pnphoto, 123RF

pnphoto, 123RF

Setting up SSL connections on Apache 2

Safe Service

Article from ADMIN 15/2013
By
To spoil the day for lurking data thieves, Apache administrators only need three additional directives – and a handful of commands.

An attacker who captures the credentials for a blog can both spy on the user and break into the blog. By breaking into the blog, that attacker has actually broken into the web server. As an administrator, you should take all possible steps to secure sensitive areas of a website. Transport Layer Security (TLS) lets the web server and browser conduct their communication over an encrypted connection. TLS is a later version of Secure Sockets Layer (SSL), and this kind of connection is often still called an SSL connection. The box titled "Tap-Proof" shows how to set up an encrypted connection.

Tap-Proof

TLS and SSL are cryptographic network protocols. (Actually, they are collections of several protocols.) TLS encrypts the data provided by the browser and then sends the data to a web server via TCP (see Figure 1). SSL can thus encrypt not only HTTP traffic, but also the data of other application protocols such as FTP. In addition to data encryption, TLS also enables authentication and integrity control. A browser can therefore be sure that it is talking via an SSL connection to the correct server, that nobody can read the information that is sent, and that the data will reach the other end unchanged. The two parties can choose to limit the algorithms used. Data encryption is always handled by a symmetrical process, wherein a shared key is used for both encryption and decryption. The secret exchange of this key is guaranteed by a key exchange procedure (e.g., Diffie-Hellman [1]).

By setting the prefix to https:// in the URL, the user of a browser indicates the desire to use an encrypted connection. The process of opening the SSL connection is called the SSL handshake. The client first sends a request to the server (the client hello ). This

...
Use Express-Checkout link below to read the full article (PDF).

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Maria Dryfhout, 123RF
    What's left of TLS
    Numerous attacks have rocked the security of SSL/TLS encryption in recent years. Newer standards would remedy this, but they are not widely used.
    more »
  • Photo by London Scout on Unsplash
    Automatic data encryption and decryption with Clevis and Tang
    Encrypting hard disk partitions during the installation of an operating system is standard procedure. When booting the computer, you then need to enter a matching passphrase to unlock the hard drive. We show you how to automate this process and link it to a policy.
    more »
  • Lead Image Creative Commons CC0 TheDigitalArtist Pixabay
    TLS 1.3 and the return of common sense
    After a decade in service, TLS 1.2 is showing many signs of aging. Its immediate successor, TLS 1.3, has earned the approval of the IETF. Some major changes are on the way.
    more »
  • Lead Image © Yoichi Shimizu, 123RF.com
    Encrypting files
    Encrypting your data is becoming increasingly important, but you don't always have to use an encrypted filesystem. Sometimes just encrypting files is enough.
    more »
  • Safe Files

    Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.

    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=