[ietf78-tech] Fwd: Certificates for the IETF
Jim Martin
jim at daedelus.com
Wed Jul 14 11:53:01 PDT 2010
Folks,
Could you guys sanity check this for John and I? I can't imagine you would really need a separate cert per van. John, no offense intended, but I want to be really sure before I go back to Russ for yet something else.
-Jim
Sent from my iPhone
Begin forwarded message:
> From: John Kemp <kemp at network-services.uoregon.edu>
> Date: July 14, 2010 10:17:03 AM PDT
> To: Jim Martin <jim at daedelus.com>
> Subject: Re: Certificates for the IETF
> Reply-To: kemp at network-services.uoregon.edu
>
> On 07/13/2010 09:36 AM, Jim Martin wrote:
>> Ray,
>> The cert for portal.meeting.ietf.org should go to John, since he's the guy actually building the boxes.
>>
>> Thanks!
>>
>> - Jim
>>
>
> Gah.
>
> I just realized that we require one more certificate for the 2nd vlan.
> Hopefully, that should do it. I believe we only have "ietf-portal" and
> "ipef-a-portal". So maybe: https://portal-a.meeting.ietf.org/ as well???
>
> Should I just generate the csr and ask for 1 more?
>
> /jgk
>
>
> --> here's the sequence. Upshot is that we need to hand the
> user: https://NAME/, otherwise, they will get a match error at
> the point the SSL starts to check. And we can't hand them a
> NAME on a vlan outside of the redirect to local bridge ip so...
>
> Iptables redirects user to br_int_ip.
> br_int_ip is an IP Virtual Host in apache.
> http -> https/NAME/index.pl?redir=...
> Apache also does rewrite of any https URL to a NAME/index.pl
>
> index.pl/Apache processes "index.pl" looks at the client IP.
> index.pl determines the vlan.
> index.pl uses br_int_name as POST action
> Configured br_int_name is then filled in as the POST action
>
> -----------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100714/8fc1b54a/attachment.html
More information about the ietf78-tech
mailing list