http://www.ape-project.org/wiki/index.php/SSL_with_ape
I updated the wiki! 2012/4/16 Michele Vezzoli <michele.vezz...@var-dump.it> > Thank you very much!! > > this configuration works perfectly!!! > > Now I have ape under ssl!!! > > Bye! > > > 2012/4/15 Matija Hiti <matija.h...@gmail.com> > >> Try to add the following line to your stunnel.conf: >> >> delay = no >> TIMEOUTclose = 0 >> >> Matija >> >> >> On 15 April 2012 12:17, Michele Vezzoli <michele.vezz...@var-dump.it>wrote: >> >>> Hi gino, >>> I confirm your test, >>> >>> I have the same problem :) on debian squeeze >>> >>> Bye >>> >>> 2012/4/11 Gino <gin...@gmail.com> >>> >>>> Thanks Matija for the reply. >>>> >>>> >>>> >>>> >>>> I tried opening my browser first to http://0.ape.my-domain.com:6969 >>>> and I immediately get the response from APE with the no command given >>>> message. >>>> Then I tried https://0.ape.your-domain.com:442, I get the same results >>>> but it takes extremely long to get a response. It's probably around 1 >>>> min until I get the same result. >>>> >>>> >>>> >>>> >>>> Based on the logs I see messages like ape connected remote server from >>>> 127.0.0.1:60001, and since I get a response I eventually get a >>>> response I take it stunnel and APE is communicating? >>>> >>>> >>>> >>>> >>>> But I also noticed the following in the logs: >>>> >>>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: Remote FD=15 >>>> initialized >>>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: TCP_NODELAY option set >>>> on remote socket >>>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: Socket closed on read >>>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL write shutdown >>>> 2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL alert (write): >>>> warning: close notify >>>> 2012.04.11 12:30:36 LOG6[2409:140692054951680]: SSL_shutdown >>>> successfully sent close_notify >>>> 2012.04.11 12:30:38 LOG3[2409:140692054882048]: SSL_accept: Peer >>>> suddenly disconnected >>>> 2012.04.11 12:30:38 LOG5[2409:140692054882048]: Connection reset: 0 >>>> bytes sent to SSL, 0 bytes sent to socket >>>> 2012.04.11 12:30:38 LOG7[2409:140692054882048]: ape finished (1 left) >>>> 2012.04.11 12:31:36 LOG6[2409:140692054951680]: s_poll_wait timeout: >>>> connectionclose >>>> 2012.04.11 12:31:36 LOG5[2409:140692054951680]: Connection closed: 395 >>>> bytes sent to SSL, 387 bytes sent to socket >>>> >>>> It says that Peer is suddenly disconnected. Is that normal? >>>> >>>> >>>> The web server I have to use is IIS. It currently has the my- >>>> domain.com cert. In stunnel I placed 3 certs, my-domain.com, *.my- >>>> domain.com, *.ape.my-domian.com. >>>> The wild card certs I made using OpenSSL for now. Would this affect my >>>> setup? >>>> >>>> >>>> On Apr 11, 4:11 am, Matija Hiti <matija.h...@gmail.com> wrote: >>>> > First try if server replies anything through https. >>>> Openhttps://0.ape.your-domain.com:442in your browser. You should get >>>> the same >>>> > response as withhttp://0.ape.your-domain.com:6969 >>>> > >>>> > If this works, dig into the jsf settings. Otherwise, search for >>>> issues on >>>> > server. >>>> > >>>> > For the server certificate: you need two of them. One for the apache >>>> > serving the files (yourdomain.com) and one wildcard for stunnel (*. >>>> > ape.your-domain.com). Stunnel works with bundle file, which includes >>>> your >>>> > certificate, ca certificate and intermediate certificates, if they >>>> exist. >>>> > Add foreground=yes or check the stunnel error log for errors when you >>>> run >>>> > it. >>>> > >>>> > Matija >>>> > >>>> > On 10 April 2012 14:04, Gino <gin...@gmail.com> wrote: >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > > I realized in my previous post I placed the port as 443. That was >>>> just >>>> > > a typo, my configuration has the port set to 442, same port that is >>>> > > set in my apeClientJS.js >>>> > > so my stunnel.conf should be: >>>> > >>>> > > cert = /etc/stunnel/my_main_cert.pem >>>> > > cert = /etc/stunnel/my_ape_cert.pem >>>> > > cert = /etc/stunnel/my_wildcard_cert.pem >>>> > > sslVersion = SSLv3 >>>> > > debug = 7 >>>> > > output = /var/log/stunnel4/stunnel.log >>>> > > [ape] >>>> > > accept = 442 >>>> > > connect = 6969 >>>> > >>>> > > and I still get an error with the Check tool - fail to contact >>>> > >https://ape.my-domain.com:442 >>>> > >>>> > > I still haven't been able to get stunnel to