  APACHE SECURED BY SSL

  Apache-SSL
  Team A.L. Digital & Apache-SSL
  Feburary 5, 2000
  , cool@hansaram.sarang.net
  v0.3 2000 2 20

    https://www.apache-ssl.org/   (?)  Դϴ.
  ______________________________________________________________________

  

  1. Main Features
  2. Apache-SSL̶?
  3. ٿε
  4. ʿ ?
  5. ֽ ϱ
  6.   ġ
  7.  
  8.  
  9. PGP Ű(key)
  10. FAQ
     10.1 Apache-SSL  ѵ Ʈ  ʾҴ - ̰ Ҵ(out-of-date) ΰ?
     10.2    Apache-SSL   ֱ⸸ ϳ?
     10.3 ġ  ȵǴµ,  ߸Ȱǰ?
     10.4 HTTP Ʈ(port) 80 ° ƴµ, HTTPS?
     10.5   ӽſ (secure), 񺸾(non-secure)    ʹ. Ѱ?
     10.6    ġ ߴ. ׽Ʈ   峪?
     10.7 Ŭ̾Ʈ   峪?
     10.8  CGI  Ŭ̾Ʈ  ϴ°?
     10.9 FontPage98 Extensions with Apache-SSL  ġϳ?
     10.10 Verisign cert ġ ,  "getca", "getverisign" ã  °?
     10.11 Ϲ  
     10.12 Y2K ?

  11. ϸ Ʈ
  12. Apache-SSL mod_ssl ƴϴ!!
  13. ũ
  14. ̷ Ʈ
  15. ũƮ(^^;)
  16. Team A.L. Digital & Apache SSL

  ______________________________________________________________________

  1.  Main Features

  o    ̿ 

  o   𼭳 128Ʈ ũ 

  o  Ŭ̾Ʈ 

  o  ü ҽ ڵ

  o  Ȯ尡  API

  2.  Apache-SSL̶?

  Apache-SSL Apache SSLeay/OpenSSL  ϴ  ̴.
  ̰ BSD  license Ѵ.  copyright notices
  Ѵٸ ̵  ̵ ¥  ִ ̴(
     SSLeay Is this legal? FAQ о  Ѵ).
  This is the same license as used by Apache from version 0.8.15

  3.  ٿε

   : Apache_1.3.11+ssl_1.38  ¥: 2000 1 25

    openssl-0.9.4 ʿϰ ⼭   ִ.

  Apache-SSL ҽ ġ  UK   Ʈ   ִ:

  o  Oxford University.

  o  University of Cambridge Computer Laboratory ̷

  ٸ FTP ̷ Ʈ:

  o  ftp.zedz.net (The Netherlands)

  o  ftp.win.ne.jp (Japan)

  o  ftp.sage-au.org.au (Australia)

  o  ftp.vwv.com (South Africa)

  o  mirror.aarnet.edu.au (Australia)

  o  ftp.it.net.au (Australia)

  o  ftp.infoscience.co.jp (Japan)

  o  ftp.funet.fi (Finland)

  o  apache-ssl.raver.net (Canada)

  o  ftp.pca.dfn.de (Germany)

  o  ftp.sekure.net (Sweden)

  o  ftp.clinet.fi (Finland)

  o  opensores.thebunker.net (UK)

  o  ftp.gin.cz (CZ)

  Ǵ HTTP ̷ Ʈ:

  o  mirror.aarnet.edu.au (Australia)

  o  ftp.it.net.au (Australia)

  O/S specific :

  o  RedHat, Caldera ׸ TurboLinux ҽ డ .rpm  
     ڿ    contrib/rpms 丮 ã  ִ.

  o  Ʈ ִ : http://www.freebsd.org/ports/www.html.

  4.  ʿ ?

  ʿ ͵ ġ(1.2.0+  1.3.0+  ) ġ 
  Ư ҽ ,   README   ϵ̴.  ġ
  ġ ҽ  Ŀ  ǰ, SSLeay( 0.5.1b+) Ǵ
  OpenSSL ȴ. The modified source will still compile a standard
  Apache as well as Apache-SSL.

  5.  ֽ ϱ

  ׷̵带     ִ   ֽ  ˷ִ
  ǥ(announce) ϸ Ʈ ϴ ̴.

  6.    ġ

    ben@algroup.co.uk .

  ׳  ϴµ δ  . ׷, (
    ǻ簡 ִ.. --;) (ģٴ?) ϰڴ.

  7.   

  ġ Apache-SSL Ѵ   ϴ.  ְŵ
  ben@algroup.co.uk  .

  8.   

    ũ ûؿ ȸ̴.  Ʒ ü ,
  õ ʰ     . û  Ͽ.

