[lug] Stronghold my only APACHE SSL option?

Charles Morrison cmorrison at info2000.net
Thu Mar 16 09:02:35 MST 2000


Sorry to chime in so late. I've been out of town and there's been a LOT of
email to sift through.

I've seen no references to IBM's HTTPServer, which is an IBMized version of
Apache. The nice aspect of this (besides the admin front end, which always
gives me errors, so forget THAT and use vi or emacs [joe in my case]) is that
is has a java based SSL certificate manager. It works nicely for creating keys,
cert requests and merging "officially signed" [meaning you pay for it] certs
into your apache environment. Of course we all know that IBM is making a strong
bid for being the JAVA King, so it figures.

You might want to note that IBMHTTPServer is a free download. My personal
perspective is that it's a good way to get an SSL add to the familiar Apache
server. The down side is that not all of it is available with source, i.e. the
SSL stuff isn't. More than likely this is because IBM has RSA licensed and
can't legally release that.

-- 
Chuck Morrison
VA Linux - Western Region
Sr Systems Engineer

On Tue, 14 Mar 2000, you wrote:
> I'm very interested in this discussion because I am right in the middle of 
> the same muddle. Here's a summary of my researches on various sites.
....
>     Stronghold (http://www.int.c2.net/products/sh2/),
>     Raven (http://www.covalent.net/raven/ssl/),
>     RedHat Secure Web Server (included in RH6.1 pro bundle, may be 
> available separately from http://www.redhat.com)
.....

See above

> What I've been trying to find out myself is
> 
> * does RH still sell SWS standalone? Or do you have to get it in the bundle 
> with Pro? I don't mind paying for it but I would like to keep my existing 
> KRUD installation. I sent this question to presales at redhat.com but never 
> heard back. Pity. They must be spending all their time watching their stock 
> tickers.
> 
> Does anyone happen to know the answer to this question?

They used to, for $99. I think you can still get it but it is based on RH 5.2.
For newer, 6.x versions, you have to do the "Pro" version of RH. 

For all those other issues, I'd seriously look at IBMHTTPServer. The issue with
paying for a signed cert is a sticky one. That is tied up with deals made with
the browser companies, Netscape and MS. If you can get them to recognize  your
"signature" without working some multi-million dollar deal, go for it. Other
wise, figure on shelling out >$100 to get rid of that funky popup warning
dealy. 




More information about the LUG mailing list