Hi! I am currently publishing some web services on a Centos 5.3 server on my office using the included apache httpd. They are available from the Internet, and they require validation (username/password). I would like to publish them all under https, so the passwords won't travel unencrypted, but then all my sites use the same certificate on apache httpd. The solution to this is using an httpd server that supports SNI: <http://en.wikipedia.org/wiki/Server_Name_Indication> however, the httpd included in Centos does not have this feature. Question is: have anybody made httpd RPMs for CentOS supporting this feature? (according to the link, httpd supports this since 2.2.11) or maybe they can be requested on the CentOS Plus repositories? Thanks!
German Pulido wrote:> Hi! > > I am currently publishing some web services on a Centos 5.3 server on my > office using the included apache httpd. They are available from the > Internet, > and they require validation (username/password). I would like to publish > them > all under https, so the passwords won't travel unencrypted,You could use digest passwords instead of plaintext as well. http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html nate
> I am currently publishing some web services on a Centos 5.3 server on my > office using the included apache httpd. They are available from the Internet, > and they require validation (username/password). I would like to publish them > all under https, so the passwords won't travel unencrypted, but then all my > sites use the same certificate on apache httpd. The solution to this is > using an httpd server that supports SNI: > <http://en.wikipedia.org/wiki/Server_Name_Indication> however, the httpd > included in Centos does not have this feature. Question is: have anybody made > httpd RPMs for CentOS supporting this feature? (according to the link, httpd > supports this since 2.2.11) or maybe they can be requested on the CentOS Plus > repositories?You might take a look at nginx <http://nginx.net/> as an SNI enabled https proxy. You should know that not all browsers/clients support SNI .. I would check out <http://en.wikipedia.org/wiki/Server_Name_Indication> for further details. Barry
On 4/12/09, German Pulido <gpulido at gtscolombia.com> wrote:> I am currently publishing some web services on a Centos 5.3 server on my > office using the included apache httpd. They are available from the > Internet, > and they require validation (username/password). I would like to publish > them > all under https, so the passwords won't travel unencrypted, but then all my > sites use the same certificate on apache httpd. The solution to this is > using an httpd server that supports SNI:<snip. German: If the sites are to be used by your existing employees/customers, it is possible you could generate a free SSL certificate, for each site, that would provide the security you need? They might get a browser warning, about the SSL certificate, but the security would be there. Lanny (in Cali)
German Pulido napsal(a):> Hi! > > I am currently publishing some web services on a Centos 5.3 server on my > office using the included apache httpd. They are available from the Internet, > and they require validation (username/password). I would like to publish them > all under https, so the passwords won't travel unencrypted, but then all my > sites use the same certificate on apache httpd. The solution to this is > using an httpd server that supports SNI: > <http://en.wikipedia.org/wiki/Server_Name_Indication> however, the httpd > included in Centos does not have this feature. Question is: have anybody made > httpd RPMs for CentOS supporting this feature? (according to the link, httpd > supports this since 2.2.11) or maybe they can be requested on the CentOS Plus > repositories? > > Thanks!http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/repoview/ http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/repoview/ http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/repoview/ http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/repoview/ David Hrb??