  Apache-SSL    :

  o  Thawte Consulting, at
     http://www.thawte.com/certs/server/request.html

  o  CertiSign Certificadora Digital Ltda., at
     http://www.certisign.com.br/

  o  IKS GmbH, at http://www.iks-jena.de/produkte/ca/

  o  BelSign NV/SA, at http://www.belsign.be/

  o  VeriSign, Inc. at http://www.verisign.com/guide/apache/

  o  TC TrustCenter (Germany) at
     http://www.trustcenter.de/html/Produkte/TC_Server/855.htm

  o  NLsign B.V. at http://www.nlsign.nl/

  o  Deutsches Forschungsnetz at
     http://www.pca.dfn.de/dfnpca/certify/ssl/

  o  128i Ltd. (New Zealand) at http://www.128i.com/

  o  Entrust.net Ltd. at http://www.entrust.net/products/index.htm

  o  Equifax Inc. at http://www.equifaxsecure.com/ebusinessid/

  o  GlovalSign NV/SA at http://www.globalsign.net/

  o    Ʈ   ִ.

  9.  PGP Ű(key)

     , ⳻ PGPŰ ִ.   
  ޶;  н(passphrase) Ÿ  ȴ.. --+

  10.  FAQ

  10.1.  Apache-SSL  ѵ Ʈ  ʾҴ - ̰ Ҵ(out-of-
  date) ΰ?

  ƴϴ,  װ(Apache-SSL)  ϴ ŭ  ۵Ѵٴ
  ̴. 츮   װ    Apache(
  ġ) ö, Ǵ  ο  Ҷ Ʈ Ѵ.

  10.2.     Apache-SSL   ֱ⸸ ϳ?

  https: ſ http: ߱ ̴.  ,  α׿ 
  ޽  ȴٸ  Ͱ .

    SSL_Accept failed error:140760EB:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

  10.3.  ġ  ȵǴµ,  ߸Ȱǰ?

     ´ٸ,

  $patch < SSLpatch
    Looks like a new-style context diff.
    File to patch:

  Ƹ   patch   ̴. 2.1 ̻ 
  ٲٰ ٽ õ϶.

  10.4.  HTTP Ʈ(port) 80 ° ƴµ, HTTPS?

   HTTPS ƹ Ʈ   , κ 
  ⺻ ã ǥ Ʈ 443̴. (.. .. --;) 
   URL Ʈȣ ؼ   ã   ִ.

  https://secure.server.hell:666

  10.5.    ӽſ (secure), 񺸾(non-secure)  
   ʹ. Ѱ?

  ΰ  ִ. ΰ   ų,  󿡼 ΰ
  񽺸 ÿ ϰų.      ִ, 
   ϰ    SSL ʿ κ
  ȣƮ(virtual host)    ȴ.  ΰ 
   ʹٸ    Ʈ( 񺸾 Ʈ 80,  443)
  ϰ  ǵ ؾ Ѵ. ϳ   ʹٸ, 
  ϴ     ִ.

  10.6.     ġ ߴ. ׽Ʈ   峪?

  ܰ ϳ - Ű(key) û(request, û, û.. Ӿ.. --;) .

    openssl req -new > new.cert.csr

  ܰ  - Ű н(passphrase) (û̴).

    openssl rsa -in privkey.pem -out new.cert.key

  ܰ  - û(request)  (cert) ٲ.(ٲ, ٲ,
  ^^;)

    openssl x509 -in new.cert.csr -out neww.cert.cert -req -signkey new.cert.key -days 365

    Apache-SSL ڷ   Ѵ.

    SSLCertificateFile /path/to/certs/new.cert.cert
    SSLCertificateKeyFile /path/to/certs/new.cert.key

  10.7.  Ŭ̾Ʈ   峪?

  ܰ ϳ -  ó CA /Ű  .

  ܰ  - CA Ű  û Ѵ.

    openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365

  ܰ  - 'client.cert.cert'  ûϴ̿ Ѱֶ.

  Apache-SSL  ߰ ν   Ȯ ϴ.

    SSLCACertificateFile /path/to/certs/my.CA.cert
    SSLVerifyClient 2

  10.8.   CGI  Ŭ̾Ʈ  ϴ°?

   apache_1.3.2+ssl_1.27 ̻󿡼  ڸ Ѵ.

    SSLExportClientCertificates

  ̰ Ŭ̾Ʈ   ϴ ȯ溯  ȴ. 
  ڼ , docs  SSLExportClientCertificates . ۵
   ִ: https://www.apache-ssl.org/cgi/cert-export

  10.9.  FontPage98 Extensions with Apache-SSL  ġϳ?

  Bertrand Renuart ̿  ڼ 
  http://www.itma.lu/howto/apache ϰ ִ.

