[ale] Apache secure server

[Dan Mount]

Yes, you can create your own certificate. The OpenSSL documentation explains
how to do this. Basically you are your own Root CA at that point. The users
browser will display a dialog telling them that the Root CA that generated
the certificate is untrusted, but Netscape and IE both give you the
opportunity to Install your Root Authority certificate into your browser's
trusted collection of certificates. If you want to keep your own certificate
and not get one from Verisign, or similar, you can have your users install
your Root cert into their browser and they won't see the dialog from that
point on.

This also extends to using client certificates for user validation. You'll
either have to pay Verisign, or generate them yourself. OpenSSL can handle
this for you too.

If you have a known user base and/or price/time is an issue, you can use
your own certificate (and be your own root authority) and have the same
encryption. You just won't have a company such as Verisign backing your
identity (Like you'd want for an e-commerce site).

I'd be happy to give more detailed info if anyone is in need... Lemmie
know...

-----Original Message-----
From: Wandered Inn [mailto:esoteric at denali.atlnet.com]
To: ale at ale.org
Sent: Tuesday, August 08, 2000 6:53 AM
Cc: ale at ale.org
Subject: Re: [ale] Apache secure server


Jeff Hubbs wrote:
>
> Gary -
>
> Is the Cobalt Qube an option?  IIRC, a "secure Apache" is already in
place.
>
> However, to get SSL going by any means, you have to go through Verisign to
> get a Certificate ID, either for the whole server or each individual
virtual
> site.  That takes a few days, worst case.

Not a lot of help here, but...

Quite a while ago, we were in the process of having to get a secure
server in place very quickly and the certificate was an issue as well.
Since this was on an Intranet we did not have large concerns regarding
obtaining a 'valid' certificate.  Point is, I had done some research,
which I never completed, but had found a number of references to
creating your own certificate.  Again, I never completed the research,
hence do not know if this can actually be done, but as I understand it,
what you end up with is a certificate certified by you.  When folks get
the certificate popup, it shows the info you've provided.

Maybe that's an option you can look into.  Most of the info I found on
this subject, at the time, I found on the netscape site.

Anyone knows this will not work, I'd be glad to hear about it, as I'll
be needing to go through a similar process in about 6 months.

>
> - Jeff
>
> > -----Original Message-----
> > From: Gary S. Mackay [mailto:Gary at edisoninfo.com]
> > Sent: Monday, August 07, 2000 5:02 PM
> > To: ale at ale.org
> > Subject: [ale] Apache secure server
> >
> >
> > What is the quickest/recommended way to get a secure server
> > online? I've
> > downloaded the tarballs etc. and have it somewhat running on
> > an in-house
> > server, but I'm running out of time. I have several clients
> > that want sites
> > on-line soon. Should I just go purchase the RedHat
> > Professional and be done
> > with it, or maybe some package of FreeBSD that includes the
> > apache/mysql/php
> > secure stuff? Please, I do not want a flame war about bsd vs
> > linux. I just
> > need a helping hand in getting this up and running. I'll keep
> > plugging away at
> > my compiled version as I get time. Right now, I don't have any.
> >
> > TIA,
> >  Gary
> >
> > --
> > Edison Information Technologies
> > P.O. Box 554
> > Milan, OH  44846-0554
> > 419.499.7040
> > www.EdisonInfo.com
> > Gary at EdisonInfo.com
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale"
> > in message body.
> >
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.