You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Boyle Owen <Ow...@swx.com> on 2002/09/03 10:39:09 UTC
RE: [users@httpd] setting SSL up on my local test server fordevelopment purposes
You make one yourself for free - this is called a self-signed certificate. This enables encryption but obviously doesn't provide authentication so users get browser alert. But this is fine for a demo or an environment where authentication is not required.
The instructions are in the distro..
>-----Original Message-----
>From: Justin French [mailto:justin@indent.com.au]
>Sent: Dienstag, 3. September 2002 10:25
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] setting SSL up on my local test server
>fordevelopment purposes
>
>
>Many thanks!!
>
>Is there any option for certificates other than the usual
>commercial ones @
>$125-300/year?
>
>Like I said, it's only for development/testing NOT for any
>real work, so I'm
>keen to save $'s wherever possible :)
>
>
>Justin
>
>
>on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:
>
>> It's a little more complicated than flicking a switch, but
>not so hard
>> either... Here are some pointers to get you started (If you
>run into problems
>> along the way, you might like to post them on the mod_ssl list:
>> http://www.modssl.org/support/).
>>
>> (1) In order to do any SSL, you need the openSSL library
>functions. Install
>> this (http://www.openssl.org/).
>>
>> (2) Choose between ApacheSSL (a version of apache with SSL
>support hard-coded
>> inside) and mod_ssl (an apache module which can be
>statically linked or loaded
>> at run-time). I use mod_ssl so will describe it from now on:
>>
>> (3) If you have never installed mod_ssl before, you have to
>re-compile apache.
>> This is because mod_ssl needs to extend the apache API so
>has to patch the
>> apache source before compilation. A side-effect of this is
>that all your
>> current modules (assuming you're using any) will have to be
>recompiled too to
>> make sure they don't conflict with with the EAPI. This
>sounds bad but actually
>> it is no problem -
>>
>> - unpack mod_ssl tarball
>> - unpack apache tarball
>> - configure mod_ssl (this patches apache too)
>> - configure apache (with all your usual modules, plus mod_ssl)
>> - compile apache & install
>>
>> Full instructions are in the mod_ssl tarball and on the
>website. You can
>> either statically link mod_ssl (so it shows up on "httpd
>-l") or dynamically
>> load it (you need to have mod_so).
>>
>> (4) Make a self-signed certificate, following the mod_ssl
>instructions.
>>
>> (5) Make an SSL VirtualHost. This is just a normal
>port-based VH, listening to
>> port 443. It takes some additional SSL directives (actually,
>the install
>> process above creates a default SSL VH in the
>httpd.conf.default file).
>>
>> (6) Start the new apache with "apachectl startssl" and test
>it on port 443
>> with https://your-server/.
>>
>> A couple of warnings:
>>
>> - You MUST recompile apache: mod_ssl can't be loaded with
>the standard API.
>> - You NEED a certificate: this contains the public key which
>is essential to
>> SSL startup
>> - You CANNOT make SSL name-based virtual hosts: it's impossible.
>>
>> Best of luck,
>>
>> Owen Boyle
>>
>>
>>> -----Original Message-----
>>> From: Justin French [mailto:justin@indent.com.au]
>>> Sent: Dienstag, 3. September 2002 05:32
>>> To: apache
>>> Subject: [users@httpd] setting SSL up on my local test server for
>>> development purposes
>>>
>>>
>>> Hi all,
>>>
>>> I'm looking for a tutorial/article/advice on how to go about
>>> setting up SSL
>>> on my local office development server (FreeBSD, Apache 1.3x,
>>> PHP4, MySQL
>>> 3.32). I don't particularly want to get a certificate for
>>> it... I just want
>>> to be able to test SSL and https:// stuff locally during
>>> development THEN
>>> upload to the live server.
>>>
>>> Generally speaking, the server is very low traffic (me & one
>>> other developer
>>> viewing it over the LAN, and occasionally a client looking at
>>> it over the
>>> web).
>>>
>>> Is it just a case of "flicking a switch" in the httpd.conf and
>>> restarting,
>>> or more complex?
>>>
>>>
>>> Thanks,
>>>
>>> Justin French
>>>
>>>
>>>
>---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP
>>> Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] setting SSL up on my local test server fordevelopment purposes
Posted by art <ar...@macnew.com>.
