You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Justin French <ju...@indent.com.au> on 2002/09/03 10:25:18 UTC
Re: [users@httpd] setting SSL up on my local test server for
development purposes
Many thanks!!
Is there any option for certificates other than the usual commercial ones @
$125-300/year?
Like I said, it's only for development/testing NOT for any real work, so I'm
keen to save $'s wherever possible :)
Justin
on 03/09/02 5:16 PM, Boyle Owen (Owen.Boyle@swx.com) wrote:
> It's a little more complicated than flicking a switch, but not so hard
> either... Here are some pointers to get you started (If you run into problems
> along the way, you might like to post them on the mod_ssl list:
> http://www.modssl.org/support/).
>
> (1) In order to do any SSL, you need the openSSL library functions. Install
> this (http://www.openssl.org/).
>
> (2) Choose between ApacheSSL (a version of apache with SSL support hard-coded
> inside) and mod_ssl (an apache module which can be statically linked or loaded
> at run-time). I use mod_ssl so will describe it from now on:
>
> (3) If you have never installed mod_ssl before, you have to re-compile apache.
> This is because mod_ssl needs to extend the apache API so has to patch the
> apache source before compilation. A side-effect of this is that all your
> current modules (assuming you're using any) will have to be recompiled too to
> make sure they don't conflict with with the EAPI. This sounds bad but actually
> it is no problem -
>
> - unpack mod_ssl tarball
> - unpack apache tarball
> - configure mod_ssl (this patches apache too)
> - configure apache (with all your usual modules, plus mod_ssl)
> - compile apache & install
>
> Full instructions are in the mod_ssl tarball and on the website. You can
> either statically link mod_ssl (so it shows up on "httpd -l") or dynamically
> load it (you need to have mod_so).
>
> (4) Make a self-signed certificate, following the mod_ssl instructions.
>
> (5) Make an SSL VirtualHost. This is just a normal port-based VH, listening to
> port 443. It takes some additional SSL directives (actually, the install
> process above creates a default SSL VH in the httpd.conf.default file).
>
> (6) Start the new apache with "apachectl startssl" and test it on port 443
> with https://your-server/.
>
> A couple of warnings:
>
> - You MUST recompile apache: mod_ssl can't be loaded with the standard API.
> - You NEED a certificate: this contains the public key which is essential to
> SSL startup
> - You CANNOT make SSL name-based virtual hosts: it's impossible.
>
> Best of luck,
>
> Owen Boyle
>
>
>> -----Original Message-----
>> From: Justin French [mailto:justin@indent.com.au]
>> Sent: Dienstag, 3. September 2002 05:32
>> To: apache
>> Subject: [users@httpd] setting SSL up on my local test server for
>> development purposes
>>
>>
>> Hi all,
>>
>> I'm looking for a tutorial/article/advice on how to go about
>> setting up SSL
>> on my local office development server (FreeBSD, Apache 1.3x,
>> PHP4, MySQL
>> 3.32). I don't particularly want to get a certificate for
>> it... I just want
>> to be able to test SSL and https:// stuff locally during
>> development THEN
>> upload to the live server.
>>
>> Generally speaking, the server is very low traffic (me & one
>> other developer
>> viewing it over the LAN, and occasionally a client looking at
>> it over the
>> web).
>>
>> Is it just a case of "flicking a switch" in the httpd.conf and
>> restarting,
>> or more complex?
>>
>>
>> Thanks,
>>
>> Justin French
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org