Article delegate-en/2392 of [1-5042] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en
[DeleGate-En] How To DeleGate multiple names under one SSL cert
03 Sep 2003 17:08:19 GMT "Rich Deeming" <plaeqbdyi-kaiadrrizeb6.ml@delegate.org> 
Greetings,

I am trying to use DeleGate to allow me to create multiple host names
under domain.com using a single SSL cert registered under the name
ssl.domain.com.

Using DeleGate, is there a way I can get around the Alert messages such as
this one from MS Exploder "The name on the security certificate is invalid
or does not match the name of the site."?

I would like to have correlating names to the secure services but going
through one certificate.
   https://mail.domain.com to access the SSL web mail server
   https://ftp.domain.com to the secure ftp server
   ...
I have one SSL certificate under the name ssl.domain.com.

As it sits now this is what I am doing.

https://mail.domain.com:443 --> FireWall NAT
   --> https://ssl.domain.com:443 --> DeleGate
   --> http://ssl.domain.com:80

This is the command I am using to start DeleGate.

./delegated -f -vv -Pssl.domain.com:443 OWNER=sshd/sshd
DGROOT=/etc/delegate SERVER=https MOUNT="/* http://ssl.domain.com/*"
RELIABLE=* PERMIT="http:ssl.domain.com:*" FCL="sslway -cert
ssl.domain.com.cer -key ssl.domain.com.key -CAfile IPSCACLASEA1.crt"



This is the DeleGate output when I start and attempt an HTTPS connection.

