Re: SSL
Francisco Castellon <castf@shaw.ca> writes:
> 1. (*) text/plain ( ) text/html
(Please configure your mailer to send only plain text, not HTML.)
> I am wanting to be able to use SSL on my current apache installation
> (version 1.3.26). However I was doing some reading on the web (and
> obtained feedback from the list on a previous email) and found quite a
> few ways to go about installing SSL support on apache. There is:
>
> - mod_SSL
> - Apache-SSL (a debian package)
> - libapache-mod-ssl (another debian package)
...libapache-mod-ssl is the Debian-packaged mod_ssl. So you really
only have two options. :-)
> My other concern is that I already have apache running the way I want
> it. I installed PHP4 and it works fine and I configured a few other
> things as well and I dont want to ruin that current configuration. As
> well, I do all of my apache administering from webmin, so if I install
> SSL it would be nice to still be able to administer it all from webmin.
Both Apache-SSL and mod_ssl fundamentally are Apache, so your existing
configuration should work fine (though have no SSL support). I have
no idea what webmin could do with either (and am somewhat leery of
such things).
> I posted a question on the user-debian mailing list but got really no
> solid sense of direction as to what I should do. I do want to be able to
> run my ssl server but at the same time it would also be nice to be able
> to run some parts of the website without SSL, I found this on the
> apache-ssl website
You can do this with both Apache-SSL and mod_ssl, in actually much the
same way...
> it's usually simplest to run a single daemon and disable SSL on
> those virtual hosts that don't need it.
...like that.
In my personal experience, mod_ssl is slightly more configurable than
Apache-SSL in corner cases involving handling of personal
certificates[1]. Most people don't use personal certificates at all
so this isn't really an issue. I'm also a little more comfortable
with mod_ssl's approach (use the existing extension mechanism) than
Apache-SSL's ("SSL is fundamental, must patch server"). But we use
Apache-SSL in a ~production environment here and haven't had problems
here, for the most part.
[1] The corner case: I want to ask for a certificate, and if that's
not available, then do HTTP basic authentication. My memory is that
mod_ssl can do this, but that Apache-SSL can't. We wound up giving up
on the personal-certificate thing, and just use basic authentication
(vs. NIS, ick) where we need it.
--
David Maze dmaze@debian.org http://people.debian.org/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to:
- References:
- SSL
- From: Francisco Castellon <castf@shaw.ca>