Environment
GWAVA
Wildcard Certificate
Situation
Resolution
If you are using a Wildcard Certificate for SSL on GWAVA and are seeing the problem where GWAVA needs to be restarted every so often to access the QMS via HTTPS, then you need to switch to Apache. Here are steps to follow to set up Apache:
1) Apache needs to be installed on the server. If you are running an appliance previous to G6.x build 36, Apache will need to be installed manually.
If you are using the appliance that has Apache already installed, do the following to enable it:
a) From a prompt type: chkconfig -l apache2
b) If everything says 'off' then type: insserv apache2
c) Then verify that it starts on level 3 and 5 by running the command in step 'a' again: chkconfig -l apache2
d) Start Apache by typing: rcapache2 start
e) Stop Apache by typing: rcapache2 stop
2) If you are using a customer SLES, Enable mod_proxy and SSL under HTTP server in YAST:
http://www.server-world.info/en/note?os=SUSE_Linux_Enterprise_Server_11&p=httpd&f=6
If you are using the GWAVA Appliance do the following:
1) Add proxy options to apache by doing the following:
a) Type: cd /etc/sysconfig
b) Type: vi apache2
c) Find the line for apache modules and add the following to the end: proxy proxy_connect proxy_http
d) Find the line: APACHE_SERVER_FLAGS=" and change to APACHE_SERVER_FLAGS="-DSSL"
e) Save and quit the file by hitting the escape button and then :wq
2) Test that you don't get any errors by typing: apache2ctl configtest
3) Go to /etc/apache2/vhosts.d.
If there is no file called vhost-ssl.conf copy the vhost-ssl.template file and rename it to .conf.
4) Open the vhost-ssl.conf file.
The Virtual Host line should look like this if QMS SSL should be on port 49385.
<VirtualHost *:443>
5) Add these lines below:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.194.20:49285/
ProxyPassReverse / http://192.168.194.20:49285/
ProxyPass and Reverse should point to the IP/Hostname and non SSL port of the QMS. (in this case the default 49285).
6) Make sure SSLengine is enabled. Find the line for SSLEngine and make sure it looks like this:
SSLEngine on
7) Add the path for the certificate and key file, example:
SSLCertificateFile /opt/beginfinite/gwava/certs/gwavassl.crt
SSLCertificateKeyFile /opt/beginfinite/gwava/certs/gwavassl.key
8) Save the changes.
9) Open the listen.conf in /etc/apache2 and add the port you are using for the virtual host in this case 49385.
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>
10) Save the file and restart apache by typing: rcapache2 restart
Note: Apache will ask for the password of the certificate which needs to be entered within two seconds.
If this should be done automatically check this link:
http://www.linuxquestions.org/questions/linux-server-73/apache-requires-ssl-passphrase-671559/
11) The URL will need to be updated for the Digest Release Button Address to https://hostname.com. This is set in the QMS, while logged in as admin, Digest | Settings.
.png)
You should not be able to access the QMS using the link https://hostname.com.