I seem to be posting this link about every 2 weeks or so... I am not
the author but I have not found a better "step by step" method of
installing what the original question asked...
http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/t1.html#INTRO
Thanks for all the good info from all the folks answering the hard
stuff...the least I could do is throw this out there every once in a
while... :)
Art MacNew
VelocityHosting.Com
-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Tuesday, September 03, 2002 4:39 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] setting SSL up on my local test server
fordevelopment purposes
You make one yourself for free - this is called a self-signed
certificate. This enables encryption but obviously doesn't provide
authentication so users get browser alert. But this is fine for a demo
or an environment where authentication is not required.
The instructions are in the distro..
>-----Original Message-----
>From: Justin French [mailto:justin@indent.com.au]
>Sent: Dienstag, 3. September 2002 10:25
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] setting SSL up on my local test server
>fordevelopment purposes
>
>
>Many thanks!!
>
>Is there any option for certificates other than the usual
>commercial ones @
>$125-300/year?
>
>Like I said, it's only for development/testing NOT for any
>real work, so I'm
>keen to save $'s wherever possible :)
>
>
>Justin
>
>
>on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:
>
>> It's a little more complicated than flicking a switch, but
>not so hard
>> either... Here are some pointers to get you started (If you
>run into problems
>> along the way, you might like to post them on the mod_ssl list:
>> http://www.modssl.org/support/).
>>
>> (1) In order to do any SSL, you need the openSSL library
>functions. Install
>> this (http://www.openssl.org/).
>>
>> (2) Choose between ApacheSSL (a version of apache with SSL
>support hard-coded
>> inside) and mod_ssl (an apache module which can be
>statically linked or loaded
>> at run-time). I use mod_ssl so will describe it from now on:
>>
>> (3) If you have never installed mod_ssl before, you have to
>re-compile apache.
>> This is because mod_ssl needs to extend the apache API so
>has to patch the
>> apache source before compilation. A side-effect of this is
>that all your
>> current modules (assuming you're using any) will have to be
>recompiled too to
>> make sure they don't conflict with with the EAPI. This
>sounds bad but actually
>> it is no problem -
>>
>> - unpack mod_ssl tarball
>> - unpack apache tarball
>> - configure mod_ssl (this patches apache too)
>> - configure apache (with all your usual modules, plus mod_ssl)
>> - compile apache & install
>>
>> Full instructions are in the mod_ssl tarball and on the
>website. You can
>> either statically link mod_ssl (so it shows up on "httpd
>-l") or dynamically
>> load it (you need to have mod_so).
>>
>> (4) Make a self-signed certificate, following the mod_ssl
>instructions.
>>
>> (5) Make an SSL VirtualHost. This is just a normal
>port-based VH, listening to
>> port 443. It takes some additional SSL directives (actually,
>the install
>> process above creates a default SSL VH in the
>httpd.conf.default file).
>>
>> (6) Start the new apache with "apachectl startssl" and test
>it on port 443
>> with https://your-server/.
>>
>> A couple of warnings:
>>
>> - You MUST recompile apache: mod_ssl can't be loaded with
>the standard API.
>> - You NEED a certificate: this contains the public key which
>is essential to
>> SSL startup
>> - You CANNOT make SSL name-based virtual hosts: it's impossible.
>>
>> Best of luck,
>>
>> Owen Boyle
>>
>>
>>> -----Original Message-----
>>> From: Justin French [mailto:justin@indent.com.au]
>>> Sent: Dienstag, 3. September 2002 05:32
>>> To: apache
>>> Subject: [users@httpd] setting SSL up on my local test server for
>>> development purposes
>>>
>>>
>>> Hi all,
>>>
>>> I'm looking for a tutorial/article/advice on how to go about setting
>>> up SSL on my local office development server (FreeBSD, Apache 1.3x,
>>> PHP4, MySQL
>>> 3.32). I don't particularly want to get a certificate for
>>> it... I just want
>>> to be able to test SSL and https:// stuff locally during
>>> development THEN
>>> upload to the live server.
>>>
>>> Generally speaking, the server is very low traffic (me & one other
>>> developer viewing it over the LAN, and occasionally a client looking
>>> at it over the
>>> web).
>>>
>>> Is it just a case of "flicking a switch" in the httpd.conf and
>>> restarting, or more complex?
>>>
>>>
>>> Thanks,
>>>
>>> Justin French
>>>
>>>
>>>
>---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project. See <URL:http://httpd.apache.org/userslist.html> for more
>>> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info. To
>> unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org