From owner-freebsd-questions@FreeBSD.ORG Mon Jun 11 16:16:09 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A29F316A41F for ; Mon, 11 Jun 2007 16:16:09 +0000 (UTC) (envelope-from Patrick.Baldwin@studsvik.com) Received: from bostonserver.studsvik-analytic.com (firewall.studsvik-analytic.com [155.212.59.75]) by mx1.freebsd.org (Postfix) with ESMTP id 46EB913C447 for ; Mon, 11 Jun 2007 16:16:09 +0000 (UTC) (envelope-from Patrick.Baldwin@studsvik.com) Received: from [127.0.0.1] (pc245.studsvik-analytic.com [192.168.169.245]) by bostonserver.studsvik-analytic.com (8.12.5/8.12.5) with ESMTP id l5BFuu2l023062 for ; Mon, 11 Jun 2007 11:56:57 -0400 (EDT) Message-ID: <466D7322.1080602@studsvik.com> Date: Mon, 11 Jun 2007 12:06:58 -0400 From: Patrick Baldwin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <46682C53.8060505@studsvikscandpower.com> <200706080217.l582Hk1f088594@banyan.cs.ait.ac.th> In-Reply-To: <200706080217.l582Hk1f088594@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean Subject: Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2007 16:16:09 -0000 Olivier Nicole wrote: [snip] >>configuration? If both options are possible, is one better than the >>other? I'd prefer not to have to re-do my apache install, but if >>there's some compelling reason I should, I'm interested in knowing it. > > > You would have to modify the httpd.conf to activate SSL anyway. > > Have you a lot of things in the config yet? Just what I needed to get our webmail server running. Initially tried Horde, but ended up running into some problems with that, now trying Squirrelmail. >>Also, when I've got it, I want users to have the option to use it, >>not be forced to (tinkering with a Squirrelmail webmail server here), so >>any information on that would be more than welcome. > > > Any reason why you don't want to force your user to go SSL. They will > be exchanging password over the network, better it is crypted, don't > you think? Yes, absolutely, that's why I want the option to use SSL. However, we have some users that travel a lot, and sometime they absolutely need to be able to get to their email. SSL introduces another layer of complexity, and thus possibility for failure, into checking their email. While I prefer the security of SSL, if it's a choice between no email access for our travellers and access without SSL, my boss has been pretty clear that access, however it's achieved, is the key issue. > If it is a matter of not purchasing a certificate, you can put up a > page on the way to install the certificate once for all so the users > are not requested again to accept the certificate. While that's not really the issue for me, I'm interested in this idea anyway, as it saves some money and keeps us a little more self sufficient. If you'd care to explain this in further detail, or just point me at a doc somewhere that does, it would be much appreciated. > Usual configuration of Apache normally allows you to set-up two > servers, one on port 80 that is not crypted and one on port 443 that > is using SSL. Both services can share the same web pages, giving acces > both with and without SSL. I guess now I need to hit Google and find out how to do this on FreeBSD, as it sounds just like what I want, thanks! Regards, -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455