Additions:
#you really do want this, it does the https magic. I promise.
Deletions:
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/dir(.*) https://%{SERVER_NAME}/dir$1 [R,L]
# send HTTP requests from links in web apps to HTTP properly
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/dir(.*)
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [R,L]
Additions:
This document is for people wishing to set up their own instance of Apache w/ OpenSSL (and root). People using managed hosting will need to speak with their providers.
Deletions:
Additions:
[[http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts - Apache2 docs about SSL certs]]
[[http://gentoo-wiki.com/Apache_Modules_mod_ssl - Gentoo Wiki article on apache/self-signed SSL]]
[[http://gentoo-wiki.com/Apache_Modules_mod_ssl - Gentoo Wiki article on apache/self-signed SSL]]
Deletions:
Additions:
This document is for people wishing to set up their own instance of Apache w/ OpenSSL (and root). PEople using managed hosting will need to speak with their providers.
Deletions:
If your host takes a certificate, proceed to the creation of CSR, finish the CSR and then proceed with a CA, then give your host what the CA generates. If your host takes a CSR, proceed to the CSR section, then give your host the CSR. If your host does it all, pay them.
Additions:
Disclaimer - someone once asked me why I don't define SSL within the scope of this document. This is a how-to, not a cryptographic whitepaper. Please see [[ssl my page on SSL]].
Deletions:
Additions:
<<**Managed hosts**
This document is for people wishing to set up their own instance of Apache w/ OpenSSL. If you are using a manged solution, please consider the following: some hosts take certificates, some folks take CSRs, some folks do everything for you. Please figure out what you need, and then proceed.
If your host takes a certificate, proceed to the creation of CSR, finish the CSR and then proceed with a CA, then give your host what the CA generates. If your host takes a CSR, proceed to the CSR section, then give your host the CSR. If your host does it all, pay them.
<< ::c::
This document is for people wishing to set up their own instance of Apache w/ OpenSSL. If you are using a manged solution, please consider the following: some hosts take certificates, some folks take CSRs, some folks do everything for you. Please figure out what you need, and then proceed.
If your host takes a certificate, proceed to the creation of CSR, finish the CSR and then proceed with a CA, then give your host what the CA generates. If your host takes a CSR, proceed to the CSR section, then give your host the CSR. If your host does it all, pay them.
<< ::c::
Additions:
Disclaimer - someone once asked me why I don't define SSL within the scope of this document. This is a how-to, not a cryptographic whitepaper. Please see (link to be added).
Why do we care about SSL? Because it allows us to send private information over a secure connection instead of in plain text, so that anyone listening wont see things such as credit card numbers, addresses, passwords etc. The certificates (what we're doing now) help ensure that hosts we're sending this traffic to are who they claim to be, but further they allow us to establish the encrypted stream between the foreign host.
Why do we care about SSL? Because it allows us to send private information over a secure connection instead of in plain text, so that anyone listening wont see things such as credit card numbers, addresses, passwords etc. The certificates (what we're doing now) help ensure that hosts we're sending this traffic to are who they claim to be, but further they allow us to establish the encrypted stream between the foreign host.
Deletions:
Additions:
Disclaimer - someone once asked me why I don't define SSL within the scope of this document. This is a how-to, not a cryptographic whitepaper. Please see (link to be added)
Additions:
We like apache w/ SSL support. It's awesome. Maybe that's just because I love crypto for some undefined, irrational reason. Maybe I shouldn't write documentation at 0500. You need several things:
Deletions:
Additions:
Please see [[http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts apache documentation]] for further information about CSRs, keys, CAs and other advice.
Additions:
[[http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts Apache2 docs about SSL certs]]
Additions:
You WILL be prompted every restart of apache for the password for your key. This can be fun when throwing apache the argument -DSSL on startup (init.d/rc.d scripts). Beware.
