On Thu, May 02, 2002 at 01:40:09PM +0800, [EMAIL PROTECTED] wrote: > hello guys, > i am tasked to implement a secure site using apache and ssl on our linux > server. how can i make a virtual directory say http://example.com/example/ > be secure and do i need to apply at verisign to get the site certificate for > this?
For your first question, place the directory on your SSL virtual server's document root instead of on your non-SSL server's document root. Any links to that page must be of <a href="https://example.com/example";>this form</a> so as to link to example.com's SSL server. Note that the protocol is NOT http but https. To get a site certificate, it depends on the scope of access for your SSL site. If it's a public site, you probably need to go out and get an SSL certificate signed by one of the well known big root CA's like Verisign or Thawte Consulting (erm... oh, they're just one company?). For a private site that's only accessible to a select few whom you know and who have reason to trust you, a self-signed certificate will do just as well. Before you do anything though, I strongly suggest that you read this article on how public key infrastructure and the system of certificates works: http://www.everything2.com/index.pl?node=public%20key%20infrastructure This is something a lot of people who are beginning to deal with public key cryptography fail to understand. I hope I'm able to explain it well enough to clear up some of the confusion. -- Rafael R. Sevilla <dido at imperium dot ph> +63(2)8183151 Software Developer, Imperium Technology Inc. +63(917)4458925 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
