Apache and SSL

Posted By: Anandhan Subbiah  Published in General programming Concepts, Technical Articles

14

May

Why SSL ?

Protecting your web folders with Basic Authentication by using either htpasswd (using the filesystem to store username and password or mod_auth_mysql (using mysql to store username and password) increases security. But , this added layer of security provided by Basic Authentication can be overwhelmed easily by a serious hacker familiar with sniffing tools since  the username and password are actually transmitted unencrypted from the client to the server.

What is SSL ?

Secure Sockets Layer (SSL). SSL in Apache comes in the form of mod_ssl, an Apache module that SSL-enables a website that Apache controls, allowing any communication to and from Apache to be encrypted.

Where can I Find it ?

mod_ssl.so is the name of the library and it can be found in the modules directory of apache.

What else do I need ?

Before SSL will work, you need to have a server key and server certificate that will be used to encrypt transmitted data, and present the client/browser with an SSL certificate. You can create your own certificate for testing purposes but this will cause an warning in the broswer - “Your browser does not recognize the Certificate Authority that issued the site’s certificate.” You should get a certificate from a bona fide Certificate Authority (CA) for production systems.

How do I create my own certificate ?

openssl req -new > testcer.csr

Now you have two new files: privkey.pem, which is a private key used to sign the certificate, and testcert.csr, the certificate request. Now you have to remove the passphrase from the key created . If you don’t remove the passphrase, you must enter it every time Apache is started.

openssl rsa -in privkey.pem -out testcert.key

Now you have to modify the httpd.conf

<VirtualHost _default_:443>

  # Server Certificate:
  SSLCertificateFile /etc/apache/ssl.crt/testcert.crt

  # Server Private Key:
  SSLCertificateKeyFile /etc/apache/ssl.crt/testcert.key

  SSLEngine On

  DocumentRoot “/wwwssl” # Use the SSL directory you created earlier
  Servername www.example.com
  ServerAdmin youremail@example.com
</VirtualHost>

Related articles

No Response(s) To This Post
Subsribes to this topic Comment RSS or TrackBack URL

Leave A Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Inform me when someone post new message here

Please Note: Comments Moderation maybe active so there is no need to resubmit your comment

 

July 2008
M T W T F S S
« Jun    
 123456
78910111213
14151617181920
21222324252627
28293031  

FireStats

  • Pages displayed : 2602
  • Unique visitors : 1184
  • Pages displayed in last 24 hours : 37
  • Unique visitors in last 24 hours : 24
FireStats icon Powered by FireStats




Blogroll