secured-pages with apache?

tazmandevil

Registered
Hello :)

there are webpages, which allows/recommends "secure connections". (not just a login and password from the .htaccess file)... well i heared it should have to do something with "ssl" or port-mapping... but i'm not further informed about these things!

apple's buyers-pages, developer-pages, electronic payment par example... etc...

does anyone know, how i can realise this, with parts of my webpages on the apache on mac os x? (1.3.20 / 10.0.4) (i saw there a ssl_module hanging useless around and i have CGI and PHP installed, do i need them for too?) :)
 

tazmandevil

Registered
could it be, that it would work, if i simply would configure the apache httpd.conf file too use the port of ssl instead of :80, ???.....
 

Jadey

sosumi
You need to enable mod_ssl in Apache. It is available here:

http://www.modssl.org/

Then you need a cert. If you want to use something free, you can create your own, but this will create an alert on remote browsers. Eventually, you'll need a commercial cert from:

http://www.thawte.com <- cheaper
http://www.verisign.com <- exactly the same thing, but costs more

Create your own cert (or a commercial one) by following the instructions here:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC27

The port secure connections come over is 443, so you'll have to tell Apache to listen to the regular port (80, 8080 or whatever you use) and 443.
So in your httpd.conf file:

Listen *:80
Listen *:443

The rest of these instructions are some that were setup on linux. Yours may be different. mod_ssl will tell you what to do. Briefly: (all in httpd.conf)

You can enable SSL globally by entering:

SSLenbable

or disable it globally with SSLDisable and enable it in virtual hosts only.

You also need to point your SSLCertificateFile to your crt like this:
SSLCertificateFile /etc/httpd/conf/httpsd.crt

If your key isn't combined with the certificate, you also need to:
SSLCertificateKeyFile /etc/httpd/conf/httpsd.key

Set the client verification level:
SSLVerifyClient none

Create an ssl log file (optional)
SSLLogFile /var/log/httpd/sslstat_log


I'm sure there is more to add. Feel free to contibute instructions. Mine are based on Linux. Maybe I'll try it out in X this weekend :)
 
Top