09/03 10:43:02.37 [9713] 0+0: PORT> -Pssl.domain.com:443
09/03 10:43:02.38 [9713] 0+0: TMPFILE(new_shared) = (3)
/etc/delegate/tmp/dg9713.1.1062607382
09/03 10:43:02.38 [9713] 0+0: >>>TMPFILE(new_shared)>>>81838d8[3]
09/03 10:43:02.38 [9713] 0+0: [-] localhost
09/03 10:43:02.38 [9713] 0+0: [-] 127.0.0.1
09/03 10:43:02.38 [9713] 0+0: HOSTS[0]=localhost/127.0.0.1 (PREDEF)
09/03 10:43:02.38 [9713] 0+0: [-] .af-local
09/03 10:43:02.38 [9713] 0+0: [-] 127.0.0.127
09/03 10:43:02.38 [9713] 0+0: HOSTS[1]=.af-local/127.0.0.127 (PREDEF)
09/03 10:43:02.38 [9713] 0+0: scanned
HOSTS=localhost/127.0.0.1,.af-local/127.0.0.127
09/03 10:43:02.38 [9713] 0+0: *** GETHOSTBYNAME: r1.domain.com / 0.00
secs. has_alias:0
09/03 10:43:02.38 [9713] 0+0: HOSTS[2]={r1.domain.com,r1}/192.168.201.2
09/03 10:43:02.38 [9713] 0+0: configuring default RESOLV ...
09/03 10:43:02.38 [9713] 0+0: ... SYS: r1 -> 192.168.201.2
09/03 10:43:02.39 [9713] 0+0: ... DNS: 192.168.201.2 -> r1.domain.com
09/03 10:43:02.39 [9713] 0+0: ... DNS available
09/03 10:43:02.39 [9713] 0+0: ... NIS not available (no default domain)
09/03 10:43:02.39 [9713] 0+0: ... export RES_ORDER=CFD
09/03 10:43:02.39 [9713] 0+0: export RESOLV=cache,file,dns (set by default)
09/03 10:43:02.39 [9713] 0+0: setsockbuf[7] in:0->0 out:65535->131072
09/03 10:43:02.39 [9713] 0+0: --INITIALIZATION START: 8.6.5 on
Linux/2.4.19-4GB-SMP--
09/03 10:43:02.39 [9713] 0+0: SPECIALIST: https
09/03 10:43:02.39 [9713] 0+0: gethostbyname(ssl.domain.com).
09/03 10:43:02.39 [9713] 0+0: *** gethostbyname(ssl.domain.com):
ssl.domain.com / 0.00 secs. has_alias:0
09/03 10:43:02.39 [9713] 0+0: HOSTS[3]=ssl.domain.com/192.168.100.4
09/03 10:43:02.39 [9713] 0+0:
server_open(delegate,ssl.domain.com:443,listen=20)
09/03 10:43:02.39 [9713] 0+0: server_open: ssl.domain.com:443
09/03 10:43:02.39 [9713] 0+0: listen(8,20) OK.
09/03 10:43:02.39 [9713] 0+0: server_open(delegate,ssl.domain.com:443) BOUND
09/03 10:43:02.39 [9713] 0+0: DGROOT=/etc/delegate^M
09/03 10:43:02.39 [9713] 0+0: <DeleGate/8.6.5 by ysato AT delegate DOT
org> [9713] -Pssl.domain.com:443 READY^M
<DeleGate/8.6.5 by ysato AT delegate DOT org> [9713] -Pssl.domain.com:443
READY
DGROOT=/etc/delegate
ADMIN=delegate@domain..
AIST Product ID: 2000-ETL-198715-01, H14PRO-049
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2003 National Institute of Advanced Industrial Science
and Technology (AIST)
09/03 10:43:02.39 [9713] 0+0: PORT= ssl.domain.com:443/8 (1,187)
09/03 10:43:02.39 [9713] 0+0: OWNER=sshd/sshd => OWNER=sshd/sshd(sshd/sshd)
09/03 10:43:02.39 [9713] 0+0: SPECIALIST: https
09/03 10:43:02.39 [9713] 0+0: ##DeleGate/6.X: MIMECONV=thru is set by
default. MIMECONV="" will make it compatible with former versions.
09/03 10:43:02.39 [9713] 0+0: dirfopen(/etc/delegate/log/errors.log,a):
8185470 [9]
09/03 10:43:02.39 [9713] 0+0: #### newRoute[NOTIFYPLTFM] 0/16
09/03 10:43:02.39 [9713] 0+0: [0] NOTIFYPLTFM=://:0-_-{}:{}
09/03 10:43:02.39 [9713] 0+0: #### newRoute[REMITTABLE] 0/16
09/03 10:43:02.39 [9713] 0+0: [0]
REMITTABLE={}{http,https/{443,563},gopher,ftp,wais}:{*}:{*}
09/03 10:43:02.39 [9713] 0+0: REMITTABLE =
http,https/{443,563},gopher,ftp,wais
09/03 10:43:02.39 [9713] 0+0: #### newRoute[PERMIT] 0/16
09/03 10:43:02.39 [9713] 0+0: [0] PERMIT={}{http}:{ssl.domain.com}:{*}
09/03 10:43:02.39 [9713] 0+0: #### newRoute[RELIABLE] 0/16
09/03 10:43:02.39 [9713] 0+0: [0] RELIABLE=://:0-_-{}:{}
09/03 10:43:02.39 [9713] 0+0: #### newRoute[CMAP] 0/16
09/03 10:43:02.39 [9713] 0+0: [0]
CMAP={delegate,nojava}relay{*}:{*}:{.localnet}
09/03 10:43:02.39 [9713] 0+0: #### newRoute[CMAP] 1/16
09/03 10:43:02.39 [9713] 0+0: [1] CMAP={proxy}relay{*}:{*}:{*}
09/03 10:43:02.39 [9713] 0+0: ### [0] sslway 0
09/03 10:43:02.39 [9713] 0+0: ### [1] /etc/delegate/sslway 0
