401 Unauthorized Error After adding certificate
-
Hi community,
I am getting a 401 Unauthorized error on my WordPress website, which worked fine before. I am integrating LDAP (freeIPA) with the WordPress website. The LDAP server is working fine; I already integrated it with servers, including the web server. I thought having a single-user directory would be a good idea, so I tried integrating it with the website. When type https with hostname/IP address it show “Red Hat Enterprise Linux Test Page (I am using RHEL9 Developer version).” But when using http a sign window popup and it never accept any credentials. When run “curl -I https://web.homelab.local” I get below 401 unauthorized error.
HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1When I check the error log I see below error message.
[Tue May 28 16:45:33.091143 2024] [auth_gssapi:error] [pid 367897:tid 368054] [client 192.168.1.22:56339] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!, referer: https://web.homelab.local/
[Tue May 28 16:45:49.837895 2024] [auth_gssapi:error] [pid 367897:tid 368057] [client 192.168.1.211:60322] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!Here are the steps I took to configure it.
- Installed “HTTP Authentication” plugin to the website.
- Installed packages on server such as mod_auth_gssapi. mod_ssl and php-ldap
- Generate http.ketab file from ldap server by running this command “ipa-getkeytab -s ipa.homelab.local -p HTTP/web.homelab.local -k /etc/httpd/conf.d/http.keytab”
- Copied the http.ketab to website server /etc/httpd/conf.d/ and changed owner user:root and group: apache.
- Generate an internal ssl certificate by running command “openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt.”
- Updated wordpress.conf file with below content
ServerAdmin [email protected] ServerName web.homelab.local ServerAlias www.web.homelab.local DocumentRoot /var/www/html/wordpress/ RewriteEngine On # Redirect to HTTPS RewriteCond %{SERVER_NAME} =web.homelab.local [OR] RewriteCond %{SERVER_NAME} =www.web.homelab.local RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] <Directory /var/www/html/wordpress/> Options -Indexes AllowOverride All Require all granted </Directory> ServerAdmin [email protected] ServerName web.homelab.local ServerAlias www.web.homelab.local SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key DocumentRoot /var/www/html/wordpress/ DirectoryIndex index.php <Directory /var/www/html/wordpress/> Options -Indexes AllowOverride All Require all granted </Directory> <Location "/"> AuthType GSSAPI AuthName "Kerberos Login" GssapiCredStore keytab:/etc/httpd/conf.d/http.keytab GssapiSSLonly On GssapiLocalName On Require valid-user </Location>7. Created .htaccess in the WordPress directory with the below content.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]8. Enabled (on) httpd_can_connect_ldap and httpd_mod_auth_pam from sebool
9. Restarted httpd service
I can’t figure it out. I appreciate if someone can help mw this.
Thank you
The page I need help with: [log in to see the link]
- The topic ‘401 Unauthorized Error After adding certificate’ is closed to new replies.