httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin French <jus...@indent.com.au>
Subject Re: [users@httpd] setting SSL up on my local test server for development purposes
Date Tue, 03 Sep 2002 08:25:18 GMT
Many thanks!!

Is there any option for certificates other than the usual commercial ones @
$125-300/year?

Like I said, it's only for development/testing NOT for any real work, so I'm
keen to save $'s wherever possible :)


Justin


on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:

> It's a little more complicated than flicking a switch, but not so hard
> either... Here are some pointers to get you started (If you run into problems
> along the way, you might like to post them on the mod_ssl list:
> http://www.modssl.org/support/).
> 
> (1) In order to do any SSL, you need the openSSL library functions. Install
> this (http://www.openssl.org/).
> 
> (2) Choose between ApacheSSL (a version of apache with SSL support hard-coded
> inside) and mod_ssl (an apache module which can be statically linked or loaded
> at run-time). I use mod_ssl so will describe it from now on:
> 
> (3) If you have never installed mod_ssl before, you have to re-compile apache.
> This is because mod_ssl needs to extend the apache API so has to patch the
> apache source before compilation. A side-effect of this is that all your
> current modules (assuming you're using any) will have to be recompiled too to
> make sure they don't conflict with with the EAPI. This sounds bad but actually
> it is no problem -
> 
> - unpack mod_ssl tarball
> - unpack apache tarball
> - configure mod_ssl (this patches apache too)
> - configure apache (with all your usual modules, plus mod_ssl)
> - compile apache & install
> 
> Full instructions are in the mod_ssl tarball and on the website. You can
> either statically link mod_ssl (so it shows up on "httpd -l") or dynamically
> load it (you need to have mod_so).
> 
> (4) Make a self-signed certificate, following the mod_ssl instructions.
> 
> (5) Make an SSL VirtualHost. This is just a normal port-based VH, listening to
> port 443. It takes some additional SSL directives (actually, the install
> process above creates a default SSL VH in the httpd.conf.default file).
> 
> (6) Start the new apache with "apachectl startssl" and test it on port 443
> with https://your-server/.
> 
> A couple of warnings:
> 
> - You MUST recompile apache: mod_ssl can't be loaded with the standard API.
> - You NEED a certificate: this contains the public key which is essential to
> SSL startup
> - You CANNOT make SSL name-based virtual hosts: it's impossible.
> 
> Best of luck,
> 
> Owen Boyle
> 
> 
>> -----Original Message-----
>> From: Justin French [mailto:justin@indent.com.au]
>> Sent: Dienstag, 3. September 2002 05:32
>> To: apache
>> Subject: [users@httpd] setting SSL up on my local test server for
>> development purposes
>> 
>> 
>> Hi all,
>> 
>> I'm looking for a tutorial/article/advice on how to go about
>> setting up SSL
>> on my local office development server (FreeBSD, Apache 1.3x,
>> PHP4, MySQL
>> 3.32).  I don't particularly want to get a certificate for
>> it... I just want
>> to be able to test SSL and https:// stuff locally during
>> development THEN
>> upload to the live server.
>> 
>> Generally speaking, the server is very low traffic (me & one
>> other developer
>> viewing it over the LAN, and occasionally a client looking at
>> it over the
>> web).
>> 
>> Is it just a case of "flicking a switch" in the httpd.conf and
>> restarting,
>> or more complex?
>> 
>> 
>> Thanks,
>> 
>> Justin French
>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message