Results 1 to 3 of 3

Thread: linux security with encryption

  1. #1

    linux security with encryption

    How we can enable apache with SSL support in the way we can host sites both with http and https prefix. Is it possible in the same ip in a name based virtual hosting.

  2. #2

    Re: linux security with encryption

    Quote Originally Posted by sadique
    How we can enable apache with SSL support in the way we can host sites both with http and https prefix. Is it possible in the same ip in a name based virtual hosting.

  3. #3
    Senior Member
    Join Date
    May 2004
    Location
    Pakistan
    Posts
    253

    Re:

    Dear sadique,
    Salam,

    Apache-SSL Guide

    "Apache-SSL is a secure Webserver, based on Apache and SSLeay/ OpenSSL. It is licensed under a BSD-style licence, which means, in short, that you are free to use it for commercial or non-commercial purposes (although you are advised to read the SSLeay Is this legal? FAQ before deploying a server), so long as you retain the copyright notices. This is the same licence as used by Apache from version 0.8.15."

    Apache-SSL has the same purpose of mod-ssl, however the configuration of apache-ssl tends to be alot harder. On the other hand an apache-ssl installation is more easily expandable than mod-ssl as for adding php,mysql, etc.

    First grab the Apache 1.3.12 source from http://www.apache.org/dist/, then get the apache_1.3.12+ssl patch from here (get the latest) and finally you will need openssl-0.9.5a which can be found at http://www.openssl.org/source/.

    Next you will need to move the apache and OpenSSL files into /usr/local and untar them by running the following commands:


    tar -zxvf openssl-0.9.5a.tar.gz

    tar -zxvf apache-1.3.12.tar.gz


    Now, Untar the ApacheSSL patch in the Apache source directory that was created when you untar'ed the files. (/usr/local/apache_1.3.12)

    Move into the the apache src directory (/usr/local/apache_1.3.12) and execute the apachessl patch script by running:


    cd /usr/local/apache_1.3.12

    ./Fixpatch


    Configure and compile apache as you normally would and make a test certificate.


    ./configure --prefix=/usr/local/apachessl --enable-shared-max

    make

    cd src

    make certificate (follow prompts from here)

    make install


    Now you need to copy a few files:

    Cd to /usr/local/apache_1.3.12 and copy the directory "src" to /usr/local/apachessl

    Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpd.conf to /usr/local/apachessl/conf/httpsd.conf

    Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpsd.pem" to /usr/local/apachessl/conf/httpsd.pem

    Edit /usr/local/apachessl/conf/httpsd.conf (get conformable this is gonna take a while)

    Change the following to match your box:

    -User root to User nobody (it's bad for apache to run as root)
    -Group root to Group nobody
    -Uncomment the LoadModules and change there paths to match your box
    -Ca list sending is uncommented for testing purposes only, comment once your server is a production box
    -Comment SSLRandomFile /dev/urandom 1024

    -Look for a batch of lines that read

    Port 8888
    Listen 8887
    Listen 888*

    Change this to:

    Port 443
    Listen 443
    #Listen80 (use only if you want to run a ssl/non ssl server)

    -DocumentRoot /usr/local/apachessl/htdocs
    -SSLCacheServer path to match /usr/local/apachessl/src/modules/ssl/gcache
    -SSLCACertificatePath to match the path to your certificates.
    -SSLCertificateFile
    Apache-ssl doesn't support Custom log, nor transfer log so you must disable them. If you want to log you must use "SSLLogFile /logfilepath"
    -Comment out CustomLog (put a hashmark - # infront of the line)
    -Comment out TransferLog

    To start/stop apache-ssl run the following:

    /usr/local/apachessl/bin/httpsdctl start

    to stop it run:

    /usr/local/apachessl/bin/httpsdctl stop

    Notes:
    Make certificate is just a test thing refer to the mod_ssl guide on how to make your certicates and keys.

    When starting apache for the first time, you should tail /usr/local/apachessl/logs/error_log and httpsd_error_log to see if there are any errors.

    Having trouble? Got questions? Require further assistance? If so please feel free to contact me !!

    Best Regards.
    Frrkh hmd

Similar Threads

  1. How to remove the encryption in windows XP Folder/
    By asiaenforcer in forum Windows - General Topics
    Replies: 1
    Last Post: 08-03-2006, 02:27 AM
  2. Slackware 10.2 and Disk Encryption
    By vwgtiturbo in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 04-26-2006, 04:01 AM
  3. WiFI WEP encryption conundrum
    By jro in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 06-20-2005, 05:13 PM
  4. Flaw found in Office encryption
    By genesis in forum Windows - General Topics
    Replies: 1
    Last Post: 01-21-2005, 06:41 AM
  5. file encryption on linux
    By gsanand in forum Linux - General Topics
    Replies: 3
    Last Post: 12-16-2002, 11:14 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •