Forum

Hello,

I'm trying to setup Linux machine with Hiawatha + MySQL + Redmine and so far I have succeeded to configure and run Redmine thanks to Hiawatha Forum.
Here is my configuration:
hiawatha.conf

ServerId = redmine
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log

Binding {
        Port = 443
        SSLcertFile = /etc/hiawatha/serverkey.pem
#        RequiredCA = /etc/hiawatha/serverkey.pem
}

Hostname = 127.0.0.1
WebsiteRoot = /srv/http/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log

include /etc/hiawatha/redmine.conf

redmine.conf

FastCGIserver {
        FastCGIid = redmine_fcgi
        ConnectTo = 127.0.0.1:2005
}

UrlToolkit {
        ToolkitID = redmine_toolkit
        RequestURI isfile Return
        Match .* UseFastCGI redmine_fcgi
}

VirtualHost {
        Hostname = 192.168.0.5
        WebsiteRoot = /home/redmine/redmine/public
        UseFastCGI = redmine_fcgi
        UseToolkit = redmine_toolkit
        RequireSSL = yes
}

With configuration above everithing runs fine, but when I uncomment RequiredCA in hiawatha.conf I get from time to time following console messages:

SSL_accept(): protocol error

but page is loaded with artifacts (missing images, ...).
After a while Hiawatha stops responding to browser requests but console messages descibed above are still showed (debug version, hiawatha -d).
I test it with following browsers:

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729))
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Here is my certificate:
/etc/hiawatha/serverkey.pem

-----BEGIN RSA PRIVATE KEY-----
<private key>
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----

This certificate is generated with openssl by following steps described in Hiawatha HOWTO: Normal and SSL bindings [www.hiawatha-webserver.org]. As additional step I converted serverkey.pem to serverkey.p12 so I can import it in Mozilla certificate repository.

openssl pkcs12 -export -in serverkey.pem -out serverkey.p12

I have doubts that generated certificate may be an inappropriate.
I will appreciate any given directions.

Best regards,
Svilen

Hiawatha version: Hiawatha v7.4, cache, debug, IPv6, Monitor, SSL, URL toolkit, XSLT
Operating System: Linux 2.6.36-ARCH #1 SMP PREEMPT Wed Nov 24 06:44:11 UTC 2010 i686

SSLcertFile should point to the file containing the private key and certificate to be used by the webserver. RequiredCA should point to the file containing the certificate of the CA from which the certificate in SSLcertFile is created.

In other words, you need to create a CA with OpenSSL and from that CA, create a certificate for your webserver. RequiredCA should point to the CA certificate file.

I've written a howto for OpenSSL, but it's in Dutch. It think that if you translate it via Google Translate, it's quite readable. You can read it here [translate.google.com].

Hello Hugo,

thank you very much for pointing me article above.

Best regards,
Svilen