I've posted a couple of threads before and haven't gotten any
real feedback.
Using Apache (on Fedora 16 now) as a front end (reverse proxy) to Exchange 2007 and a config that worked on Fedora 8 I get an SSL error because Apache doesn't trust the self-signed cert from Exchange.
If I change the reverse proxy to not use SSL between it and Exchange I get farther but every page comes back in the browser address bar missing "https://". If I manually place it in front of the returned address I can get the pages until the one after the login.
Both of these issues were the same when previously trying Fedora 14.
What I am looking for is:
1) How to import (I can export from Exchange) the self-signed certificate so that it doesn't conflict with Apache's self-signed certificate for the WAN side.
2) Instead. Get the returned addresses to the browsers to be properly formatted.
I would prefer #1 as it keeps a tighter network but am also not sure if #2 still won't be necessary once past #1.
Thanks.
ProxyReceiveBufferSize 1024
#Exchange
<VirtualHost *:443>
# DocumentRoot /var/www/html/
RequestHeader set Front-End-Https "On"
RewriteEngine On
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLEngine On
SSLProxyEngine On
SSLProxyVerify Optional
SetEnv HTTPS_PORT 443
ExpiresActive On
ExpiresDefault "access plus 300 seconds"
# UserDir /var/www/html/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyBadHeader StartBody
ProxyVia On
#OWA % character in email subject fix
# RewriteMap percentsubject int:escape
# RewriteCond $1 ^/owa/.*\%.*$
# RewriteRule (/owa/.*) ${percentsubject:$1} [P]
RewriteRule ^/owa$ owa/ [R]
<Location /owa>
ProxyPass
http://exchange.public.org/owa
ProxyPassReverse
http://exchange.public.org/owa
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
<Location /OAB>
ProxyPass
http://exchange.public.org/OAB
ProxyPassReverse
http://exchange.public.org/OAB
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
<Location /rpc>
ProxyPass
http://exchange.public.org/rpc
ProxyPassReverse
http://exchange.public.org/rpc
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
<Location /ecp>
ProxyPass
http://exchange.public.org/ecp
ProxyPassReverse
http://exchange.public.org/ecp
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
<Location /RpcWithCert>
ProxyPass
http://exchange.public.org/RpcWithCert
ProxyPassReverse
http://exchange.public.org/RpcWithCert
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
# Enables Windows Mobile ActiveSync
<Location /Microsoft-Server-ActiveSync>
ProxyPass
http://exchange.public.org/Microsoft-Server-ActiveSync
ProxyPassReverse
http://exchange.public.org/Microsoft-Server-ActiveSync
SSLRequireSSL
# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>
</VirtualHost>
#/Exchange