[freebsd-questions] Best way to add SSL to Apache 1.3.37

Patrick Baldwin Patrick.Baldwin at studsvikscandpower.com
Mon Jun 11 16:16:09 UTC 2007


Olivier Nicole wrote:


[snip]

>>configuration?  If both options are possible, is one better than the
>>other?  I'd prefer not to have to re-do my apache install, but if
>>there's some compelling reason I should, I'm interested in knowing it.
> 
> 
> You would have to modify the httpd.conf to activate SSL anyway.
> 
> Have you a lot of things in the config yet?

Just what I needed to get our webmail server running.  Initially
tried Horde, but ended up running into some problems with that,
now trying Squirrelmail.

>>Also, when I've got it, I want users to have the option to use it,
>>not be forced to (tinkering with a Squirrelmail webmail server here), so
>>any information on that would be more than welcome.
> 
> 
> Any reason why you don't want to force your user to go SSL. They will
> be exchanging password over the network, better it is crypted, don't
> you think?


Yes, absolutely, that's why I want the option to use SSL.  However,
we have some users that travel a lot, and sometime they absolutely
need to be able to get to their email.   SSL introduces another layer
of complexity, and thus possibility for failure, into checking their
email.  While I prefer the security of SSL, if it's a choice between
no email access for our travellers and access without SSL, my boss
has been pretty clear that access, however it's achieved, is the key
issue.

> If it is a matter of not purchasing a certificate, you can put up a
> page on the way to install the certificate once for all so the users
> are not requested again to accept the certificate.


While that's not really the issue for me, I'm interested in this idea
anyway, as it saves some money and keeps us a little more self 
sufficient.  If you'd care to explain this in further detail, or
just point me at a doc somewhere that does, it would be much
appreciated.

> Usual configuration of Apache normally allows you to set-up two
> servers, one on port 80 that is not crypted and one on port 443 that
> is using SSL. Both services can share the same web pages, giving acces
> both with and without SSL.

I guess now I need to hit Google and find out how to do this on FreeBSD,
as it sounds just like what I want, thanks!


Regards,

-- 
Patrick Baldwin
Systems Administrator
Studsvik Scandpower, Inc.
1087 Beacon St.
Newton, MA 02459
1-617-965-7455



More information about the freebsd-questions mailing list