From owner-freebsd-questions Fri Jun 6 12:02:56 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA05098 for questions-outgoing; Fri, 6 Jun 1997 12:02:56 -0700 (PDT) Received: from gratia.it.hq.nasa.gov (gratia.it.hq.nasa.gov [131.182.119.134]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA05092 for ; Fri, 6 Jun 1997 12:02:50 -0700 (PDT) Received: from localhost (cshenton@localhost) by gratia.it.hq.nasa.gov (8.7.5/8.7.3) with ESMTP id OAA11368; Fri, 6 Jun 1997 14:58:00 -0400 (EDT) Message-Id: <199706061858.OAA11368@gratia.it.hq.nasa.gov> X-Authentication-Warning: gratia.it.hq.nasa.gov: cshenton owned process doing -bs To: Nadav Eiron cc: questions@freebsd.org Subject: Re: Apache with SSL or shttp X-Mailer: Mew version 1.69 on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 06 Jun 1997 14:57:59 -0400 From: Chris Shenton Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk From: Nadav Eiron Well, I'm using Apache-SSL (ver. 1.1.1 of Apache and 0.6.4 of SSLeay BTW). It's not trivial to set up. It comes as a set of patches to the Apache source, but it works just fine (at least for me). It carries a BSD-style license, so you can pretty much do whatever you want with it (assuming you have no legal problems using SSLeay, I think you might in the U.S.). How did you deal with the Certification issue so that clients trust your server? That is, where did you get the certificate for the server, or do clients just get the banner "Hey, I don't know the CA who signed this server -- are you sure you want to trust it?" The other option is a commercial product called Stronghold that is based on Apache. For details see: http://www.c2.net/ I set this one up here (on Slowaris)-: because Verisign refuses to sell certificates for non-commercial servers. I haven't yet gotten client certificate based authentication working though ...