httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] setting SSL up on my local test server for development purposes
Date Tue, 03 Sep 2002 07:16:47 GMT
It's a little more complicated than flicking a switch, but not so hard either... Here are some
pointers to get you started (If you run into problems along the way, you might like to post
them on the mod_ssl list: http://www.modssl.org/support/).

(1) In order to do any SSL, you need the openSSL library functions. Install this (http://www.openssl.org/).

(2) Choose between ApacheSSL (a version of apache with SSL support hard-coded inside) and
mod_ssl (an apache module which can be statically linked or loaded at run-time). I use mod_ssl
so will describe it from now on:

(3) If you have never installed mod_ssl before, you have to re-compile apache. This is because
mod_ssl needs to extend the apache API so has to patch the apache source before compilation.
A side-effect of this is that all your current modules (assuming you're using any) will have
to be recompiled too to make sure they don't conflict with with the EAPI. This sounds bad
but actually it is no problem - 

	- unpack mod_ssl tarball
	- unpack apache tarball
	- configure mod_ssl (this patches apache too)
	- configure apache (with all your usual modules, plus mod_ssl)
	- compile apache & install

Full instructions are in the mod_ssl tarball and on the website. You can either statically
link mod_ssl (so it shows up on "httpd -l") or dynamically load it (you need to have mod_so).

(4) Make a self-signed certificate, following the mod_ssl instructions.

(5) Make an SSL VirtualHost. This is just a normal port-based VH, listening to port 443. It
takes some additional SSL directives (actually, the install process above creates a default
SSL VH in the httpd.conf.default file).

(6) Start the new apache with "apachectl startssl" and test it on port 443 with https://your-server/.

A couple of warnings:

 - You MUST recompile apache: mod_ssl can't be loaded with the standard API.
 - You NEED a certificate: this contains the public key which is essential to SSL startup
 - You CANNOT make SSL name-based virtual hosts: it's impossible.

Best of luck,

Owen Boyle


>-----Original Message-----
>From: Justin French [mailto:justin@indent.com.au]
>Sent: Dienstag, 3. September 2002 05:32
>To: apache
>Subject: [users@httpd] setting SSL up on my local test server for
>development purposes
>
>
>Hi all,
>
>I'm looking for a tutorial/article/advice on how to go about 
>setting up SSL
>on my local office development server (FreeBSD, Apache 1.3x, 
>PHP4, MySQL
>3.32).  I don't particularly want to get a certificate for 
>it... I just want
>to be able to test SSL and https:// stuff locally during 
>development THEN
>upload to the live server.
>
>Generally speaking, the server is very low traffic (me & one 
>other developer
>viewing it over the LAN, and occasionally a client looking at 
>it over the
>web).
>
>Is it just a case of "flicking a switch" in the httpd.conf and 
>restarting,
>or more complex?
>
>
>Thanks,
>
>Justin French
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message