Joe Polk said: > > Question: > I have a webmail app that's written in perl and I want to secure that > entire directory with SSL so that when a user goes to check their webmail > it will require SSL. What is the best approach? I am fine with a gen'd > cert, as I don't have the traffic to warrant purchasing one. Any ideas?
I use apache-ssl, but you can use anything else theres apache+mod_ssl, as well as several commerical packages that support ssl. the apache-ssl homepage(www.apache-ssl.org) has an easy to follow guide on how to generate your own cert(the cert is compadible with many different uses including apache+mod_ssl, stunnel, openldap etc). I also use normal apache, and redirect the non-ssl version to the ssl version e.g. take my webmail site, webmail.linuxpowered.net, my apache config: <VirtualHost 216.39.174.24> ServerName webmail.linuxpowered.net ServerAlias webmail RedirectMatch (.*)\.*$ https://webmail.linuxpowered.net ErrorDocument 404 http://portal.aphroland.org/errors/404/ </VirtualHost> and my apache-ssl config: <VirtualHost 216.39.174.24> SSLEnable SSLCertificateFile /etc/apache-ssl/portal.pem ServerName webmail.linuxpowered.net DocumentRoot /nfs2/home/squirrel/public_html </VirtualHost> so if someone goes to webmail.linuxpowered.net they are transparently redirected to the same site but using SSL. You can do this with 1 copy of apache-ssl, rather then running seperate daemons but I prefer just running both, and besides I'm using mod_php on apache-ssl which adds quite a memory footprint to it, not using it under normal apache so it is faster for normal requests. this particular server runs debian, not redhat but the configuration is fully compadible. I use this sort of setup for many many things including mailman configuration, ldapexplorer, eZpublish(CMS) to name a few, auto redirect http to https nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
