Thanks to some help from this list, and others, I got apache+openssl/etc up and running (I know it is up and running, because when I do httpS://mysite/some.page, it starts a SSL session, I get the little lock on my browser, etc.) So, I added this to my apache.conf <Location /secure> SSLRequire ( true ) </Location> (yes, /secure exists, right permissions, and I added those lines in the correct place in apache.conf (right below the example for SSLRequire)) The problem is, after adding that configuration line, I can still go to /secure with my browser, and it doesn't start a SSL session. I don't understand this at all - it seems really easy ... sslREQUIRE leads me to believe that the directory or file specified would open in the browser as SSL, and if the browser doesn't support it, it would not let it open at all (because it is required). if I type httpS://mysite.com/secure, it goes SSL, of course, because I used httpS, but I shouldn't need to use that, should I? Because I set it to be required, so it should go to SSL just by hitting that location, right? Anyone know what the problem is? thanks, john ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]