modssl openssl

[sonuteklists]

I did read some documentation for the above but I am not very clear about some things. Where do I use modssl and openssl. I am guessing that modssl is to be used with Apache to encrypt websites with ssl and openssl is to be used to set up a CA and issue machine certificates ??
Kindly advice.
Detailed, links, howtos would be great as well.

Also if apache-php-mysql has been running fine for some time now and want to set up encryption for websites would it be possible to set up ssl with apache now ?? Now should I use modSSL or can use OpenSSL just as well ??
Can you provide detailed links to do either ??

Thanks a bunch.

 

[sleipnir214]

Actually, if you're using mod_ssl with Apache, you're also using OpenSSL with Apache. As the mod_ssl documentation on the Apache website states, "This module relies on OpenSSL to provide the cryptography engine."

See also

http://httpd.apache.org/docs/2.0/ssl/

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[sonuteklists]

Thanks for the info. I was able to setup a basic CA setup. On one client I generated a request, got it signed from the server and sent it to the client.
- How do I accept the signed certficate on the client and
- add the the server to its trusted root authority

Also, can you kindly provide more links, guides, info, to setup modssl with a production httpd server.

Thanks a bunch.

 

[sonuteklists]

I am yet to finish with all the info from before, but was hoping that someone in the meanwhile provide info on how to generate and setup certificates for websites running on apache.
At the same time I am kinda trying to figure out how does a machine certificate on the same machine interact with a certificate for a website. Or is not required to have web certificate for a machine which has a machine certificate installed ??
Can anyone kindly explain. Would appreciate it much.
Thanks.

 

[ericbrunson]

Verisign has an excellent howto on generating certs:

http://www.verisign.com/support/tlc/csr/ssleay/v01.html

 

[sonuteklists]

Thanks a bunch for the wonderful link. Will test it out !!!

 

[sonuteklists]

The link was very useful, but I am failing to understand the following.
After I got the certrequest signed from the CA, what next. How and where do I import the signed certificate from the CA and where do I put them on the client machine. I guess I have add the CA key to the trusted root CA,
- how do I add the server key to the trusted root CA
- how do I add the signed certicate on the client

For now, what I am trying to do is add the machine certificate. After that I will try to enable ssl on Apache/Httpd.

Kindly excuse me for referring to Windows, but I am just presenting that so that I can explain what I want to do. The Windows was a AD server and I wanted to access AD using LDAPS. So I created a certificate request, sent it to the CA (Redhat, OpenSSL), got it signed from the CA, accepted it on the cient (AD) and added the server CA to the trusted root authority. After that I was able to access AD using LDAPS instead of LDAP.

How would I do the same in redhat, mainly accepting the signed cert on the cient and adding the server CA to the trusted root authority. Also after doing so, would I able to use a service on its secure port (if one was available, lets say sftp) ?? I know to secure apache is another story, but how about securing other common ports like the one I have mentioned above.

The links as I have said before was very very helpful, but I wasnt sure about the above even after reading through the suggested links and info.

Kindly advice.
Thanks a bunch.