From owner-freebsd-questions Tue Jun 10 08:08:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA09784 for questions-outgoing; Tue, 10 Jun 1997 08:08:04 -0700 (PDT) Received: from chain.iafrica.com (SaZYw3W+IvrpPLFEKxMzuviz397oJHpo@chain.iafrica.com [196.31.1.66]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA09766 for ; Tue, 10 Jun 1997 08:07:57 -0700 (PDT) Received: from localhost (khetan@localhost) by chain.iafrica.com (8.8.5/8.8.5) with SMTP id RAA20818; Tue, 10 Jun 1997 17:07:35 +0200 (SAT) Date: Tue, 10 Jun 1997 17:07:35 +0200 (SAT) From: Khetan Gajjar Reply-To: Khetan Gajjar To: "Richard Seaman, Jr." cc: "freebsd-questions@freebsd.org" Subject: Re: Apache with SSL or shttp In-Reply-To: <199706081949.OAA23580@ns.tar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 8 Jun 1997, Richard Seaman, Jr. wrote: >Try this patch (to 1.2 release -- should be the same for 1.2b11), plus >all the other patches in SSLpatch except for those for http_main.c: Thanks! With this patch, and Ben Laurie's apache_1.2b10+SSL patch, I was able to install (successfully!). Just one thing : how do I get M$ Explorer to read the ssl page without bitching about no certificate ? I have them download a certificate, but this is a hassle. Is the only solution to pay big $$ to someone like Thawte ? I'm including the instructions I sent to an internal mailing list on how to set this darn thing up, as well as the locations of the tarball's! Once again, thanks. ---beginning of message--- >From khetan@chain.iafrica.com Tue Jun 10 17:02:55 1997 Date: Tue, 10 Jun 1997 16:51:45 +0200 (SAT) From: Khetan Gajjar To: freebsd@os.org.za Subject: Apache + SSL Hi. I've managed to build Apache with SSL. I suggest you first install Apache 1.2.0 Then, build it and install it. Then, make clean. cd work untar the apache_1.2.0+ssl.tar.gz file from ftp://chain.iafrica.com/pub cd apache_1.2.0/src mv httpsd /usr/local/sbin then, cd /usr/local/etc/apache mv and modify from the apache_1.2.0/SSLconf/httpd.conf-SSL to / usr/local/etc/apache (remembering the different log files, pid files and statusboard files) create /usr/local/etc/rc.d/apache.ssl.sh, with the following contents ---apache.ssl.sh--- #!/bin/sh [ -x /usr/local/sbin/httpsd ] && /usr/local/sbin/httpsd -f /usr/local/etc/apache/httpd.conf-SSL && echo -n ' httpd-ssl' ---apache.ssl.sh--- Symlink /usr/local/etc/apache/ /usr/local/etc/apache/conf Run the shell script HowToMakeCertificate from chain's pub That's it! If M$ Explorer clients will be attempting to use the page, they'll moan about lack of signed certificates. They can go to http://servername/CA.crt to download the certificate. Then, shut down explorer, reload it and hey presto, they'll be able to to https://servername/ I know there is a lot to be done by hand (about 10 lines), but hey, it gives you apache+ssl. Anyone out there know how to get M$ Explorer to accept the page or to automatically download the certificate file ? I know we had this problem on another machine, but "solved" it by buying a thawte certificate. I don't have that kind of money :( ---end of message--- --- Khetan Gajjar | khetan@os.org.za www.freebsd.os.org.za/~khetan/ | khetan@iafrica.com PGP : finger khetan@chain.freebsd.os.org.za | I run FreeBSD - www.za.freebsd.org UUNET Internet Africa Support | 0800-030-002 & help@iafrica.com He hadn't a single redeeming vice. -- Oscar Wilde