09/03 10:43:02.39 [9713] 0+0: ### [2] /etc/delegate/lib/sslway 8191930
09/03 10:43:02.39 [9713] 0+0: LIBPATH: sslway -> /etc/delegate/lib/sslway
09/03 10:43:02.39 [9713] 0+0: #### [/etc/delegate/lib/sslway](7) sslway
-cert ssl.domain.com.cer -key ssl.domain.com.key -CAfile IPSCACLASEA1.crt
09/03 10:43:02.39 [9713] 0+0: CFI: [/etc/delegate/lib/sslway]sslway -cert
ssl.domain.com.cer -key ssl.domain.com.key -CAfile IPSCACLASEA1.crt ->
/etc/delegate/lib/sslway
09/03 10:43:02.39 [9713] 0+0: ### [0] gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [1] /etc/delegate/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [2] /etc/delegate/lib/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [3] /etc/delegate/./gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [0] /sbin/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [1] /usr/sbin/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [2] /usr/local/sbin/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [3] /usr/local/bin/gzip 0
09/03 10:43:02.39 [9713] 0+0: ### [4] /usr/bin/gzip 8191b18
09/03 10:43:02.39 [9713] 0+0: PATH: gzip -> /usr/bin/gzip
09/03 10:43:02.39 [9713] 0+0: #### gzip = [/usr/bin/gzip]gzip
09/03 10:43:02.39 [9713] 0+0: #### gunzip = [/usr/bin/gzip]gzip -d
09/03 10:43:02.39 [9713] 0+0: ADMIN=delegate@domain..
protocol=https(specialist)
-delegated[9713]- WARNING! ADMIN="your_mail_address" should be specified.
-delegated[9713]- INFO: using ADMIN=delegate@domain.. given at compile
time.
09/03 10:43:02.39 [9713] 0+0: ##DeleGate/6.X: created directory/file will
be non-sharable. SHARE="" will make it compatible with former versions.
09/03 10:43:02.39 [9713] 0+0: /* http://ssl.domain.com/*
09/03 10:43:02.39 [9713] 0+0: IGNORE DUPLICATE MOUNT[0] /-* = default
09/03 10:43:02.39 [9713] 0+0: IGNORE DUPLICATE MOUNT[1] /=* = default
09/03 10:43:02.39 [9713] 0+0: MOUNT[0]X[3] /-/builtin/icons/* = default
09/03 10:43:02.39 [9713] 0+0: MOUNT[1]X[4] /-/* =
forbidden,from=!.RELIABLE,default
09/03 10:43:02.39 [9713] 0+0: MOUNT[2]X[0] /-* = default
09/03 10:43:02.39 [9713] 0+0: MOUNT[3]X[1] /=* = default
09/03 10:43:02.39 [9713] 0+0: MOUNT[4]X[2] /* http://ssl.domain.com/*
09/03 10:43:02.39 [9713] 0+0: S[ssl.domain.com] = UP[]U[]P[] +
HP[ssl.domain.com]H[ssl.domain.com]P[]
09/03 10:43:02.39 [9713] 0+0: MOUNT HOST ssl.domain.com=192.168.100.4
09/03 10:43:02.39 [9713] 0+0: [4] MOUNT=/
http://ssl.domain.com[192.168.100.4]:80/
09/03 10:43:02.40 [9713] 0+0: HOSTS[3]=ssl.domain.com/192.168.100.4 marked
PREDEF
09/03 10:43:02.40 [9713] 0+0:
dirfopen(/etc/delegate/act/pid/ssl.domain.com:443,w+): 81a3098 [10]
09/03 10:43:02.40 [9713] 0+0: env[52]
LIBPATH=.;/etc/delegate;/etc/delegate/lib;.
09/03 10:43:02.40 [9713] 0+0: env[54] RESOLV=cache,file,dns
09/03 10:43:02.40 [9713] 0+0: arg[4] OWNER=sshd/sshd
09/03 10:43:02.40 [9713] 0+0: arg[5] DGROOT=/etc/delegate
09/03 10:43:02.40 [9713] 0+0: arg[6] SERVER=https
09/03 10:43:02.40 [9713] 0+0: arg[7] MOUNT=/* http://ssl.domain.com/*
09/03 10:43:02.40 [9713] 0+0: arg[8] RELIABLE=*
09/03 10:43:02.40 [9713] 0+0: arg[9] PERMIT=http:ssl.domain.com:*
09/03 10:43:02.40 [9713] 0+0: arg[10] FCL=sslway -cert ssl.domain.com.cer
-key ssl.domain.com.key -CAfile IPSCACLASEA1.crt
09/03 10:43:02.40 [9713] 0+0: TMPFILE(setLastModified) = (12)
/etc/delegate/tmp/dg9713.2.1062607382
09/03 10:43:02.40 [9713] 0+0: >>>TMPFILE(setLastModified)>>>81a3098[12]
09/03 10:43:02.40 [9713] 0+0:
dirfopen(/etc/delegate/etc/params/ssl.domain.com:443,r): 81a3208 [13]
09/03 10:43:02.40 [9713] 0+0: DELEGATE_Modified[0]: 3f560ab3
09/03 10:43:02.40 [9713] 0+0: Accept-LOCK: 0
09/03 10:43:02.40 [9713] 0+0: --INITIALIZATION DONE: 8.6.5 on
Linux/2.4.19-4GB-SMP--
09/03 10:43:17.42 [9713] 0+0: AcceptByMain: TIMEOUT(children=0, timeout=15)



