Re: [apache-ssl] Theoreticals Question

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] Theoreticals Question
From: "Ralf S. Engelschall" <rse@engelschall.com>
Date: Mon, 31 Aug 1998 08:29:20 +0200
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: Engelschall, Germany.
Reply-To: apache-ssl@lists.aldigital.co.uk
Reply-To: rse@engelschall.com

In article <3.0.32.19980831000711.00696640@atarde.com.br> you wrote:

>   I'm interested in intall a security web sever using FreeBSD, Apache and
> SSL. However, I have had some theoreticals question about those:
>   - What's the difference between Apache and Apache-SSL? What's Apache-SSL
> have extra? 

It provides the SSL functionality as the name implies...
Or more correct: It provides the Apache interface to the SSL
implementation library SSLeay.

>   - What's the steps do I need to install a Security Web Server and my own
> CA, once I have the Web Server Apache installed? It's necessary uninstall
> Apache?

No, you can run an SSL-aware Apache beside a standard Apache. But that's
overkill. Usually one runs an SSL-aware Apache which serves non-SSL connection
on port 80 and SSL-connections on port 443 through the help of virtual hosts.
This way one only needs one Apache instance.

>   - What's means "patch" the SSL with the Apache?

Apache cannot be shipped with SSL-hooks because of crypto laws in the US. So,
the SSL interfaces like Apache-SSL or mod_ssl have to both provide additional
sources and patch some of the existing Apache sources. "To patch" here means
just to add some little code snippets (#ifdef'ed) to the original source
files. For Apache-SSL this is done by running "patch <SSLpatch" manually
inside the Apache source tree. For mod_ssl this is done automatically by the
provided configure script.

>   - After all installed, I have only httpds process running (i.e. I should
> forget httpd running)?

There is no must, but because the SSL-aware Apache can do anything (and more)
than the non-SSL-aware Apache one usually can forget the non-SSL one, yes. 

>   - In my first install I found some differents files httpd.conf in
> differents directories, in /usr/local/etc/rc.d/hhttpd.conf and
> ../SSLeay-0.8.1/work/.../httpd.conf for example. What should I use?

SSLeay comes with no httpd.conf. Apache-SSL provides examples in SSLconf/* of
it's distribution. This can be used. OTOH when you use mod_ssl the installed
httpd.conf is automatically adjusted to be SSL-ready (you just need to run
httpd with the -DSSL option) - this is a little bit easier to start for the
beginner.

>   If you don't want answer this question, please, give me a place where I
> can find this clearly.

Best is to try it out! Grab the Apache-SSL sources, install them and then look
what it does. It's a little bit of work with Apache-SSL, but you need the
knowledge later, too. So, spent the time. OTOH when you just want to have a
quick impression of an SSL-aware Apache you also can try out mod_ssl which can
be setup a little bit faster. For this follow the steps under
http://www.engelschall.com/sw/mod_ssl/example/.

Greetings,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Prev by Date: Theoreticals Question
Next by Date: Patch to apache_1.3.0+ssl_1.22
Prev by thread: Theoreticals Question
Next by thread: Patch to apache_1.3.0+ssl_1.22
Index(es):
- Date
- Thread