From owner-freebsd-questions@FreeBSD.ORG Fri Jun 8 02:17:50 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3A5416A400 for ; Fri, 8 Jun 2007 02:17:50 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id 2486813C483 for ; Fri, 8 Jun 2007 02:17:49 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id l582HleC013273 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 8 Jun 2007 09:17:47 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.13.3/8.12.11) id l582Hk1f088594; Fri, 8 Jun 2007 09:17:46 +0700 (ICT) Date: Fri, 8 Jun 2007 09:17:46 +0700 (ICT) Message-Id: <200706080217.l582Hk1f088594@banyan.cs.ait.ac.th> From: Olivier Nicole To: Patrick.Baldwin@studsvikscandpower.com In-reply-to: <46682C53.8060505@studsvikscandpower.com> (message from Patrick Baldwin on Thu, 07 Jun 2007 12:03:31 -0400) References: <46682C53.8060505@studsvikscandpower.com> X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Cc: freebsd-questions@freebsd.org Subject: Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 02:17:50 -0000 > Which seems to suggest that I'd need to have installed the apache > port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. Right. > So, do I need to remove the apache-1.3.37_3 package (presumably with > pkg_delete, as I think that's the cleanest way, please correct me if I'm You use the same/reverse way to remove that you use to install. > wrong), and re-install from the apache13-modssl port, or is there in > fact some way to just get mod_ssl and add to my existing Apache The you install apache-modssl from the ports. Of course you can install mod-ssl from the source by hand. > configuration? If both options are possible, is one better than the > other? I'd prefer not to have to re-do my apache install, but if > there's some compelling reason I should, I'm interested in knowing it. You would have to modify the httpd.conf to activate SSL anyway. Have you a lot of things in the config yet? > Also, when I've got it, I want users to have the option to use it, > not be forced to (tinkering with a Squirrelmail webmail server here), so > any information on that would be more than welcome. Any reason why you don't want to force your user to go SSL. They will be exchanging password over the network, better it is crypted, don't you think? If it is a matter of not purchasing a certificate, you can put up a page on the way to install the certificate once for all so the users are not requested again to accept the certificate. Usual configuration of Apache normally allows you to set-up two servers, one on port 80 that is not crypted and one on port 443 that is using SSL. Both services can share the same web pages, giving acces both with and without SSL. Bests, olivier