Modifying the Apache Configuration Files

  1. Go to your Apache httpd.conf file, located in your Apache directory. (The default location is C:\Program Files\Apache\conf\httpd.conf.)

  2. Comment out the line that says, "include "C:/Program Files/Novell/Tomcat/conf/liberty/liberty_jk.conf" at the end of the file by putting a number sign (#) in front of it.

  3. Go to your Tomcat liberty_jk.conf file (the default location is C:\Program Files\Novell\Tomcat\conf\liberty\liberty_jk.conf.) and copy the following:

    ################## <idpIPaddress>:/nidp #################    # Static files
        Alias /nidp "C:/Program Files/Novell/Tomcat/webapps/nidp"    <Directory "C:/Program Files/Novell/Tomcat/webapps/nidp">
            Options Indexes FollowSymLinks
        </Directory>    # Deny direct access to WEB-INF and META-INF
        #
        <Location "/nidp/WEB-INF/*">
            AllowOverride None
            deny from all
        </Location>    <Location "/nidp/META-INF/*">
            AllowOverride None
            deny from all
        </Location>
        #
        # Use Directory too. On Windows, Location doesn't work unless case matches
        #
        <Directory "C:/Program Files/Novell/Tomcat/webapps/nidp/WEB-INF/">
            AllowOverride None
            deny from all
        </Directory>    <Directory "C:/Program Files/Novell/Tomcat/webapps/nidp/META-INF/">
            AllowOverride None
            deny from all
        </Directory>    JkMount /nidp/slo  ajp13
        JkMount /nidp/*.css  ajp13
        JkMount /nidp/slo_return  ajp13
        JkMount /nidp/term  ajp13
        JkMount /nidp/soap  ajp13
        JkMount /nidp/setintro  ajp13
        JkMount /nidp/rni  ajp13
        JkMount /nidp/sso  ajp13
        JkMount /nidp/*.jsp  ajp13
        JkMount /nidp/logview  ajp13
        JkMount /nidp/*.gif  ajp13
        JkMount /nidp/metadata  ajp13
        JkMount /nidp/rni_return  ajp13
        JkMount /nidp/term_return  ajp13
        JkMount /nidp/*.js  ajp13
        JkMount /nidp/*  ajp13
        JkMount /nidp  ajp13

  4. Paste the data in your Apache ssl.conf file (the default location is C:\Program Files\Novell\Apache\conf\ssl.conf) before the line </VirtualHost> at the end of the file.

  5. Copy the entire virtual host section (from <VirtualHost_default_:443> to </VirtualHost>) of your Apache ssl.conf file (the default location is C:\Program Files\Novell\Apache\conf\ssl.conf).

  6. Paste the virtual host data at the end of the Apache ssl.conf file (the default location is C:\Program Files\Novell\Apache\conf\ssl.conf) after the </VirtualHost> line to create a second virtual host section for the common domain.

  7. In the second virtual host section you just created, remove the eMFrame section, as shown:

    ################### localhost:/eMFrame ##################    # Static files
        Alias /eMFrame "C:/PROGRA~1/Novell/Tomcat/webapps/eMFrame"    <Directory "C:/PROGRA~1/Novell/Tomcat/webapps/eMFrame">
           Options Indexes FollowSymLinks
           DirectoryIndex index.html index.htm index.jsp
        </Directory>    # Deny direct access to WEB-INF and META-INF
        #
        <Location "/eMFrame/WEB-INF/*">
            AllowOverride None
            deny from all
        </Location>    <Location "/eMFrame/META-INF/*">
            AllowOverride None
            deny from all
        </Location>
        #
        # Use Directory too. On Windows, Location doesn't work unless case matches
        #
        <Directory "C:/PROGRA~1/Novell/Tomcat/webapps/eMFrame/WEB-INF/">
            AllowOverride None
            deny from all
        </Directory>    <Directory "C:/PROGRA~1/Novell/Tomcat/webapps/eMFrame/META-INF/">
            AllowOverride None
            deny from all
        </Directory>    JkMount /eMFrame/webacc  ajp13
        JkMount /eMFrame/webacc/*  ajp13
        JkMount /eMFrame/*.jsp  ajp13

  8. In this same Apache ssl.conf file, add a line for a second SSL listening port for the common domain. (You could add a second IP address instead of a second port. See the Apache Web site for details.

    Change the following:

    #
    # When we also provide SSL we have to listen to the
    # standard HTTP port (see above) and to the HTTPS port
    #
    Listen 443

    to the following:

    #
    # When we also provide SSL we have to listen to the
    # standard HTTP port (see above) and to the HTTPS port
    #
    Listen 443
    Listen 444

  9. In the same Apache ssl.conf file, modify the following lines that are bolded as shown in the first virtual host section:

    #   Server Certificate:
    #   Point SSLCertificateFile at a PEM encoded certificate.  If
    #   the certificate is encrypted, then you will be prompted for a
    #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
    #   in mind that if you have both an RSA and a DSA certificate you
    #   can configure both in parallel (to also allow the use of DSA
    #   ciphers, etc.)
    SSLCertificateFile conf/ssl/myssl.crt
    #SSLCertificateFile conf/ssl.crt/server-dsa.crt#   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile conf/ssl/myssl.key
    #SSLCertificateKeyFile conf/ssl.key/server-dsa.key#   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile conf/ssl/trustedroot.crt
    #SSLCertificateChainFile conf/ssl.crt/ca.crt

  10. If you are using self-signed certificates, the last bolded line above is not needed.

  11. In this same file, make the following changes (bolded as shown) to the second virtual host section for the common domain virtual host:

    <VirtualHost nidp.commondomain.com:444>#  General setup for the virtual host
    DocumentRoot C:/PROGRA~1/Novell/Apache/htdocs
    ServerName nidp.commondomain.com:444#   Server Certificate:
    #   Point SSLCertificateFile at a PEM encoded certificate.  If
    #   the certificate is encrypted, then you will be prompted for a
    #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
    #   in mind that if you have both an RSA and a DSA certificate you
    #   can configure both in parallel (to also allow the use of DSA
    #   ciphers, etc.)
    SSLCertificateFile conf/ssl/mycommonssl.crt
    #SSLCertificateFile conf/ssl.crt/server-dsa.crt#   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile conf/ssl/mycommonssl.key
    #SSLCertificateKeyFile conf/ssl.key/server-dsa.key
    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile conf/ssl/trustedroot.crt
    #SSLCertificateChainFile conf/ssl.crt/ca.crt

  12. If you are using self-signed certificates, the last bolded line above is not needed.

NOTE:  If you are using a different port rather than a different IP address for the common domain, you need to add the port to the Allow Introductions Common Domain in the site configuration using iManager.



  Previous Page: Modifying Apache  Next Page: Importing Trusted Roots