[svlug] Test for SSL on Apache?
Skip Evans
skip at bigskypenguin.com
Fri Jul 14 11:24:26 PDT 2006
Hi Rick & all,
I think you are right. I'm going to start over,
rebuild Apache with all the right stuff and be
sure I include everything needed. That will
probably be best.
And no, this is not a production machine,
thankfully. This is a development machine, and
this being Friday, the timing is good to do this
over the weekend anyway.
Thanks much for all the help.
Incidentally, I found O'Reilly's book "Network
Security with OpenSSL" on amazone.com for $14
bucks. A good one to read, eh?
Thanks!
Skip
Rick Moen wrote:
> Quoting Skip Evans (skip at bigskypenguin.com):
>
>
>>So, since I have mod_so.c, but not mod_ssl, do I
>>understand Michael correctly that I can compile
>>mod_ssl as a module and include it from httpd.conf?
>
>
> Just a thought: If you're finding yourself compiling mod_ssl from
> source (and if this isn't a distribution where you normally build
> _everything_ from source), then maybe you're solving the wrong problem?
>
> That is, part of the goal of distribution package maintainers is to make
> packaged software work relatively painlessly -- not to mention, over
> time, doing package maintenance and security patching that you'd
> otherwise have to do locally, on your own. Maybe you should start over,
> blow away the mess you have, put in the _distro packages_ for Apache
> {1.3.x|2.x}, OpenSSL, and mod_ssl, generate a cert[1], and just enable
> the latter in whatever's the appropriate Apache conffile for your
> distro's context.
>
> (And: If the machine you're attempting this on is a production server,
> for heaven's sake get the technique straight on a scratch host, first.)
>
> [1] See: "SSL Cert Self-signing" on http://linuxmafia.com/kb/Security/
>
--
Skip Evans
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
406-782-2240
More information about the Svlug
mailing list