httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1806836 - in /httpd/httpd/trunk/docs/manual/howto: encrypt.html encrypt.html.en encrypt.xml.meta
Date Thu, 31 Aug 2017 18:32:04 GMT
Author: mrumph
Date: Thu Aug 31 18:32:04 2017
New Revision: 1806836

Adding generated files for encrypt.xml


Added: httpd/httpd/trunk/docs/manual/howto/encrypt.html
--- httpd/httpd/trunk/docs/manual/howto/encrypt.html (added)
+++ httpd/httpd/trunk/docs/manual/howto/encrypt.html Thu Aug 31 18:32:04 2017
@@ -0,0 +1,5 @@
+URI: encrypt.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1

Added: httpd/httpd/trunk/docs/manual/howto/encrypt.html.en
--- httpd/httpd/trunk/docs/manual/howto/encrypt.html.en (added)
+++ httpd/httpd/trunk/docs/manual/howto/encrypt.html.en Thu Aug 31 18:32:04 2017
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
+<html xmlns="" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+              This file is generated from xml source: DO NOT EDIT
+      -->
+<title>How to Encrypt Your Traffic - Apache HTTP Server Version 2.5</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main
stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all"
type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css"
/><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a>
| <a href="">FAQ</a> | <a href="../glossary.html">Glossary</a>
| <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.5</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif"
+<div id="path">
+<a href="">Apache</a> &gt; <a href="">HTTP
Server</a> &gt; <a href="">Documentation</a>
&gt; <a href="../">Version 2.5</a> &gt; <a href="./">How-To / Tutorials</a></div><div
id="page-content"><div id="preamble"><h1>How to Encrypt Your Traffic</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/howto/encrypt.html"
+    <p>This is the how to guide for making your Apache httpd use encryption to transfer
+    data between you and your visitors. Instead of http: links, your site will use
+    https: ones and, if everything is setup correctly, people visiting your site will
+    have their privacy better protected.
+    </p>
+    <p>
+    This How-To is intended for people that are not really into SSL/TLS and ciphers
+    and all this crypto techno-babble (We are joking, it's a serious field with
+    serious experts and real problems to solve - but it sounds like techno-babble to
+    anyone not intimate with it). People who have heard that their http: server is
+    not really secure enough nowadays. That spies and bad guys are listening. That even
+    legitimate corporations are inserting data into their web pages and selling 
+    profiles of visitors.
+    </p>
+    <p>
+    This guide wants to help you migrate your httpd server from serving insecure http: links
+    to encrypted https: ones, without you becoming a SSL expert first. You might get
+    fascinated by all this crypto things and study it more and become a real expert. But
+    you also might not, run a reasonably secure web server nevertheless and do other
+    things good for mankind with your time.
+    </p>
+    <p>
+    You will get a rough idea what roles these mysterious things called "certificate" and

+    "private key" play and how they are used to let your visitors be sure they are talking
+    to your server. You will <em>not</em> be told <em>how</em> this
works, just how it
+    is used: it's basically about passports.
+    </p>
+  </div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif"
/> <a href="#protocol">A short Introduction Certificates, e.g. Internet Passports</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#buycert">Buy a Certificate</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#freecert">Get a Free
+</ul><h3>See also</h3><ul class="seealso"><li><a href="../ssl/ssl_howto.html">SSL
How-To</a></li><li><a href="../mod/mod_ssl.html">mod_ssl</a></li><li><a
href="../mod/mod_md.html">mod_md</a></li><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
+<div class="section">
+<h2><a name="protocol" id="protocol">A short Introduction Certificates, e.g.
Internet Passports</a></h2>
+    <p>
+    The TLS protocol (formerly known as SSL) is a way a client and a server 
+    can talk to each other without anyone else listening, or better understanding
+    a thing. It is what your browser uses when you open a https: link. 
+    </p>
+    <p>
+    In addition to having a private conversation with a server, your browser also needs
+    to know that it really talks to the server - and not someone else acting like it. That,
+    next to the encryption, is the other part of the TLS protocol.
+    </p>
+    <p>
+    In order to do that, your server does not only need the software for TLS, e.g. the
+    <a href="../mod/mod_http2.html">mod_ssl</a> module, but some sort of identity
+    on the Internet. This is commonly referred to as a <em>certificate</em>.
Basically, everyone
+    has the same mod_ssl and can encrypt, but only your have <em>your</em> certificate
+    and with that, you are you.
+    </p>
+    <p>
+    A certificate is the digital equivalent of a passport. It contains two things: a stamp
+    of approval from the people issuing the passport and a reference to your digital
+    fingerprints, e.g. what is called a <em>private key</em> in encryption terms.
+    </p>
+    <p>
+    When you configure your Apache httpd for https: links, you need to give it the certificate
+    the private key. If you never give the key to anyone else, only you will be able to prove
+    to visitors that the certificate belongs to you. That way, a browser talking to your
+    server a second time will be sure that it is indeed the very same server it talked
+    to before.
+    </p>
+    <p>
+    But how does it know that it is the real server, the first time it starts talking to
+    someone? Here, the digital rubber stamping comes into play. The rubber stamp is done
+    by someone else, using her own private key. That person has also a certificate, e.g.
+    her own passport. The browser can make sure that this passport is based on the same
+    key that was used to rubber stamp your server passport. Now, instead of making sure
+    that your passport is correct, it must make sure that the passport of the person that

