we are running a few test systems in a configuration similar to yours but without http->https redirect, and these work fine. our setup is https into apache, terminated there and mod-proxied into the opmantek application as http; hence using the normal 04omk-proxy.conf and one trivial sslvhost.conf that just consists of the requestheader https setting.
i suspect that your redirect is causing problems for the communication between open-audit enterprise and open-audit itself, which is via http and controlled by the config option oae_server in conf/opCommon.nmis.
the default value for this is http://127.0.0.1/open-audit/, and would thus be covered by your redirect. i'd recommend experimenting without the redirect first (while observing apache's access logs); if that confirms the redirect as the problem, changing it to exclude /open-audit should help.
Thank you Alexander :) The redirect is the problem. I excluded /open-audit like so in /etc/conf/httpd.conf: <VirtualHost *:80> ServerName myserver RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/open-audit/ RewriteRule ^/(.*)$ https://myserver.domain/$1 [NC,R=301,L] </VirtualHost> Also added requestheader "https" to ssl vhost conf. Everything is working now, thanks.
Enabling https is done at the Apache level (Google is your friend). Unsure if the target machines would need to have the certificate 'trusted' if you're not using a cert authority issued certificate.
Apart from the trusted cert issue, if using Discovery from within Open-AudIT it should all "just work".
If running audit scripts directly, make sure you set the variable "url" to https://..... within the script (or on the command line).
Thanks Mark. I will try and report back If I encounter any issues. Just warten to Maker sure that there are no issues regarding discovery and audit scripts.
Sorry german T9 ;)
Please do let us know how it goes :-)
I have a basic SSL setup and redirect all http traffic to https like so:
/etc/httpd/conf/httpd.conf
...
<VirtualHost *:80>
ServerName myserver.domain
Redirect "/" "https://myserver.domain/"
</VirtualHost>
The redirect works but when I try to login to OAE I get the following error:
==> opDaemon.log <== [Thu Sep 17 12:37:30 2015] [error] malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "<!DOCTYPE HTML PUBLI...") at /</usr/local/omk/script/../lib/OaeController.pm.exe>Opmantek/OaeController.pm line 2179.
Login to Open-Audit Community works by the way.
I guess my problem it is related to the mod_proxy configuration in combination with the redirect rule. I have tried to add "RequestHeader set X-Forwarded-Proto "https"" to SSL VHOST configuration but without success.
Any help or hint would be apreciated
How would I enable https and are there any concerns/adjustments regarding the audit scripts?