Re: SSL

To: debian-user@lists.debian.org
Subject: Re: SSL
From: David Z Maze <dmaze@debian.org>
Date: Tue, 22 Jul 2003 10:40:27 -0400
Message-id: <[🔎] y68wueaaalg.fsf@multics.mit.edu>
In-reply-to: <[🔎] 001501c35028$9cb61b40$0501a8c0@OLYMPUS.LOCAL> (Francisco Castellon's message of "Tue, 22 Jul 2003 02:09:45 -0600")
References: <[🔎] 001501c35028$9cb61b40$0501a8c0@OLYMPUS.LOCAL>

Francisco Castellon <castf@shaw.ca> writes:

> 1.  (*) text/plain          ( ) text/html           

(Please configure your mailer to send only plain text, not HTML.)

> I am wanting to be able to use SSL on my current apache installation
> (version 1.3.26). However I was doing some reading on the web (and
> obtained feedback from the list on a previous email) and found quite a
> few ways to go about installing SSL support on apache. There is:
>  
> - mod_SSL
> - Apache-SSL (a debian package)
> - libapache-mod-ssl (another debian package)

...libapache-mod-ssl is the Debian-packaged mod_ssl.  So you really
only have two options.  :-)

> My other concern is that I already have apache running the way I want
> it. I installed PHP4 and it works fine and I configured a few other
> things as well and I dont want to ruin that current configuration. As
> well, I do all of my apache administering from webmin, so if I install
> SSL it would be nice to still be able to administer it all from webmin. 

Both Apache-SSL and mod_ssl fundamentally are Apache, so your existing
configuration should work fine (though have no SSL support).  I have
no idea what webmin could do with either (and am somewhat leery of
such things).

> I posted a question on the user-debian mailing list but got really no
> solid sense of direction as to what I should do. I do want to be able to
> run my ssl server but at the same time it would also be nice to be able
> to run some parts of the website without SSL, I found this on the
> apache-ssl website 

You can do this with both Apache-SSL and mod_ssl, in actually much the
same way...

> it's usually simplest to run a single daemon and disable SSL on
> those virtual hosts that don't need it.

...like that.

In my personal experience, mod_ssl is slightly more configurable than
Apache-SSL in corner cases involving handling of personal
certificates[1].  Most people don't use personal certificates at all
so this isn't really an issue.  I'm also a little more comfortable
with mod_ssl's approach (use the existing extension mechanism) than
Apache-SSL's ("SSL is fundamental, must patch server").  But we use
Apache-SSL in a ~production environment here and haven't had problems
here, for the most part.

[1] The corner case: I want to ask for a certificate, and if that's
not available, then do HTTP basic authentication.  My memory is that
mod_ssl can do this, but that Apache-SSL can't.  We wound up giving up
on the personal-certificate thing, and just use basic authentication
(vs. NIS, ick) where we need it.

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

References:
- SSL
  - From: Francisco Castellon <castf@shaw.ca>

Prev by Date: Re: Loading drm
Next by Date: Re: First mail from my Linux
Previous by thread: SSL
Next by thread: 137GB HD limit?
Index(es):
- Date
- Thread