Installing Secure Apache

Secure HTTP relies on an encryption protocol known as the Secure Sockets Layer (SSL). In order to implement SSL, your system needs an SSL library. In the past, SSLeay (http://www2.psy.uq.edu.au/~ftp/Crypto/ssleay/) was a common SSL library for Linux. Today, SSLeay has been largely superseded by OpenSSL (http://www.openssl.org), which is based in part on SSLeay. OpenSSL ships with many Linux distributions, so you can probably install it from your main installation medium. If you use SSLeay instead of OpenSSL, the following description will still be relevant.

In addition to SSL, you must install an SSL-enabled version of Apache or an SSL module for Apache. Two popular implementations are Apache-SSL (http://www.apache-ssl.org) and mod_ssl (http://www.modssl.org). The original mod_ssl works with Apache 1.3, but a variant for Apache 2.0 is documented at http://httpd.apache.org/docs-2.0/mod/mod ssl.html. Distributions that ship with Apache 2.0 often include this module as a separate package. In Mandrake 9.1, for instance, it's apache2-mod_ssl.

0 0

Post a comment