Changing the Apache Configuration

Some SSL-enabled Apache packages ship with their own configuration files. Others use the regular Apache configuration file. Apache 2.0 systems tend to need only very minimal configuration file changes to support SSL. With these systems, you may only need to load the SSL module with a line like this:

LoadModule ssl_module /usr/lib/apache2-extramodules-2.0.44/mod_ssl.so

This example works on a Mandrake 9.1 system; it may need adjustments to the location of the SSL module on other systems. Once activated in this way, an Apache 2.0 system will respond to both ordinary HTTP and secure HTTP requests.

Apache 1.3 systems may require more configuration file changes. Some features you may need to adjust include:

Port This option, which has been replaced by Listen in Apache 2.0, binds the server to a particular port. The secure HTTP port is 443, and you may need to set this value with Apache 1.3 systems. Some secure Apache variants automatically bind to both the regular and the secure HTTP ports.

SSLEnable This directive takes no options. When it's present, it merely enables the server's SSL features. This option is required to use SSL in Apache 1.3, but it isn't recognized by Apache 2.0. Instead, Apache 2.0 supports the SSLEngine directive, which takes on or off values to enable or disable SSL.

SSLRequireSSL Ordinarily, Apache will deliver files to both ordinary HTTP and secure HTTP clients. Using this option tells Apache to deliver files only to clients that have made secure connections. This directive takes no value, and it is normally placed within a <Directory> directive block.

SSLCACertificatePath This directive points to the directory in which the SSL certificate resides, such as /etc/ssl/apache.

SSLCertificateFile This directive identifies the SSL certificate file, such as /etc/ssl/apache/server.crt.

Some of these directives may be used on Apache 2.0 systems, as well as on Apache 1.3 systems. The SSLRequireSSL directive is particularly noteworthy, because it can help keep your web server from inadvertently delivering sensitive data over an

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to regist* unencrypted link.

Team LiB

Team LiB

^ previous

0 0

Post a comment