httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nigel Peck - MIS Web Design" <ni...@miswebdesign.com>
Subject RE: [users@httpd] New to SSL
Date Tue, 20 May 2003 15:52:44 GMT
> >I'm running Apache 1.3.27 on Redhat 7.3. It's a live and busy
> >web server so
> >it can't go down (not for long anyway). I need to add SSL and
> >I need to get it right first time.
>
> Oh dear...

:) yep.

> ....
> You also need certificates. You can generate self-signed certs to get
> the thing working but if you want to do real e-business on the web, you
> need certs signed by a professional certificate authority. These cost
> Real Money and are a bit laborious in terms of bureaucracy.

A minor point that I'd overlooked until just now :). I need to support SSL
on a number of (customer) domains:

What's the best way to achieve this?
Do they all need their own certificate?
What's the best authority to use?
How come http://www.instantssl.com/ is so much cheaper than thawte and
verisign?

(Sorry for so many questions)

> On the plus side, both approaches are well-documented on the websites
> and in the INSTALL files which come with the distros. If you kept your
> notes from the last time you installed/upgraded apache, you should have
> no trouble folding in mod_ssl (you did keep your notes, didn't you?). It
> also helps if your apache has as few bells and whistles as possible - if
> you have PHP, MySQL and FrontPage to contend with at the same time,
> things will get interesting.

Unfortunately apache was installed by the company that provided the server
(I've done it before just not this one) Any issues with just grabbing a tar
of the same version and using that to build from?

Erm, yer, my notes.......what are notes again?

> I'd set aside a quiet week or so to get things running...

That would be in the same place as the notes :)

> >Is it possible to install a second copy of Apache to do the
> >SSL stuff and
> >therefore leave my working HTTP server alone? Is this a good idea?
>
> This is an interesting idea - you mean run a 2nd instance of apache
> which just listens on port 443? This would certainly work. You'd have to
> stop and start two apaches instead of one but otherwise, I can't see any
> problems with it.

I think that's what I'll do then, no need to worry about breaking anyone's
hosting and having to hand out refunds!

How do I stop the second instance from listening on 80?

Am I right in saying that if an Apache server has SSL installed then
"./httpd -V" would show up HAVE_SSL? (It doesn't)

Thanks for the response,
Nigel

MIS Web Design
http://www.miswebdesign.com/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message