[lug] htpasswd security
Peter Hutnick
peter-lists at hutnick.com
Wed Mar 5 09:59:13 MST 2003
Timothy C. Klein said:
> Hah, quick and easy my left foot!
Sure it is. With recent versions of RedHat you make a cert and enable https.
It really isn't even hard to do it from scratch. Great instructions
(Apache 1.x only) at http://slacksite.com/apache/. The info on that site
on making a self-signed cert is useful even if you aren't compiling your
own Apache.
> Well, joking aside, don't I have to
> buy a certificate to do this?
Absolutely not. Here is the deal. You make a certificate. All the
encryption is based on that cert. You then either sign it yourself, or
pay to have a so-called CA (certificate authority) sign it. What you are
buying is their promise to third parties that your cert really belongs to
you.
Their "authority" lies only in that they 1. have deals with the major
browser vendors to include them as CAs in the browser distro and 2. they
use public records to verify who you are.
So, unless you are unsure that you are you getting your cert signed by a
CA is irrelevant.
> I can sign my own, but isn't that about
> useless?
As above, it is precisely as useful as having it signed by a CA, in your
case.
> Aside from that, I can't seem to get mod_ssl working as a
> module in Debian. Maybe I will try the other version in unstable (with
> mod_ssl linked in), but I am not sure if it is worth the time I am
> having to invest.
Gee, I though everything always worked in debian as long as you used
stable :-P
Good luck!
-Peter
PS: This is how you trim a reply, damnit!
-P
More information about the LUG
mailing list