[Owasp-infrastructure] OCMS - current status as of 2011-05-09

Laurence Casey larry.casey at aspectsecurity.com
Tue May 10 09:41:56 EDT 2011

The certificate has been installed. All looks good.





From: owasp-infrastructure-bounces at lists.owasp.org
[mailto:owasp-infrastructure-bounces at lists.owasp.org] On Behalf Of Mark
Sent: Tuesday, May 10, 2011 8:30 AM
To: Matt Tesauro
Cc: owasp-infrastructure; Laurence Casey
Subject: Re: [Owasp-infrastructure] OCMS - current status as of



Good luck on your surgery!  Hope you get it all fixed up.

Just for everyone's SA, the application actually runs off the root
directory /events is just one of the modules (there is also
/registration, /accounts, /admin) with more modules planed for later in
development.  It appears however that Matt's mod-rewrite redirects for
all of these paths so we are good to go.

Larry, let me know when you get the wildcard cert in and I'll move the
production system over to the new site and redirect ocms.owasptools.org
-> ocms.owasp.org.


On Mon, May 9, 2011 at 11:28 PM, Matt Tesauro <matt.tesauro at owasp.org>

Larry & Mark, 


Here's what I've done this evening:

1.	Set the hostname to ocms.owasp.org permanently
2.	Moved /etc/apache2/conf.d/ocms.owasp.org to
/etc/apache2/sites-available so that our setup will follow Debian Apache
3.	Enabled SSL for ocms.owasp.org (using IP-based virtual host)

	1.	Moved configuration details of ocms.owasp.org to
ssl-ocms.owasp.org under /etc/apache2/sites-available
	2.	Enables ssl-ocms.owasp.org site ( with # a2ensite
	3.	Gutted ocms.owasp.org to only rewrite any request to SSL

4.	Setup an account for Larry to add the wildcard cert to the


*	Currently, the site uses a default self-signed certificate
*	All the Apache SSL configuration directives are in the file
*	Currently, no syntax errors exist in the Apache conf and no
warning are issued on a restart/reload
*	Mod_rewrite will forward requests with a path so
http://ocms.owasp.org/events will be redirected to
*	I will email Larry directly with his username.  I verified his
account has sudo privs.

I think that is it.


Reminder:  I'm having knee surgery tomorrow and will be out (for sure)
all day tomorrow and slowing getting back to normal-ish over the next



-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-infrastructure/attachments/20110510/82bb38c0/attachment.html 

More information about the Owasp-infrastructure mailing list