Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 1997 17:07:35 +0200 (SAT)
From:      Khetan Gajjar <khetan@chain.iafrica.com>
To:        "Richard Seaman, Jr." <lists@tar.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Apache with SSL or shttp
Message-ID:  <Pine.BSF.3.96.970610170301.1375X-100000@chain.iafrica.com>
In-Reply-To: <199706081949.OAA23580@ns.tar.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 8 Jun 1997, Richard Seaman, Jr. wrote:

>Try this patch (to 1.2 release -- should be the same for 1.2b11), plus
>all the other patches in SSLpatch except for those for http_main.c:

Thanks! With this patch, and Ben Laurie's apache_1.2b10+SSL patch,
I was able to install (successfully!).

Just one thing : how do I get M$ Explorer to read the ssl page without
bitching about no certificate ? I have them download a certificate,
but this is a hassle. Is the only solution to pay big $$ to
someone like Thawte ?

I'm including the instructions I sent to an internal mailing
list on how to set this darn thing up, as well as the locations
of the tarball's!

Once again, thanks.

---beginning of message---
>From khetan@chain.iafrica.com Tue Jun 10 17:02:55 1997
Date: Tue, 10 Jun 1997 16:51:45 +0200 (SAT)
From: Khetan Gajjar <khetan@chain.iafrica.com>
To: freebsd@os.org.za
Subject: Apache + SSL

Hi.

I've managed to build Apache with SSL.

I suggest you first install Apache 1.2.0
Then, build it and install it.
Then, make clean.
cd work
untar the apache_1.2.0+ssl.tar.gz file from ftp://chain.iafrica.com/pub
cd apache_1.2.0/src
mv httpsd /usr/local/sbin
then, cd /usr/local/etc/apache
mv and modify from the apache_1.2.0/SSLconf/httpd.conf-SSL to /
usr/local/etc/apache (remembering the different log files,
pid files and statusboard files)
create /usr/local/etc/rc.d/apache.ssl.sh, with the following contents
---apache.ssl.sh---
#!/bin/sh
[ -x /usr/local/sbin/httpsd ] && /usr/local/sbin/httpsd -f /usr/local/etc/apache/httpd.conf-SSL && echo -n ' httpd-ssl'
---apache.ssl.sh---
Symlink /usr/local/etc/apache/ /usr/local/etc/apache/conf
Run the shell script HowToMakeCertificate from chain's pub
That's it!

If M$ Explorer clients will be attempting to use the page,
they'll moan about lack of signed certificates. They can
go to http://servername/CA.crt to download the certificate.

Then, shut down explorer, reload it and hey presto, 
they'll be able to to https://servername/

I know there is a lot to be done by hand (about 10 lines),
but hey, it gives you apache+ssl.

Anyone out there know how to get M$ Explorer to accept the page
or to automatically download the certificate file ?

I know we had this problem on another machine, but "solved" it by buying
a thawte certificate. I don't have that kind of money :(
---end of message---

--- 
Khetan Gajjar                               | khetan@os.org.za
www.freebsd.os.org.za/~khetan/              | khetan@iafrica.com
PGP : finger khetan@chain.freebsd.os.org.za | I run FreeBSD - www.za.freebsd.org
UUNET Internet Africa Support               | 0800-030-002 & help@iafrica.com

He hadn't a single redeeming vice.
                -- Oscar Wilde





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970610170301.1375X-100000>