Setting up CentOS 7 Apache to redirect proxy back to Exchange 2013

steve.ling · May 13, 2016, 7:43pm

First you will need to get a cert request ready

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Next once you have your supplier’s cert you will need to rename and move them to the the correct folders

mv ca.csr /etc/pki/tls/certs/ca.csr
mv ca.crt /etc/pki/tls/certs/ca.crt
mv ca.key /etc/pki/tls/private/ca.key
mv ca.ca-bundle /etc/pki/tls/certs/ca.ca-bundle

Then you will need to modify the following file

vi /etc/httpd/conf.d/ssl.conf

And modify this info in this block

Server Certificate:

Point SSLCertificateFile at a PEM encoded certificate. If

the certificate is encrypted, then you will be prompted for a

pass phrase. Note that a kill -HUP will prompt again. A new

certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Server Private Key:

If the key is not combined with the certificate, use this

directive to point at the key file. Keep in mind that if

you’ve both a RSA and a DSA private key you can configure

both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Server Certificate Chain:

Point SSLCertificateChainFile at a file containing the

concatenation of PEM encoded CA certificates which form the

certificate chain for the server certificate. Alternatively

the referenced file can be the same as SSLCertificateFile

when the CA certificates are directly appended to the server

certificate for convinience.

SSLCertificateChainFile /etc/pki/tls/certs/ca.ca-bundle

Then you will need to got to the bottom of the file and add this under the following line, this will shows a redirect / proxy back to Exchange and also having two secure website running on Apache.

<VirtualHost *:443>    ServerAdmin webmaster@domain1.com
    ServerName mailserver.domain.com
    ProxyPreserveHost On
    ProxyVia Full
    RequestHeader edit Transfer-Encoding Chunked chunked early
    RequestHeader unset Accept-Encoding
    ProxyRequests Off
    SSLEngine On
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off


    # Certificate stuff goes here...
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    SSLCertificateChainFile /etc/pki/tls/certs/ca.ca-bundle
    SSLProxyCheckPeerExpire off


    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite +EDH:HIGH:!LOW:!ADH:-MEDIUM:RC4+SHA


    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    <Location /owa>
        ProxyPass https://mailserver.domain.com/owa
        ProxyPassReverse https://mailserver.domain.com/owa
        SSLRequireSSL
    </Location>


    <Location /Microsoft-Server-ActiveSync>
        ProxyPass https://mailserver.domain.com/Microsoft-Server-ActiveSync
        ProxyPassReverse https://mailserver.domain.com/Microsoft-Server-ActiveSync
        SSLRequireSSL
    </Location>


    <Location /rpc>
        ProxyPass https://mailserver.domain.com/rpc
        ProxyPassReverse https://mailserver.domain.com/rpc
        SSLRequireSSL
    </Location>


    <Location /Rpc>
        ProxyPass https://mailserver.domain.com/Rpc
        ProxyPassReverse https://mailserver.domain.com/Rpc
        SSLRequireSSL
    </Location>


    <Location /ecp>
        ProxyPass https://mailserver.domain.com/ecp
        ProxyPassReverse https://mailserver.domain.com/ecp
        SSLRequireSSL
    </Location>


    <Location /Ecp>
        ProxyPass https://mailserver.domain.com/Ecp
        ProxyPassReverse https://mailserver.domain.com/Ecp
        SSLRequireSSL
    </Location>


</VirtualHost>


<VirtualHost *:443>
DocumentRoot /var/www/html/domain1/
ServerName domain1.com
ServerAlias www.domain1.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLCertificateChainFile /etc/pki/tls/certs/ca.ca-bundle
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


<VirtualHost *:443>
DocumentRoot /var/www/html/hdr/
ServerName domain2.com
ServerAlias www.domain2.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLCertificateChainFile /etc/pki/tls/certs/ca.ca-bundle
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

some of the info above was provided by click here

Hope this was helpful!