Date: Tue, 10 Jun 1997 17:07:35 +0200 (SAT) From: Khetan Gajjar <khetan@chain.iafrica.com> To: "Richard Seaman, Jr." <lists@tar.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Apache with SSL or shttp Message-ID: <Pine.BSF.3.96.970610170301.1375X-100000@chain.iafrica.com> In-Reply-To: <199706081949.OAA23580@ns.tar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 8 Jun 1997, Richard Seaman, Jr. wrote: >Try this patch (to 1.2 release -- should be the same for 1.2b11), plus >all the other patches in SSLpatch except for those for http_main.c: Thanks! With this patch, and Ben Laurie's apache_1.2b10+SSL patch, I was able to install (successfully!). Just one thing : how do I get M$ Explorer to read the ssl page without bitching about no certificate ? I have them download a certificate, but this is a hassle. Is the only solution to pay big $$ to someone like Thawte ? I'm including the instructions I sent to an internal mailing list on how to set this darn thing up, as well as the locations of the tarball's! Once again, thanks. ---beginning of message--- >From khetan@chain.iafrica.com Tue Jun 10 17:02:55 1997 Date: Tue, 10 Jun 1997 16:51:45 +0200 (SAT) From: Khetan Gajjar <khetan@chain.iafrica.com> To: freebsd@os.org.za Subject: Apache + SSL Hi. I've managed to build Apache with SSL. I suggest you first install Apache 1.2.0 Then, build it and install it. Then, make clean. cd work untar the apache_1.2.0+ssl.tar.gz file from ftp://chain.iafrica.com/pub cd apache_1.2.0/src mv httpsd /usr/local/sbin then, cd /usr/local/etc/apache mv and modify from the apache_1.2.0/SSLconf/httpd.conf-SSL to / usr/local/etc/apache (remembering the different log files, pid files and statusboard files) create /usr/local/etc/rc.d/apache.ssl.sh, with the following contents ---apache.ssl.sh--- #!/bin/sh [ -x /usr/local/sbin/httpsd ] && /usr/local/sbin/httpsd -f /usr/local/etc/apache/httpd.conf-SSL && echo -n ' httpd-ssl' ---apache.ssl.sh--- Symlink /usr/local/etc/apache/ /usr/local/etc/apache/conf Run the shell script HowToMakeCertificate from chain's pub That's it! If M$ Explorer clients will be attempting to use the page, they'll moan about lack of signed certificates. They can go to http://servername/CA.crt to download the certificate. Then, shut down explorer, reload it and hey presto, they'll be able to to https://servername/ I know there is a lot to be done by hand (about 10 lines), but hey, it gives you apache+ssl. Anyone out there know how to get M$ Explorer to accept the page or to automatically download the certificate file ? I know we had this problem on another machine, but "solved" it by buying a thawte certificate. I don't have that kind of money :( ---end of message--- --- Khetan Gajjar | khetan@os.org.za www.freebsd.os.org.za/~khetan/ | khetan@iafrica.com PGP : finger khetan@chain.freebsd.os.org.za | I run FreeBSD - www.za.freebsd.org UUNET Internet Africa Support | 0800-030-002 & help@iafrica.com He hadn't a single redeeming vice. -- Oscar Wilde
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970610170301.1375X-100000>