[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL Server Certificate
At 09:31 AM 2/5/2004, you wrote:
>One of these Perl script systems sets configurations
>by an "admin" sign-in on a web page. It just
>seems to me that any time passwords are used,
>they should be secure.
Which OS? The SSL certificate itself is more a function of the OS than
Apache - Apache only uses the cert to initiate the encryption session.
In order to make it work, you must:
1) Configure your OS with an SSL toolkit (OpenSSL, or equivalent), and
configure Apache with the appropriate module.
2) Create a key and certificate using the toolkit, **OR** generate the key
and purchase a 'traceable' certificate from a CA.
3) Configure Apache with the reference to the cert in the SSL config, such as:
Most current OS OSs will generate the certificate for you (e.g. OpenBSD),
.. we use Webmin all the time for admin functions and always use the SSL
>Also, I am thinking about having a Perl CGI
>development area where I might want to be the
>only person who can sign on.
If you're the only person doing development (or development is done
in-house), that's a security job for a network device like a firewall.
Normally you would not wish to incur the SSL overhead if you don't need it.
>That might work in my favor by discouraging
>people who shouldn't be trying to sign on,
Remember also, do not confuse SSL [data encryption] with login requirements
[access control] - using an .htpasswd file to restrict access to a
directory tree is separate and distinct from SSL data encryption.
Leland V. Lammert email@example.com
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
To unsubscribe, send email to firstname.lastname@example.org with
"unsubscribe silug-discuss" in the body.