Linux front end to Exchange OWA self-signed cert problem

["Roger Vicker, CCP" <rv-tech@xxxxxxxxxx>]

I've posted this on a couple of Linux support boards but haven't gotten
a serious solution response.

I've been running an IBMi Apache as a front end to Exchange OWA using
reverse proxy. Unfortunately the IBMi is going to be retired soon.

I am setting up a Fedora 16 with Apache. I am using the identical config
that I am using on the IBMi. The problem is that the Fedora doesn't like
the Exchange self-signed cert. If I turn off SSL then the browsers keep
getting back addresses without anything prior to the domain (HTTPS://)
and thus can't find the pages.

What I've asked for and no one has actually responded to is, how do I
import the Exchange cert (I can export it fine) to Apache so that it
will 1) trust Exchange as a client, 2) not mess up Apache's self signed
cert for the WAN side, and 3) allow the browsers to keep getting the
HTTPS:// so all the pages will resolve back to Apache?

Thanks.

Roger Vicker, CCP

==== Config ====
> ProxyReceiveBufferSize 1024
>
>
> #Exchange
>
> <VirtualHost *:443>
> # DocumentRoot /var/www/html/
>
> RequestHeader set Front-End-Https "On"
>
> RewriteEngine On
>
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
>
> SSLEngine On
> SSLProxyEngine On
> SSLProxyVerify Optional
>
> SetEnv HTTPS_PORT 443
>
> ExpiresActive On
> ExpiresDefault "access plus 300 seconds"
>
> # UserDir /var/www/html/
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPreserveHost On
> ProxyBadHeader StartBody
> ProxyVia On
>
> #OWA % character in email subject fix
> # RewriteMap percentsubject int:escape
> # RewriteCond $1 ^/owa/.*\%.*$
> # RewriteRule (/owa/.*) ${percentsubject:$1} [P]
>
> RewriteRule ^/owa$ owa/ [R]
>
> <Location /owa>
> ProxyPass http://exchange.public.org/owa
> ProxyPassReverse http://exchange.public.org/owa
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> <Location /OAB>
> ProxyPass http://exchange.public.org/OAB
> ProxyPassReverse http://exchange.public.org/OAB
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> <Location /rpc>
> ProxyPass http://exchange.public.org/rpc
> ProxyPassReverse http://exchange.public.org/rpc
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> <Location /ecp>
> ProxyPass http://exchange.public.org/ecp
> ProxyPassReverse http://exchange.public.org/ecp
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> <Location /RpcWithCert>
> ProxyPass http://exchange.public.org/RpcWithCert
> ProxyPassReverse http://exchange.public.org/RpcWithCert
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> # Enables Windows Mobile ActiveSync
> <Location /Microsoft-Server-ActiveSync>
> ProxyPass http://exchange.public.org/Microsoft-Server-ActiveSync
> ProxyPassReverse http://exchange.public.org/Microsoft-Server-ActiveSync
> SSLRequireSSL
>
> # Rewrite the WWW-Authenticate header to strip out Windows Integrated
> # Authentication (NTLM) and only use Basic-Auth
> SetEnvIf User-Agent ".*MSIE.*" value
> SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
> Header Always Unset WWW-Authenticate
> Header Always Add WWW-Authenticate "Basic realm=www.public.org"
> </Location>
>
> </VirtualHost>
> #/Exchange

==== /CONFIG ====