httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "art" <...@macnew.com>
Subject RE: [users@httpd] setting SSL up on my local test server fordevelopment purposes
Date Sun, 08 Sep 2002 00:06:48 GMT
I seem to be posting this link about every 2 weeks or so...  I am not
the author but I have not found a better "step by step" method of
installing what the original question asked...  

http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/t1.html#INTRO


Thanks for all the good info from all the folks answering the hard
stuff...the least I could do is throw this out there every once in a
while...   :)


Art MacNew
VelocityHosting.Com



-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: Tuesday, September 03, 2002 4:39 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] setting SSL up on my local test server
fordevelopment purposes


You make one yourself for free - this is called a self-signed
certificate. This enables encryption but obviously doesn't provide
authentication so users get browser alert. But this is fine for a demo
or an environment where authentication is not required.

The instructions are in the distro..

>-----Original Message-----
>From: Justin French [mailto:justin@indent.com.au]
>Sent: Dienstag, 3. September 2002 10:25
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] setting SSL up on my local test server 
>fordevelopment purposes
>
>
>Many thanks!!
>
>Is there any option for certificates other than the usual
>commercial ones @
>$125-300/year?
>
>Like I said, it's only for development/testing NOT for any
>real work, so I'm
>keen to save $'s wherever possible :)
>
>
>Justin
>
>
>on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:
>
>> It's a little more complicated than flicking a switch, but
>not so hard
>> either... Here are some pointers to get you started (If you
>run into problems
>> along the way, you might like to post them on the mod_ssl list: 
>> http://www.modssl.org/support/).
>> 
>> (1) In order to do any SSL, you need the openSSL library
>functions. Install
>> this (http://www.openssl.org/).
>> 
>> (2) Choose between ApacheSSL (a version of apache with SSL
>support hard-coded
>> inside) and mod_ssl (an apache module which can be
>statically linked or loaded
>> at run-time). I use mod_ssl so will describe it from now on:
>> 
>> (3) If you have never installed mod_ssl before, you have to
>re-compile apache.
>> This is because mod_ssl needs to extend the apache API so
>has to patch the
>> apache source before compilation. A side-effect of this is
>that all your
>> current modules (assuming you're using any) will have to be
>recompiled too to
>> make sure they don't conflict with with the EAPI. This
>sounds bad but actually
>> it is no problem -
>> 
>> - unpack mod_ssl tarball
>> - unpack apache tarball
>> - configure mod_ssl (this patches apache too)
>> - configure apache (with all your usual modules, plus mod_ssl)
>> - compile apache & install
>> 
>> Full instructions are in the mod_ssl tarball and on the
>website. You can
>> either statically link mod_ssl (so it shows up on "httpd
>-l") or dynamically
>> load it (you need to have mod_so).
>> 
>> (4) Make a self-signed certificate, following the mod_ssl
>instructions.
>> 
>> (5) Make an SSL VirtualHost. This is just a normal
>port-based VH, listening to
>> port 443. It takes some additional SSL directives (actually,
>the install
>> process above creates a default SSL VH in the
>httpd.conf.default file).
>> 
>> (6) Start the new apache with "apachectl startssl" and test
>it on port 443
>> with https://your-server/.
>> 
>> A couple of warnings:
>> 
>> - You MUST recompile apache: mod_ssl can't be loaded with
>the standard API.
>> - You NEED a certificate: this contains the public key which
>is essential to
>> SSL startup
>> - You CANNOT make SSL name-based virtual hosts: it's impossible.
>> 
>> Best of luck,
>> 
>> Owen Boyle
>> 
>> 
>>> -----Original Message-----
>>> From: Justin French [mailto:justin@indent.com.au]
>>> Sent: Dienstag, 3. September 2002 05:32
>>> To: apache
>>> Subject: [users@httpd] setting SSL up on my local test server for 
>>> development purposes
>>> 
>>> 
>>> Hi all,
>>> 
>>> I'm looking for a tutorial/article/advice on how to go about setting

>>> up SSL on my local office development server (FreeBSD, Apache 1.3x,
>>> PHP4, MySQL
>>> 3.32).  I don't particularly want to get a certificate for
>>> it... I just want
>>> to be able to test SSL and https:// stuff locally during
>>> development THEN
>>> upload to the live server.
>>> 
>>> Generally speaking, the server is very low traffic (me & one other 
>>> developer viewing it over the LAN, and occasionally a client looking

>>> at it over the
>>> web).
>>> 
>>> Is it just a case of "flicking a switch" in the httpd.conf and 
>>> restarting, or more complex?
>>> 
>>> 
>>> Thanks,
>>> 
>>> Justin French
>>> 
>>> 
>>> 
>---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project. See <URL:http://httpd.apache.org/userslist.html> for more 
>>> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> 
>>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info. To 
>> unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message