[BlueOnyx:15012] Re: SSL change after updates?

Matt James matt at rainstorminc.com
Wed Mar 26 10:48:34 -05 2014 

Hi Michael,

Do you have any news on this?

Relatedly: I've been delaying server updates on a couple of our servers due to this change.  Can you tell me which packages I should avoid updating that would pertain to this?  I'd love to apply whatever patches I can while we work through the wildcard SSL issue.

Thanks!

--
Matt James
RainStorm, Inc
(207) 866-3908

On Mar 10, 2014, at 9:09 AM, Matt James <matt at rainstorminc.com> wrote:

> Hi Michael,
> 
> I have run into another issue related to the SSL conf update pushed out in mid February (we were behind on our updates, so I'm just seeing this behavior now).
> 
> We have a couple of sites on our servers that use wildcard domains and SSLs.  Unfortunately, the GUI does not support adding a wildcard web alias *.domain.com (we get a validation error).  In the past, we've gotten around this by adding a ServerAlias line to the vhost include file for the site.  This always worked for both http and https.
> 
> Unfortunately, it appears that the recent update has caused this behavior to no longer work for https (though http works fine).  I assume the reason is due to changes in the /etc/httpd/conf.d/ssl_perl.conf file.  Short-term, I've been able to work around the issue by manually adding a few of our aliases directly into the GUI.  While this works temporarily for one of our sites, it's not a long term solution for us as this list can grow substantially in the future as users can "create" their own subdomains.
> 
> Ideally, we'd like to have the GUI allow us to put in *.domain.com into the web server aliases field as that would allow us to remove the vhost include file we use as well.  Barring that, any changes that could be made to the recent updates to support the old https behavior would help us as well.
> 
> Thanks for your help!
> 
> --
> Matt James
> RainStorm, Inc
> (207) 866-3908
> 
> On Feb 10, 2014, at 7:32 PM, Michael Stauber <mstauber at blueonyx.it> wrote:
> 
>> Hi Christoph,
>> 
>>> I would vote to have this settable and preferrable be off by default, in 
>>> a lot of situations it is undesirable to have the HSTS policy 
>>> automatically deployed, as once it is set - it is set for a site for a 
>>> quite long time (half a year in our case) and its pretty hard to get rid 
>>> of in your browser.
>> 
>> Ok, I get busy with that. Should be on YUM within the next 24 hours.
>> 
>> -- 
>> With best regards
>> 
>> Michael Stauber
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140326/b3291f4e/attachment.html>

More information about the Blueonyx mailing list