Cisco Headend System Release 2.7 Guide De Montage
Enable the Secure Socket Layer (SSL) with Apache2
4038415 Rev A
115
2 Type the following commands and then press Enter to enable SSL using svccfg.
svccfg
svc:> select apache2
svc:/network/http:apache2> listprop httpd/ssl
httpd/ssl boolean false
svc:/network/http:apache2> setprop httpd/ssl = true
svc:/network/http:apache2> exit
3 Edit the /etc/apache2/ssl.conf file and modify the "SSLCipherSuite" property to
add "ADH-RC4-MD5". This enables the CipherSuite ADH-RC4-MD5 on the
Apache service. The updated line should look like this example:
Apache service. The updated line should look like this example:
SSLCipherSuite ALL:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-
DHE-DSS-AES256-SHA:RC4+RSA:+ADH-RC4-
MD5:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
DHE-DSS-AES256-SHA:RC4+RSA:+ADH-RC4-
MD5:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Note: The default attribute of the SSLCipherSuite is
'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP''.
This is being changed to allow Anonymous Diff-Hellman key exchange, RC4
encoding, and the MD5 digest algorithm as per the loadPIMS ICD. The ADH-
RC4-MD5 digest algorithm should be preserved for all future versions of the
DNCS. The default '!ADH' does not allow ADH to be added again and should be
removed.
encoding, and the MD5 digest algorithm as per the loadPIMS ICD. The ADH-
RC4-MD5 digest algorithm should be preserved for all future versions of the
DNCS. The default '!ADH' does not allow ADH to be added again and should be
removed.
4 Follow these instructions to edit the ssl.conf file.
Note: A bug in the Apache 2.0.53 code requires that this edit be made.
a Type the following command and then press Enter.
a Type the following command and then press Enter.
cp ssl.conf ssl.conf.`date +%m%d%y`
b Open the ssl.conf file in a text editor.
c Search for the following entry:
c Search for the following entry:
%s/VirtualHost _default_/VirtualHost */
d Change the entry to
<VirtualHost *:443>
.
e Search now for
ServerName acme:443 or ServerName
%%%localhost%%%:443
.
f Change the entry to
ServerName <hostname>:443
.
g Save and close the file.