MIDRANGE dot COM Mailing List Archive



Home » PCTECH » April 2012

Linux front end to Exchange OWA self-signed cert problem



fixed

I've posted this on a couple of Linux support boards but haven't gotten
a serious solution response.

I've been running an IBMi Apache as a front end to Exchange OWA using
reverse proxy. Unfortunately the IBMi is going to be retired soon.

I am setting up a Fedora 16 with Apache. I am using the identical config
that I am using on the IBMi. The problem is that the Fedora doesn't like
the Exchange self-signed cert. If I turn off SSL then the browsers keep
getting back addresses without anything prior to the domain (HTTPS://)
and thus can't find the pages.

What I've asked for and no one has actually responded to is, how do I
import the Exchange cert (I can export it fine) to Apache so that it
will 1) trust Exchange as a client, 2) not mess up Apache's self signed
cert for the WAN side, and 3) allow the browsers to keep getting the
HTTPS:// so all the pages will resolve back to Apache?

Thanks.

Roger Vicker, CCP

==== Config ====
ProxyReceiveBufferSize 1024


#Exchange

<VirtualHost *:443>
# DocumentRoot /var/www/html/

RequestHeader set Front-End-Https "On"

RewriteEngine On

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLEngine On
SSLProxyEngine On
SSLProxyVerify Optional

SetEnv HTTPS_PORT 443

ExpiresActive On
ExpiresDefault "access plus 300 seconds"

# UserDir /var/www/html/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost On
ProxyBadHeader StartBody
ProxyVia On

#OWA % character in email subject fix
# RewriteMap percentsubject int:escape
# RewriteCond $1 ^/owa/.*\%.*$
# RewriteRule (/owa/.*) ${percentsubject:$1} [P]

RewriteRule ^/owa$ owa/ [R]

<Location /owa>
ProxyPass http://exchange.public.org/owa
ProxyPassReverse http://exchange.public.org/owa
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /OAB>
ProxyPass http://exchange.public.org/OAB
ProxyPassReverse http://exchange.public.org/OAB
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /rpc>
ProxyPass http://exchange.public.org/rpc
ProxyPassReverse http://exchange.public.org/rpc
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /ecp>
ProxyPass http://exchange.public.org/ecp
ProxyPassReverse http://exchange.public.org/ecp
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /RpcWithCert>
ProxyPass http://exchange.public.org/RpcWithCert
ProxyPassReverse http://exchange.public.org/RpcWithCert
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

# Enables Windows Mobile ActiveSync
<Location /Microsoft-Server-ActiveSync>
ProxyPass http://exchange.public.org/Microsoft-Server-ActiveSync
ProxyPassReverse http://exchange.public.org/Microsoft-Server-ActiveSync
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

</VirtualHost>
#/Exchange

==== /CONFIG ====






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact