
suEXEC Support
|
143
Now try accessing your home page with an https:// URL (for example, https://server1.
centralsoft.org).
For SSL to work, your server also needs a certificate. This is an encrypted file that
proves to the user’s browser that you are who you claim to be. How does the
browser know whom to trust? Web browsers have built-in lists of trusted certificate
authorities (CAs). The command/option/tab chain to view them is:
Firefox 2.0
Tools
➝ Advanced ➝ Encryption ➝ View Certificates ➝ Authorities
Internet Explorer 6.0
Tools
➝ Internet Options ➝ Content ➝ Certificates ➝ Trusted Root Certification
Authorities
CAs are companies that sell your organization a certificate and want cash for doing
the legwork to verify your identity. Commercial web sites almost always use commer-
cial CAs, because the browser silently accepts certificates issued by its trusted CAs.
Alternatively, you can be your own CA and create a self-signed certificate. This works
with SSL just as well as a commercial certificate, but the web browser will prompt
the user about whether or not to accept your certificate. Self-signed certs are com-
mon in small open source projects and during testing of larger projects.
suEXEC Support
Apache can serve multiple sites at the same time, but the individual sites will have
different pages, CGI scripts, users, and so on. Because Apache runs as a particular
user and group (our defaults are