9 |
################################################## |
################################################## |
10 |
# |
# |
11 |
# $Log$ |
# $Log$ |
12 |
|
# Revision 1.2 2003/01/22 18:37:22 jonen |
13 |
|
# + added docu and references |
14 |
|
# |
15 |
# Revision 1.1 2003/01/22 17:47:49 jonen |
# Revision 1.1 2003/01/22 17:47:49 jonen |
16 |
# + first init |
# + first init |
17 |
# |
# |
46 |
################# |
################# |
47 |
# Basics: |
# Basics: |
48 |
|
|
49 |
- add/uncomment: |
# add/uncomment: |
50 |
|
|
51 |
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so |
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so |
52 |
|
|
53 |
- add: |
# add: |
54 |
|
|
55 |
<IfDefine SSL> |
<IfDefine SSL> |
56 |
Listen 80 |
Listen 80 |
76 |
################# |
################# |
77 |
# Optional: |
# Optional: |
78 |
|
|
79 |
- example VirtualHost entry: |
# example VirtualHost entry: |
80 |
|
|
81 |
<VirtualHost your.domain.com:443> |
<VirtualHost your.domain.com:443> |
82 |
SSLEngine On |
SSLEngine On |
97 |
</VirtualHost> |
</VirtualHost> |
98 |
|
|
99 |
|
|
100 |
|
# gets SSLPassPhrase by file instead of promt for |
101 |
|
|
102 |
|
Every start of apache require to enter the password for the above generated SSL key. |
103 |
|
This can be annoying if you plan some automatic restart of apache. |
104 |
|
There is a way to automatically give the password to apache with the option: |
105 |
|
|
106 |
|
SSLPassPhraseDialog exec:/path/to/your_password_programm |
107 |
|
|
108 |
|
But it's upt to you to write the password programm, be careful!! |
109 |
|
Some times, it is easier to simply protect a non protected file, than writing a programm that gives a password!! |
110 |
|
Easiest way would be e.g. |
111 |
|
|
112 |
|
#-----------your_password_programm --------- |
113 |
|
#!/bin/sh |
114 |
|
echo <your passphrase> |
115 |
|
#------------------ end snip ---------------------- |
116 |
|
|
117 |
|
chmod 700 /path/to/your_password_programm |
118 |
|
chown www-data.www-data /path/to/your_password_programm |
119 |
|
|
120 |
|
|
121 |
|
But again, this would be very unsecure!!! |
122 |
|
|
123 |
|
|
124 |
|
|
125 |
|
|
126 |
################################################## |
################################################## |
127 |
# modify apache init script to start with ssl |
# modify apache init script to start with ssl |
176 |
Apache.org http://www.apache.org |
Apache.org http://www.apache.org |
177 |
|
|
178 |
modssl.org http://www.modssl.org |
modssl.org http://www.modssl.org |
179 |
|
|
180 |
|
Das SSL-Apache Handbuch http://www.dfn-pca.de/certify/ssl/handbuch/sslapache1_3/ssla13.html |
181 |
|
|