[Lilux-help] Workaround for Luxtrust issue on BCEE site

Hi, For those of you who don't want to wait until BCEE deploys the correct LuxTrust jars, here is a workaround. 1. In /etc/hosts, add the following line: 127.0.0.1 bcee.snet.lu 2. If not yet there, install Apache. 3. Create a file with the following contents in /etc/apache2/sites-available/bcee : <VirtualHost *:443> ServerName bcee.snet.lu SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key ProxyPreserveHost on ProxyPass /ssogate/LuxTrust_Gemalto_CryptoTI_Adapter_LIN32_1.4.jar ! ProxyPass / https://195.46.224.5/ Redirect /ssogate/LuxTrust_Gemalto_CryptoTI_Adapter_LIN32_1.4.jar https://managing.luxtrust.lu/applets/public/LuxTrust_Gemalto_CryptoTI_Adapt… </VirtualHost> For 64 bit, the redirect line should be as follows instead: Redirect /ssogate/LuxTrust_Gemalto_CryptoTI_Adapter_LIN32_1.4.jar https://managing.luxtrust.lu/applets/public/LuxTrust_Gemalto_CryptoTI_Adapt… (note: we're still redirecting LIN32 due to BCEE's other error...) The SSL certifcates in /etc/apache2/ssl/server.crt and server.key should exist (but don't need to be correct, just add them as exception into firefox when prompted). 4. Activate the site: a2ensite bcee service apache2 reload 5. Now, connect to SNET as usual, add the certificate to Apache as an exception when prompted, and off you go! A note of CAUTION: Apache doesn't check whether the certificate for 195.46.224.5 is authentic, theoretically making your connection to BCEE vulnerable to snooping. So don't use this if you don't trust your ISP, or any other ISP between you and BCEE. It is possible to secure the connection from your Apache proxy to BCEE using SSLProxyVerify on, but this is too complex to fit into this short note. In case of interest, please drop me a mail Regards, Alain