httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject RE: [users@httpd] setting SSL up on my local test server for development purposes
Date Tue, 03 Sep 2002 09:57:32 GMT

Just a note for those on FreeBSD (such as the orginal quation was) - it is
also possible to do

	cd /usr/ports/www/apache-modssl
	make && make install

which allows you to do use the 'portupgrade' (see portupgrade or porteasy)
whenever there is a security patch or update.

Dw.

On Tue, 3 Sep 2002, Boyle Owen wrote:

> It's a little more complicated than flicking a switch, but not so hard
> either... Here are some pointers to get you started (If you run into
> problems along the way, you might like to post them on the mod_ssl list:
> http://www.modssl.org/support/).
>
> (1) In order to do any SSL, you need the openSSL library functions.
> Install this (http://www.openssl.org/).
>
> (2) Choose between ApacheSSL (a version of apache with SSL support
> hard-coded inside) and mod_ssl (an apache module which can be statically
> linked or loaded at run-time). I use mod_ssl so will describe it from
> now on:
>
> (3) If you have never installed mod_ssl before, you have to re-compile
> apache. This is because mod_ssl needs to extend the apache API so has to
> patch the apache source before compilation. A side-effect of this is
> that all your current modules (assuming you're using any) will have to
> be recompiled too to make sure they don't conflict with with the EAPI.
> This sounds bad but actually it is no problem -
>
> 	- unpack mod_ssl tarball
> 	- unpack apache tarball
> 	- configure mod_ssl (this patches apache too)
> 	- configure apache (with all your usual modules, plus mod_ssl)
> 	- compile apache & install
>
> Full instructions are in the mod_ssl tarball and on the website. You can
> either statically link mod_ssl (so it shows up on "httpd -l") or
> dynamically load it (you need to have mod_so).
>
> (4) Make a self-signed certificate, following the mod_ssl instructions.
>
> (5) Make an SSL VirtualHost. This is just a normal port-based VH,
> listening to port 443. It takes some additional SSL directives
> (actually, the install process above creates a default SSL VH in the
> httpd.conf.default file).
>
> (6) Start the new apache with "apachectl startssl" and test it on port
> 443 with https://your-server/.
>
> A couple of warnings:
>
>  - You MUST recompile apache: mod_ssl can't be loaded with the standard API.
>  - You NEED a certificate: this contains the public key which is essential to SSL startup
>  - You CANNOT make SSL name-based virtual hosts: it's impossible.
>
> Best of luck,
>
> Owen Boyle
>
>
> >-----Original Message-----
> >From: Justin French [mailto:justin@indent.com.au]
> >Sent: Dienstag, 3. September 2002 05:32
> >To: apache
> >Subject: [users@httpd] setting SSL up on my local test server for
> >development purposes
> >
> >
> >Hi all,
> >
> >I'm looking for a tutorial/article/advice on how to go about setting up
> >SSL on my local office development server (FreeBSD, Apache 1.3x, PHP4,
> >MySQL 3.32).  I don't particularly want to get a certificate for it...
> >I just want to be able to test SSL and https:// stuff locally during
> >development THEN upload to the live server.
> >
> >Generally speaking, the server is very low traffic (me & one
> >other developer
> >viewing it over the LAN, and occasionally a client looking at
> >it over the
> >web).
> >
> >Is it just a case of "flicking a switch" in the httpd.conf and
> >restarting,
> >or more complex?
> >
> >
> >Thanks,
> >
> >Justin French
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message