httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] setting SSL up on my local test server fordevelopment purposes
Date Tue, 03 Sep 2002 08:39:09 GMT
You make one yourself for free - this is called a self-signed certificate. This enables encryption
but obviously doesn't provide authentication so users get browser alert. But this is fine
for a demo or an environment where authentication is not required.

The instructions are in the distro..

>-----Original Message-----
>From: Justin French [mailto:justin@indent.com.au]
>Sent: Dienstag, 3. September 2002 10:25
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] setting SSL up on my local test server
>fordevelopment purposes
>
>
>Many thanks!!
>
>Is there any option for certificates other than the usual 
>commercial ones @
>$125-300/year?
>
>Like I said, it's only for development/testing NOT for any 
>real work, so I'm
>keen to save $'s wherever possible :)
>
>
>Justin
>
>
>on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:
>
>> It's a little more complicated than flicking a switch, but 
>not so hard
>> either... Here are some pointers to get you started (If you 
>run into problems
>> along the way, you might like to post them on the mod_ssl list:
>> http://www.modssl.org/support/).
>> 
>> (1) In order to do any SSL, you need the openSSL library 
>functions. Install
>> this (http://www.openssl.org/).
>> 
>> (2) Choose between ApacheSSL (a version of apache with SSL 
>support hard-coded
>> inside) and mod_ssl (an apache module which can be 
>statically linked or loaded
>> at run-time). I use mod_ssl so will describe it from now on:
>> 
>> (3) If you have never installed mod_ssl before, you have to 
>re-compile apache.
>> This is because mod_ssl needs to extend the apache API so 
>has to patch the
>> apache source before compilation. A side-effect of this is 
>that all your
>> current modules (assuming you're using any) will have to be 
>recompiled too to
>> make sure they don't conflict with with the EAPI. This 
>sounds bad but actually
>> it is no problem -
>> 
>> - unpack mod_ssl tarball
>> - unpack apache tarball
>> - configure mod_ssl (this patches apache too)
>> - configure apache (with all your usual modules, plus mod_ssl)
>> - compile apache & install
>> 
>> Full instructions are in the mod_ssl tarball and on the 
>website. You can
>> either statically link mod_ssl (so it shows up on "httpd 
>-l") or dynamically
>> load it (you need to have mod_so).
>> 
>> (4) Make a self-signed certificate, following the mod_ssl 
>instructions.
>> 
>> (5) Make an SSL VirtualHost. This is just a normal 
>port-based VH, listening to
>> port 443. It takes some additional SSL directives (actually, 
>the install
>> process above creates a default SSL VH in the 
>httpd.conf.default file).
>> 
>> (6) Start the new apache with "apachectl startssl" and test 
>it on port 443
>> with https://your-server/.
>> 
>> A couple of warnings:
>> 
>> - You MUST recompile apache: mod_ssl can't be loaded with 
>the standard API.
>> - You NEED a certificate: this contains the public key which 
>is essential to
>> SSL startup
>> - You CANNOT make SSL name-based virtual hosts: it's impossible.
>> 
>> Best of luck,
>> 
>> Owen Boyle
>> 
>> 
>>> -----Original Message-----
>>> From: Justin French [mailto:justin@indent.com.au]
>>> Sent: Dienstag, 3. September 2002 05:32
>>> To: apache
>>> Subject: [users@httpd] setting SSL up on my local test server for
>>> development purposes
>>> 
>>> 
>>> Hi all,
>>> 
>>> I'm looking for a tutorial/article/advice on how to go about
>>> setting up SSL
>>> on my local office development server (FreeBSD, Apache 1.3x,
>>> PHP4, MySQL
>>> 3.32).  I don't particularly want to get a certificate for
>>> it... I just want
>>> to be able to test SSL and https:// stuff locally during
>>> development THEN
>>> upload to the live server.
>>> 
>>> Generally speaking, the server is very low traffic (me & one
>>> other developer
>>> viewing it over the LAN, and occasionally a client looking at
>>> it over the
>>> web).
>>> 
>>> Is it just a case of "flicking a switch" in the httpd.conf and
>>> restarting,
>>> or more complex?
>>> 
>>> 
>>> Thanks,
>>> 
>>> Justin French
>>> 
>>> 
>>> 
>---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP
>>> Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> 
>>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message