**********************************
The attempted authentication.
**********************************


09/03 11:01:32.23 [9777] 0+0: ## accept([8]:443)=14
09/03 11:01:32.23 [9778] 1+0: -- Fork(OnetimeServer): 9777 -> 9778
09/03 11:01:32.24 [9778] 1+0: -- SockHost: [192.168.100.4] ssl.domain.com:443
09/03 11:01:32.24 [9778] 1+0: *** gethostbyaddr(123.123.123.123):
some.client.com / 0.00 secs. has_alias:0
09/03 11:01:32.24 [9778] 1+0: HOSTS[4]=some.client.com/123.123.123.123
09/03 11:01:32.24 [9778] 1+0: SPECIALIST: https
09/03 11:01:32.24 [9778] 1+0: #### newRoute[USERIDENT] 0/16
09/03 11:01:32.24 [9778] 1+0: [0] USERIDENT=://:0-_-{}:{}
09/03 11:01:32.24 [9778] 1+0:
dirfopen(/etc/delegate/act/clients/00/123.123.123.123:some.client.com,r+):
0 [-1]
09/03 11:01:32.24 [9778] 1+0:
dirfopen(/etc/delegate/act/clients/00/123.123.123.123:some.client.com,w+):
8198b40 [8]
09/03 11:01:32.24 [9778] 1+0: (0) accepted [24]
-@[123.123.123.123]some.client.com:46793 (0.003s)(1)
09/03 11:01:32.24 [9778] 1+0:
dirfopen(/etc/delegate/adm/shutout/123.123.123.123,r): 0 [-1]
09/03 11:01:32.24 [9778] 1+0: KeepAlive[8] = 1
09/03 11:01:32.24 [9778] 1+0: execGeneralist->execSpecialist
09/03 11:01:32.24 [9779] 1+0: -- Fork(FCL): 9778 -> 9779
09/03 11:01:32.24 [9779] 1+0: #### execFilter[FCL]
[/etc/delegate/lib/sslway]sslway -cert ssl.domain.com.cer -key
ssl.domain.com.key -CAfile IPSCACLASEA1.crt
09/03 11:01:32.24 [9779] 1+0: #### [/etc/delegate/lib/sslway](7) sslway
-cert ssl.domain.com.cer -key ssl.doamin.com.key -CAfile IPSCACLASEA1.crt
09/03 11:01:32.24 [9779] 1+0: gethostbyname(-) unknown[0.00s]
09/03 11:01:32.24 [9778] 1+0: PATH:
https://-:443!ssl.domain.com:443!some.client.com:46793!anonymous@some.client.com;1062608492
09/03 11:01:32.24 [9779] 1+0: HOSTS[5]=-/
09/03 11:01:32.24 [9779] 1+0: FCL arg[0] sslway
09/03 11:01:32.24 [9779] 1+0: FCL arg[1] -cert
09/03 11:01:32.24 [9779] 1+0: FCL arg[2] ssl.domain.com.cer
09/03 11:01:32.24 [9779] 1+0: FCL arg[3] -key
09/03 11:01:32.24 [9779] 1+0: FCL arg[4] ssl.domain.com.key
09/03 11:01:32.24 [9779] 1+0: FCL arg[5] -CAfile
09/03 11:01:32.24 [9779] 1+0: FCL arg[6] IPSCACLASEA1.crt
09/03 11:01:32.61 [9778] 1+0: PollIn.POLLHUP (8) errno=0
09/03 11:01:32.61 [9778] 1+0: HTTP empty_request ? from some.client.com (1)
09/03 11:01:32.61 [9778] 1+0: LINGER: [8] 30 8{1,30}
09/03 11:01:32.61 [9778] 1+0:
dirfopen(/etc/delegate/act/clients/00/123.123.123.123:some.client.com,r+):
8199758 [8]
09/03 11:01:32.61 [9778] 1+0: disconnected [24]
-@[123.123.123.123]some.client.com:46793 (0.374s)(0)
09/03 11:01:32.61 [9778] 1+0: CFI process [9779] done (1/1 AFT-0)
some.client.com - - [03/Sep/2003:11:01:32 --700] "ERR
https://-/empty_request" 500 0 0*0.000+0.000:E:0-
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V