+    says <em>your</em> passport is correct, is correct. 
+    </p>
+    <p>
+    And that passport is also rubber stamped digitally, by someone else with a key and a

+    certificate. So the browser only needs to make sure that <em>that</em> one
is correct
+    that says it is correct to trust the one that says your server is correct. This trusting
+    game can go to a few or many levels (usually less than 5).
+    </p>
+    <p>
+    In the end, the browser will encounter a passport that is stamped by its own key. It's
+    a Gloria Gaynor certificate that says "I am what I am!". The browser then either trust
+    this Gloria or not. If not, your server is also not trusted. Otherwise, it is. Simple.

+    </p>
+    <p>
+    The trust check for the Gloria Gaynors of the Internet is easy: your browser (or your
+    operating system) comes with list of Gloria passports to trust, pre-installed. If it

+    sees a Gloria certificate, it is either in this list or not to be trusted.
+    </p>
+    <p>
+    This whole thing works as long as everyone keeps his private keys to himself. Anyone
+    such a key can impersonate the key owner. And if the owner can rubber stamp passports,
+    impersonator can also do that. And all the passports stamped by an impersonator, 
+    all those certificates will look 100% valid, indistinguishable from the "real" ones.
+    </p>
+    <p>
+    So, this trust model works, but it has its limits. That is why browser makers are so
+    on having the correct Gloria Gaynor lists and threaten to expel anyone from it that
+    is careless with her keys.
+    </p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
+<div class="section">
+<h2><a name="buycert" id="buycert">Buy a Certificate</a></h2>
+    <p>
+    Well, you can buy one. There are a lot of companies selling Internet Passports as a service.
+    <a href="">this
+    from Mozilla</a> you find all companies that the Firefox browser trusts. Pick one,
visit their
+    website and they will tell you what it costs. And how you need to prove that you are
+    you claim to be so they can rubber stamp your passport with confidence. 
+    </p>
+    <p>
+    They all have their own methods, also depending on what kind of passport you apply for,
+    it's probably some sort of click web interface in a browser. They may send you an email
+    you need to answer or do something else. In the end, they will show you how to generate
+    your own, unique private key and issue you a stamped passport matching it.
+    </p>
+    <p>
+    You then place the key in one file, the certificate in another. Put these on your server,
+    sure that only a trusted user can read the key file and add it to your httpd configuration.

+    This is extensively covered in the <a href="../ssl/ssl_howto.html">SSL How-To</a>.
+    </p>
+    <p>
+    </p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
+<div class="section">
+<h2><a name="freecert" id="freecert">Get a Free Certificate</a></h2>
+    <p>
+    There are also companies that offer certificates for web servers free of charge. The
+    in this is <a href="">Let's Encrypt</a> which is a
service of the
+    <a href="">Internet Security Research Group (ISRG)</a>, a not-for-profit
organization to 
+    "reduce financial, technological, and education barriers to secure communication over
+    Internet."
+    </p>
+    <p>
+    They not offer free certificates, they also developed a interface that can be used by
+    your Apache httpd to get one. This is where <a href="../mod/mod_md.html">mod_md</a>
+    comes in.
+    </p>
+    <p>
+    (zoom out the camera on how to configure mod_md and virtual host...)
+    </p>
+  </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/howto/encrypt.html"
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif"
alt="top" /></a></div><div class="section"><h2><a id="comments_section"
name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br
/>This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions
on improving the documentation or server, and may be removed again by our moderators if they
are either implemented or considered invalid/off-topic. Questions on how to manage the Apache
HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to
our <a href="">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = '';
+(function(w, d) {
+    if (w.location.hostname.toLowerCase() == "") {
+        d.write('<div id="comments_thread"><\/div>');
+        var s = d.createElement('script');
+        s.type = 'text/javascript';
+        s.async = true;
+        s.src = '' + comments_shortname
+ '&page=' + comments_identifier;
+        (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+    }
+    else {
+        d.write('<div id="comments_thread">Comments are disabled for this page at the
+    }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed
under the <a href="">Apache License, Version
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a>
| <a href="">FAQ</a> | <a href="../glossary.html">Glossary</a>
| <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+    prettyPrint();
\ No newline at end of file

Added: httpd/httpd/trunk/docs/manual/howto/encrypt.xml.meta
--- httpd/httpd/trunk/docs/manual/howto/encrypt.xml.meta (added)
+++ httpd/httpd/trunk/docs/manual/howto/encrypt.xml.meta Thu Aug 31 18:32:04 2017
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<metafile reference="encrypt.xml">
+  <basename>encrypt</basename>
+  <path>/howto/</path>
+  <relpath>..</relpath>
+  <variants>
+    <variant>en</variant>
+  </variants>

View raw message