6.4.3.2.2.
Fedora Core 10
Up one level
Apache2.2 RPM Packages
Make sure the following packages are installed:
- system-config-httpd.i386
- httpd.i386
- mod_ssl.i386
e.g. check installed packages using:
# rpm -qa | grep "httpd\|mod_ssl"
Connecting and Securing Tomcat with Apache
There is no need to install extra Apache modules since Apache 2.2, Fedora Core includes module mod_proxy_ajp.
<VirtualHost _default_:443> section
Edit the <VirtualHost _default_.:443> section of /etc/httpd/conf.d/ssl.conf so that you can specify the locations of the files you exported from your keystore in the previous section.
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCACertificateFile*
- SSLCARevocationFile (if you have one)
SSLCertificateFile /etc/gria/server.crt SSLCertificateKeyFile /etc/gria/private-key.pem SSLCACertificateFile /etc/gria/CA.crt SSLCARevocationFile /etc/gria/crl.pem
Also uncomment and set the SSLVerifyDepth to 1:
SSLVerifyDepth 1
*If you want to request client certificates and leave trust validation to GRIA then comment out the SSLCertificateChainFile directive and replace it with
- SSLVerifyClient optional_no_ca
According to the GRIA package(s) you are installing, also add the appropriate line(s) below, (for FC10 add these lines at the end of proxy_ajp.conf file)
ProxyPass /gria-basic-app-services ajp://localhost:8009/gria-basic-app-services ProxyPass /gria-client-mgt ajp://localhost:8009/gria-client-mgt ProxyPass /gria-service-provider-mgt ajp://localhost:8009/gria-service-provider-mgt
Start Apache
Start Apache using the command below. Entering this command may also prompt you for the private key password if it was encrypted:
# service httpd restart
You may also want to configure your system to start Apache if it is rebooted:
# chkconfig httpd on
N.B. Apache will not be able to start automatically if your server's private key is encrypted, as it cannot start without the password being entered.
You can now access the GRIA admin pages through HTTPS, e.g. https://localhost/GRIA.
