I’m working on setup authentication for an internal website recently.To protect usernames and passwords, setting up HTTPS is very necessary. Here is my first trial on HTTPS/SSL:
Step 1. Check if apache has ssl module compiled
Step 2. Compile apache if it didn’t have ssl module
Step 3. Config apache SSL
A. Load ssl module, it should already have these lines:
B. Enable httpd-ssl.conf, remove # from httpd-ssl.conf line:
C. Config pages that need force using https at VirtualHost part:
D. Config extra/httpd-ssl.conf
Until now, the HTTPS is setup for the site. But we need to have 2 files: server cert server.crt, and its private key server.key.
The official way it to request it from public SSL certificate companies, such as VeriSign, because their cert is accepted by all browser by default. But it costs a few hundred dollar per year at least.
So many companies have their self-signed cert…
View original post 264 more words