Discussion:
[otrs] using https
Steve Clark
2007-12-20 14:23:44 UTC
Permalink
Hello List,

Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.

Any help would be appreciated.

Thanks,
Steve
Marius Flage
2007-12-20 14:35:39 UTC
Permalink
Post by Steve Clark
Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.
Just look at the apache documentation for enabling SSL. It's all down to
that. The only thing in the OTRS configuration is about generating of
the URLs.

Here's my configuration:

# ls -l /etc/apache2/sites-available/
total 4
-rw-r--r-- 1 root root 1160 2007-10-16 11:49 default
lrwxrwxrwx 1 root root 43 2007-10-19 11:27 <hostname> ->
/var/vhosts/<hostname>/etc/apache2.conf
lrwxrwxrwx 1 root root 47 2007-10-19 13:41 <hostname>.ssl ->
/var/vhosts/<hostname>/etc/apache2.ssl.conf

Relevant configuration files:

# cat /var/vhosts/<hostname>/etc/apache2.conf
<VirtualHost *>
ServerName <hostname>
DocumentRoot /var/vhosts/<hostname>/htdocs
ErrorLog /var/vhosts/<hostname>/log/error.log
CustomLog /var/vhosts/<hostname>/log/access.log combined
RedirectMatch ^/otrs/$ https://<hostname>/otrs/
RedirectMatch ^/$ https://<hostname>/otrs/
</VirtualHost>

# cat /var/vhosts/<hostname>/etc/apache2.ssl.conf
NameVirtualHost *:443
<VirtualHost *:443>
ServerName <hostname>:443
DocumentRoot /var/vhosts/<hostname>/htdocs/
CustomLog /var/vhosts/<hostname>/log/access.log combined
ErrorLog /var/vhosts/<hostname>/log/error.log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/vhosts/<hostname>/etc/ssl/apache.pem
RedirectMatch ^/$ /otrs/
</VirtualHost>

/var/vhosts/<hostname>/etc/ssl/apache.pem contains the self-signed
certificate.

That should be it :) Of course make sure you have the relevant modules
for apache loaded. I use mod_ssl.

Marius
Steve Clark
2007-12-20 15:39:42 UTC
Permalink
Post by Marius Flage
Post by Steve Clark
Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.
Just look at the apache documentation for enabling SSL. It's all down to
that. The only thing in the OTRS configuration is about generating of
the URLs.
# ls -l /etc/apache2/sites-available/
total 4
-rw-r--r-- 1 root root 1160 2007-10-16 11:49 default
lrwxrwxrwx 1 root root 43 2007-10-19 11:27 <hostname> ->
/var/vhosts/<hostname>/etc/apache2.conf
lrwxrwxrwx 1 root root 47 2007-10-19 13:41 <hostname>.ssl ->
/var/vhosts/<hostname>/etc/apache2.ssl.conf
# cat /var/vhosts/<hostname>/etc/apache2.conf
<VirtualHost *>
ServerName <hostname>
DocumentRoot /var/vhosts/<hostname>/htdocs
ErrorLog /var/vhosts/<hostname>/log/error.log
CustomLog /var/vhosts/<hostname>/log/access.log combined
RedirectMatch ^/otrs/$ https://<hostname>/otrs/
RedirectMatch ^/$ https://<hostname>/otrs/
</VirtualHost>
# cat /var/vhosts/<hostname>/etc/apache2.ssl.conf
NameVirtualHost *:443
<VirtualHost *:443>
ServerName <hostname>:443
DocumentRoot /var/vhosts/<hostname>/htdocs/
CustomLog /var/vhosts/<hostname>/log/access.log combined
ErrorLog /var/vhosts/<hostname>/log/error.log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/vhosts/<hostname>/etc/ssl/apache.pem
RedirectMatch ^/$ /otrs/
</VirtualHost>
/var/vhosts/<hostname>/etc/ssl/apache.pem contains the self-signed
certificate.
That should be it :) Of course make sure you have the relevant modules
for apache loaded. I use mod_ssl.
Marius
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
Thanks - I was also wondering in admin->sysconfig->core there is a
selection for http/https
what does it do?
Peter Hoogkamer
2007-12-20 15:43:29 UTC
Permalink
I am using standard OTRS so with an Apache web server. Is SSL included
with this apache server or should I take different steps to enable
ssl?