  10.10.  Verisign cert ġ ,  "getca", "getverisign" ã 
  °?

  Apache-SSL ɿ Verisign  ʱ ̴. ϰ ʹٸ
  Stronghold( ġ  SSL  ) ض.   ؾ 
     Ͽ ϰ  ̸ SSLCertificateFileڿ
  Ѱָ ȴ. Űϵ Ѱܾ ϴ° ض.

  10.11.  Ϲ  

    gcc -c  -I../os/unix -I../include -I/usr/local/ssl/include   -funsigned-char -DTARGET=\"httpsd\" -DAPACHE_SSL `../apaci` -DAPACHE_SSL buff.c
    buff.c: In function `ap_read':
    buff.c:259: structure has no member named `stats'
    buff.c:267: structure has no member named `stats'
    buff.c:268: structure has no member named `stats'
    buff.c:269: structure has no member named `stats'
    buff.c:271: structure has no member named `stats'
    buff.c: In function `ap_write':
    buff.c:346: warning: passing arg 2 of `SSL_write' discards `const' from pointer target type
    *** Error code 1

  OpenSSL ׷̵ ؾ Ѵ.

  10.12.  Y2K ?

  Apache-SSL Ϻ Ʈ ¥ ó   ý
  ü ö̾(compliance)   ʴ´. 
  Ʈ ġ Y2K ؼ ̷ ̾߱ ϰ ִ.  
  OS, ϵ ٸ  ˻ؾ Ѵ.

  11.  ϸ Ʈ

   Apache-SSL ϸ Ʈ ִ. Apache-SSL
  Ŀ´Ƽ(community)κ Ϲ ̳  ϸ, apache-ssl-
  help@lists.aldigital.co.uk   . ̰  
  ش      ̴. ׷,  ϱ
  archive  ִ Ȯض.

  ܼ ֽ ϰ   ߿ ǥ ⸸ Ѵٸ,
  apache-sslannounce-help@lists.aldigital.co.uk ִ.

  12.  Apache-SSL mod_ssl ƴϴ!!

  There appears to be some confusion regarding Apache-SSL and mod_ssl.
  To set the record straight: mod_ssl is not a replacement for Apache-
  SSL - it is an alternative, in the same way that Apache is an
  alternative to Netscape/Microsoft servers, or Linux is an alternative
  to FreeBSD. It is a matter of personal choice as to which you run.
  mod_ssl is what is known as a 'split' - i.e. it was originally derived
  from Apache-SSL, but has been extensively redeveloped so the code now
  bears little relation to the original.

  Apache-SSL continues to be developed and maintained, our main focus
  being on reliability, security and performance, rather than features
  and bells and whistles. I hope this makes things clear. (Adam Laurie)

  13.  ũ

    ڿ:

  o  Peter Gutmann's Security and Encryption-related Resources and Links

  o  Andrew Ford's Apache/Apache-SSL Quick Reference Card

  14.  ̷ Ʈ

  o  Infoscience, Japan (Japanese language), at
     japache.infoscience.co.jp/Apache-SSL/Apache-SSL.html.

  o  Bilkent University, Ankara, Turkey, at
     http://sunsite.bcc.bilkent.edu.tr/pub/infosystems/apache-
     ssl/Index.html.

  o  raver.net, Canada, at http://apache-ssl.raver.net/.

  o  algroup, USA, at http://lynx.usa.algroup.co.uk/mirrors/www.apache-
     ssl.org/.

  o  instinct.org, Czech Republic, at http://www.instinct.org/apache-
     ssl/

  o  gin.cz, CZ, at http://apache-ssl.gin.cz/

  15.  ũƮ(^^;)

  Apache-SSL was written by Ben Laurie, who is also an Apache core team
  member, and an OpenSSL core team member.

  The development of Apache-SSL is sponsored by A.L. Digital Ltd., and
  this site is hosted by tem.

  Info on FTP mirror sites, CAs, Links, etc., should be send to: The Web
  Slaves.

  Apache-SSL graphics courtesy of Jamie Harrison and The WoW Foundation,
  based on the original feather by Randy Terbush. Feel free to
  replicate.

  16.  Team A.L. Digital & Apache SSL

  A.L. Digital Ltd. participate in the Distributed Net encryption
  cracking efforts, as do many of our friends. To see how our team is
  doing, click the team logo above. To read more about the project,
  click on the banner above. To join our team, affiliate yourself with
  team no. 5209. For your personal privacy, the team membership listing
  is not open to the public, and we promise not to use it ourselves. For
  anything.

