If you are going to use Apache web server, there are some necessary steps to configure the basic Apache configuration to run Roll Call Connect successfully.
Copy SSL Certificates
In order to use SSL, you must copy the SSL Certificate files previously generated to a location on the machine. Create a directory in the location of your choice and copy the two crt files and the key.pem file to this location. You will need to specify this location when you configure Apache.
Modify the Apache Configuration
You will need to modify the httpd.conf file that is included with Apache. It is located as follows:
- Mac OS X = /private/etc/apache2/httpd.conf
- Windows = C:\Program Files\Apache\conf\httpd.conf
Download this Apache Config file and copy the text to the bottom of the httpd.conf file using an editor. The configuration file will allow traffic directly using https as well as redirect traffic from http to https. Make sure to change the parts in [[]] with your specific entries. This assumes using port 443. If you use another port change 443 to whatever you choose.
Restart your Apache web server.
The following lines illustrate the lines in the file you can copy using the link above.
Listen 80
Listen 443
# On Mac the next 4 lines (of LoadModule declarations) should be removed since they are already being loaded earlier in the file.
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName [[SSL domain name]]
<VirtualHost *:80>
ServerName [[SSL domain name]]
Redirect permanent / [[SSL domain name]]/
</VirtualHost>
<VirtualHost *:443>
ServerName [[SSL domain name]]
SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:-DH+3DES:-RSA+3DES !DES-CBC3-SHA !ECDHE-RSA-DES-CBC3-SHA"
SSLProtocol +TLSv1.2 +TLSv1.1
SSLEngine on
SSLCertificateFile [[crtfiledestination]]
SSLCertificateKeyFile [[keyfiledestination]]
SSLCACertificateFile [[CAcrtfiledestination]]
<IfModule mod_proxy.c>
ProxyRequests Off
<Location />
ProxyPass http://[[internalIPaddress]]:[[webport]]/
ProxyPassReverse http://[[internalIPaddress]]:[[webport]]/
RequestHeader set X-Forwarded-Proto "https"
</Location>
</IfModule>
</VirtualHost>
Where:
- [[SSL domain name]] is the domain used to obtain the SSL certificate.
-
[[crtfiledestination]] is the file directory and name of the crt file.
Windows – ex: “C:/Apache24/ApacheCerts/…”Mac – ex: /etc/ssl/crt/…
- [[keyfiledestination]] is the file directory and name of the key file. See example above for formatting.
- [[CAcrtfiledestination]] is the file directory and name of the CA crt file. See example above for formatting.
- [[internalIPaddress]] is the internal IP address of the machine running Roll Call Web Server.
- [[webport]] is the port number where Roll Call’s web server is running on (if it is port 80 then you do not need to specify this).
Save the configuration file and restart Apache. You should now be able to test your domain using SL. Open a browser and type https://[[yourSSLdomain]]:[[webport]]/co and see the login page for Roll Call connect. If using port 443 then you don’t need to specify [[webport]].