Peter
Post by Steve Clark
Post by Marius Flage
Post by Steve Clark
Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.
Just look at the apache documentation for enabling SSL. It's all down to
that. The only thing in the OTRS configuration is about generating of
the URLs.
# ls -l /etc/apache2/sites-available/
total 4
-rw-r--r-- 1 root root 1160 2007-10-16 11:49 default
lrwxrwxrwx 1 root root 43 2007-10-19 11:27 <hostname> ->
/var/vhosts/<hostname>/etc/apache2.conf
lrwxrwxrwx 1 root root 47 2007-10-19 13:41 <hostname>.ssl ->
/var/vhosts/<hostname>/etc/apache2.ssl.conf
# cat /var/vhosts/<hostname>/etc/apache2.conf
<VirtualHost *>
ServerName <hostname>
DocumentRoot /var/vhosts/<hostname>/htdocs
ErrorLog /var/vhosts/<hostname>/log/error.log
CustomLog /var/vhosts/<hostname>/log/access.log combined
RedirectMatch ^/otrs/$ https://<hostname>/otrs/
RedirectMatch ^/$ https://<hostname>/otrs/
</VirtualHost>
# cat /var/vhosts/<hostname>/etc/apache2.ssl.conf
NameVirtualHost *:443
<VirtualHost *:443>
ServerName <hostname>:443
DocumentRoot /var/vhosts/<hostname>/htdocs/
CustomLog /var/vhosts/<hostname>/log/access.log combined
ErrorLog /var/vhosts/<hostname>/log/error.log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/vhosts/<hostname>/etc/ssl/apache.pem
RedirectMatch ^/$ /otrs/
</VirtualHost>
/var/vhosts/<hostname>/etc/ssl/apache.pem contains the self-signed
certificate.
That should be it :) Of course make sure you have the relevant modules
for apache loaded. I use mod_ssl.
Marius
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
Thanks - I was also wondering in admin->sysconfig->core there is a
selection for http/https
what does it do?
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
Marius Flage
2007-12-20 15:53:28 UTC
Permalink
Post by Peter Hoogkamer
I am using standard OTRS so with an Apache web server. Is SSL included
with this apache server or should I take different steps to enable
ssl?
You need to either download and use mod_ssl which is a module for apache
that enables SSL or you need to install apache-ssl. I strongly suggest
using the first approach. It should be packaged with your package
manager if you're using a decent distro. In Debian mod_ssl is packaged
with Apache2, so it's just a matter of enabling the module: 'a2enmod
ssl' or just 'a2enmod' to get a list of available modules and act
accordingly.

Hope this helps.

Marius
Peter Hoogkamer
2007-12-20 15:58:01 UTC
Permalink
Hello Marius,

I am aware of the linux way, but I am using a Windows Server 2003
system with OTRS installed with Apache 2.2. Are you suggesting that I
should search for mod_ssl and insert this in the existing apache
configuration?

Peter
Post by Marius Flage
Post by Peter Hoogkamer
I am using standard OTRS so with an Apache web server. Is SSL included
with this apache server or should I take different steps to enable
ssl?
You need to either download and use mod_ssl which is a module for apache
that enables SSL or you need to install apache-ssl. I strongly suggest
using the first approach. It should be packaged with your package
manager if you're using a decent distro. In Debian mod_ssl is packaged
with Apache2, so it's just a matter of enabling the module: 'a2enmod
ssl' or just 'a2enmod' to get a list of available modules and act
accordingly.
Hope this helps.
Marius
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
Peter Hoogkamer
2007-12-20 16:03:12 UTC
Permalink
Hello Marius,

I have found a website wich explains how to insert mod_ssl into apache
on windows. I am going to try this with the apache within otrs. I
people would like to have the info. Let me know. The website is in
dutch.

Peter
Post by Peter Hoogkamer
Hello Marius,
I am aware of the linux way, but I am using a Windows Server 2003
system with OTRS installed with Apache 2.2. Are you suggesting that I
should search for mod_ssl and insert this in the existing apache
configuration?
Peter
Post by Marius Flage
Post by Peter Hoogkamer
I am using standard OTRS so with an Apache web server. Is SSL included
with this apache server or should I take different steps to enable
ssl?
You need to either download and use mod_ssl which is a module for apache
that enables SSL or you need to install apache-ssl. I strongly suggest
using the first approach. It should be packaged with your package
manager if you're using a decent distro. In Debian mod_ssl is packaged
with Apache2, so it's just a matter of enabling the module: 'a2enmod
ssl' or just 'a2enmod' to get a list of available modules and act
accordingly.
Hope this helps.
Marius
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
Marius Flage
2007-12-20 15:56:07 UTC
Permalink
Post by Steve Clark
Thanks - I was also wondering in admin->sysconfig->core there is a
selection for http/https
what does it do?
As previously stated, this just tells OTRS if it's running over https or
http and (re)writes the URLs accordingly. AFAIK. I've set it to https.

Marius
Mike Lykov
2007-12-20 14:38:18 UTC
Permalink
Post by Steve Clark
Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.
I use https and otrs.
but using https not binded to otrs, it configured in your http server. otrs
works over http & https identically.

here the apache ssl faq
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

Mike
Peter Hoogkamer
2007-12-20 14:50:06 UTC
Permalink
Hello,

Does anybody of you have any idea how to get https going under
windows?? I have an standard OTRS::ITSM 2.2.4 installation on a 2003
Server.

Peter
Post by Mike Lykov
Post by Steve Clark
Does anyone have documentation on the steps necessary to use https for
OTRS. I saw in sysconfig an option for https - but I know changes have
to be
made in the apache config as well as making a certificate.
I use https and otrs.
but using https not binded to otrs, it configured in your http server. otrs
works over http & https identically.
here the apache ssl faq
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
Mike
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting
Marius Flage
2007-12-20 15:36:09 UTC
Permalink
Post by Peter Hoogkamer
Does anybody of you have any idea how to get https going under
windows?? I have an standard OTRS::ITSM 2.2.4 installation on a 2003
Server.
The same applies for Windows as for Linux. It has nothing to do with
OTRS, it all depends on the web server running and its capabilities to
handle SSL. I'm guessing you're using IIS, so you should look up the
configuration for that (and good luck to you!). I seem to recall doing
something like this a while ago, and then it was simply a matter of
clicking through a few dialogs. You can either add another port to the
existing virtual host or just add a new one.

Marius
Loading...