work with APE. I've been >>>> > > reading what I could find in the internet, but no solution yet. >>>> > > Could someone share what certificates they have installed in their >>>> web >>>> > > server and stunnel server. >>>> > > I'm thinking my problem may lie with the certificates I have. As of >>>> > > now I'm using certificates made with OpenSSL. >>>> > >>>> > > I hope someone can help! >>>> > >>>> > > -- >>>> > > You received this message because you are subscribed to the Google >>>> > > Groups "APE Project" group. >>>> > > To post to this group, send email to ape-project@googlegroups.com >>>> > > To unsubscribe from this group, send email to >>>> > > ape-project+unsubscr...@googlegroups.com >>>> > > For more options, visit this group at >>>> > >http://groups.google.com/group/ape-project?hl=en >>>> > > --- >>>> > > APE Project (Ajax Push Engine) >>>> > > Official website :http://www.ape-project.org/ >>>> > > Git Hub :http://github.com/APE-Project/ >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "APE Project" group. >>>> To post to this group, send email to ape-project@googlegroups.com >>>> To unsubscribe from this group, send email to >>>> ape-project+unsubscr...@googlegroups.com >>>> For more options, visit this group at >>>> http://groups.google.com/group/ape-project?hl=en >>>> --- >>>> APE Project (Ajax Push Engine) >>>> Official website : http://www.ape-project.org/ >>>> Git Hub : http://github.com/APE-Project/ >>>> >>> >>> >>> >>> -- >>> ------------------------------ >>> *Michele Vezzoli* *IT Manager* >>> >>> TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 >>> SKYPE: michele.vezzoli.vardump >>> VarDump S.r.l. - www.var-dump.it >>> >>> This e-mail message does not imply or cause any obligation, unless it is >>> provided by a previous written agreement. This message is confidential: if >>> you have received it by mistake, please advise immediately the sender by >>> e-mail and destroy the message and its attachments. You are hereby notified >>> that any unauthorized use of the content of this message could constitute a >>> criminal offence. Thank you. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "APE Project" group. >>> To post to this group, send email to ape-project@googlegroups.com >>> To unsubscribe from this group, send email to >>> ape-project+unsubscr...@googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/group/ape-project?hl=en >>> --- >>> APE Project (Ajax Push Engine) >>> Official website : http://www.ape-project.org/ >>> Git Hub : http://github.com/APE-Project/ >>> >> >> -- >> You received this message because you are subscribed to the Google >> Groups "APE Project" group. >> To post to this group, send email to ape-project@googlegroups.com >> To unsubscribe from this group, send email to >> ape-project+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/ape-project?hl=en >> --- >> APE Project (Ajax Push Engine) >> Official website : http://www.ape-project.org/ >> Git Hub : http://github.com/APE-Project/ >> > > > > -- > ------------------------------ > *Michele Vezzoli* *IT Manager* > > TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 SKYPE: > michele.vezzoli.vardump > VarDump S.r.l. - www.var-dump.it > > This e-mail message does not imply or cause any obligation, unless it is > provided by a previous written agreement. This message is confidential: if > you have received it by mistake, please advise immediately the sender by > e-mail and destroy the message and its attachments. You are hereby notified > that any unauthorized use of the content of this message could constitute a > criminal offence. Thank you. > > -- ------------------------------ *Michele Vezzoli* *IT Manager* TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 SKYPE: michele.vezzoli.vardump VarDump S.r.l. - www.var-dump.it This e-mail message does not imply or cause any obligation, unless it is provided by a previous written agreement. This message is confidential: if you have received it by mistake, please advise immediately the sender by e-mail and destroy the message and its attachments. You are hereby notified that any unauthorized use of the content of this message could constitute a criminal offence. Thank you. -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to ape-project@googlegroups.com To unsubscribe from this group, send email to ape-project+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
