This section describes how to install a secure version of the Apache web server. There are three major differences encountered when installing Apache to use SSL versus installing Apache normally:
There are several sources of Secure Sockets Layer software. The OpenSSL is probably the most-commonly used with Apache
Unlike installing other Apache modules, SSL installation requires that the core Apache source code be modified or patched. Normal Apache modules—such as the PHP module—interact with Apache using a defined application programming interface or API. The Apache API provides functions that hide the details of dealing with HTTP from Apache module developers.
However, the code that implements SSL needs to encrypt and decrypt
HTTP requests and responses. The Apache API is aimed at the wrong
level, and SSL patches need to be applied to Apache. There are
several open source and commercial SSL extensions and patches to
Apache available. ApacheSSL (http://www.apache-ssl.org
(http://www.modssl.org) are both
open source and easy to install. We describe the installation of
ApacheSSL in this section.
A self-signed certificate can be created, but it needs to replaced with a purchased certificate from a Certification Authority when an application goes live. There ...