My employer recently forced me to stop all unsecured web traffic to my listserv host. I did what you did, enabling the SSL virtualhost appropriately within apache. To eliminate the unsecured web connections, I added this to the beginning of the virtualhost that handles all traffic to port 80:
1) fixed the line in mail template $WWW_IMAGE_URL that sets the value of WWWHOST
old line:
.SE WWWHOST
http://&MYHOST
new line:
.SE WWWHOST
https://&MYHOST
2) added a line right after setting WWWHOST that sets WA_URL:
.SE WA_URL &WWWHOST/cgi-bin/wa
These two changes must be done in the site mail templates (site.mailtpl, if you care to look at the file). I used the web interface to make the changes. If you have any lists that defined $WWW_IMAGE_URL, you must fix it there, too.
3) once I changed $WWW_IMAGE_URL to set WWWHOST and WA_URL correctly, I had to insure that $WWW_IMAGE_URL is imbedded in a couple templates. Specifically, I added this line:
.IM $WWW_IMAGE_URL
at the top of these templates:
CONFIRM1
SUBSCRIBE_CONFIRM1
ADDREQ1
again, I did this in the web interface for site mail templates and for any list that defined these templates.
The three templates in which I had to include the imbed for $WWW_IMAGE_URL all use the URLENCODE() function. If you do a url-encoding on a value, then you pass that to apache and it returns a redirect, the query gets encoded twice, which mangles it so that it doesn't work. Thus, the solution is to make sure to use https directly in those templates that use URLENCODE().
I would like to find a way to define WA_URL correctly without having to imbed. So far, I can't figure out how to do that, but I'm still working on it.
Jim Liebgott
UNL UNIX admin
I need to set up ssl fo that the webui is secured.
Openssl and mod ssl is installed. I madethe certs and keys.
I am working on the changes to ssl.conf, mainly the virtual host entry.
I am trying to figure out what my document root is, so I can put it into the virtualhost entry.
I have tried a couple of things, and on restarting httpd, I get an error that it cannot find with doc root location.
The webui still works, it just is not secure.
This rhel6 server serves no other webpages, just my listserv. Which was installed without any special changes.
To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1