[LON-CAPA-admin] Re: Lon-capa SSL - system-wide?

Stuart Raeburn raeburn at msu.edu
Tue Sep 15 09:06:56 EDT 2009 

Eric,

> Is this method for setting up SSL communications still valid (with
> the exception of the key request script being in a new location with
> 2.8)?

Yes. You will run request_ssl_key.sh on each machine, following the  
instructions in the listserv post you referenced.

The script you need to run:

/home/httpd/lonCerts/request_ssl_key.sh

has been included with LON-CAPA since verision 1.3 (2004).  However, a  
small change was made to the script for LON-CAPA 2.8.1 so it would run  
successfully from that location.

> Is this method just for setting up intra-server communications?

Yes

> If so, how would we set up SSL (https/443) on the front-end as well?

This is straightforward with Apache2.  You need to install mod_ssl,  
acquire SSL certificates, and modify ssl.conf with the corresponding  
certificate locations.

You should also include an Apache rewrite in ssl.conf such as:

<IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteLogLevel 10
          RewriteCond %{SERVER_PORT} !^443$
          RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
</IfModule>

As far as LON-CAPA is concerned the only things you need to do are:

1. update /home/httpd/lonTabs/hosts.tab by appending :https to the  
entry for a server using SSL on the front end,

e.g.,

vcul1:vcu:library:loncapa2.vcu.edu:https

2. Send a message to loncapa at loncapa.org letting us now which servers  
have been updated to use SSL on the front end.  (This allows update of  
the definitive dns_hosts.tab file, so offloaded of sessions to your  
server(s) from other (busy) servers in the network will continue to  
work.)

Stuart

Stuart Raeburn, Ph.D.
Div. Science & Mathematics Education           
Michigan State University
MI 48824 USA

Quoting Eric Harvey <teharvey at vcu.edu>:

>      Hello,
>
> Is this method for setting up SSL communications still valid (with
> the exception of the key request script being in a new location with
> 2.8)?
> http://mail.lon-capa.org/pipermail/lon-capa-admin/2004-December/000791.html
> Do we need a separate key for each machine?
>
> Is this method just for setting up intra-server communications?
> If so, how would we set up SSL (https/443) on the front-end as well?
>
> Thanks,
> --
>
> Eric Harvey
> VCU Learning Systems
> (804)828-8595
>
> Don't be a phishing victim - VCU and other reputable organizations
> will never use email to request that you reply with your
> password, social security number or confidential personal
> information. For more details visit
> http://infosecurity.vcu.edu/phishing.html[1]
>
>
> Links:
> ------
> [1] http://infosecurity.vcu.edu/phishing.html
>

More information about the LON-CAPA-admin mailing list