Ok, so script the chown'ing and permissioning on import. It's still
easier on an embedded system to install apache as SSL-capable and only
enable when desired, rather than jumping through flaming hoops and
loading up the mod_ssl module when needed.
Embedded devices are designed around the KISS principle. The more
complex you make it, the surer you are to be getting loads of support calls.
Best~
-dsp
SANDER SMITH wrote:
You're right, what I'm asking for is not normal and I understand it. However, your
suggestions make some assumptions about the "normalcy" of the environment that
we're dealing with which just isn't the reality of my situation.
The project I'm working on is not to simply secure an e-commerce site running on some big server hardware. I'm looking at apache running on some embedded platform. Users will not be people who understand what chown is, but will be content by just pushing buttons on the front panel of the device. Because of how the device is being deployed, I can even assume that everything can be run under root to simplfy things.
So given that this is not a normal case, any ideas on how to proceed?
Dave Paris <[EMAIL PROTECTED]> wrote:
This seems about 180deg from normal. Install Apache with mod_ssl.
Start it without invoking SSL .. if you get a certificate, you'll want
to hand-walk it into the right place, chown it to root, and make it
perm'd to 0400 anyway .. then a quick graceful stop and startssl ..
*poof*, Bob's yer uncle.
Best~
-d
SANDER SMITH wrote:
I'm looking to do something, but I'm not sure it's even possible. Maybe someone
can steer me in the right direction.
Let's say that I have a copy of apache running on my server. I also have a
brand new SSL certificate that was signed by a CA. I'd like to write some code
to programmatically enable SSL on the server by means of mod_ssl. When I think
about the steps necessary, I need to:
1. Copy the mod_ssl files to the proper place.
2. Update the mod_ssl config files to point to my SSL certificate.
3. Update the apache config files to recognize and run mod_ssl
4. Cause apache to suddenly start to use mod_ssl
Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave,
and I'm hoping someone can give me some insight. Is it even possible? Does it
require apache to be restarted? Is there some programmatic way to get apache to
restart?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]