server
ns_param ModuleDir             ${serverroot}/etc/certs
ns_param CertFile              certfile.pem
ns_param KeyFile               keyfile.pem
#ns_param CADir                 ca-client/dir
#ns_param CAFile                ca-client/ca-client.crt
ns_param Protocols             "SSLv3, TLSv1"
ns_param CipherSuite           "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify            false
ns_param PeerVerifyDepth       3
ns_param Trace                 true

# SSL drivers. Each driver defines a port and a named SSL context to associate with it.

ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param ssl_incoming_requests_driver "Driver for regular user access to the website"

ns_section "ns/server/${server}/module/nsopenssl/ssldriver/ssl_incoming_requests_driver"
ns_param sslcontext            ssl_incoming_requests_context
ns_param port                  $httpsport
ns_param hostname              $hostname
ns_param address               $address