Latest Release‎ > ‎

Apache Configuration

HTTPS Support

The GridShib-CA requires and enforces the use of https. If you search the web for "Apache SSL Howto" you should fine a number of guides, such as the one at LinuxQuestions.org.

Given the TLS MITM renegotiation vulnerability, it is suggested you have the latest (0.9.8l or newer) OpenSSL in use on the system. While it is not obvious the GridShib-CA is vulnerable, a comprehensive analysis has not been undertaken.

You need to configure Apache as follows for the main directory into which you install the GridShib-CA. With Apache2 you should just be able to add a file "gridshib-ca.conf" to /etc/apache2/other/ or /etc/httpd/conf.d/ (depending on your distribution) with the following contents and then restart Apache (apache2ctl restart  or  service httpd restart).

# Make gridshib-ca directory (change to match relative URL as appropriate)
<Directory "/var/www/html/gridshib-ca">

        Options +ExecCGI
        AddHandler cgi-script .cgi
        AddHandler cgi-script .jnlp
        DirectoryIndex GridShibCA.cgi
</Directory>

# Shibboleth-protected directory (change to match relative URL as appropriate)
<Directory "/var/www/html/shib-protected/gridshib-ca">
        Options +ExecCGI
        AddHandler cgi-script .cgi
        AddHandler cgi-script .jnlp
</Directory>

After finishing Apache Configuration, proceed to Shibboleth Configuration.
Comments