| Posted by JavaDziner, 10-19-2009, 01:52 PM | | I've never used SSL/Https before, and I just recently signed up for a host service provider. My site is uploaded but I'm still in testing phase. What I would like to do is use ssl on a login page, as well as pages where an email (form) is submitted. I want to protect personal data.
I have Apache web server 2.2, Tomcat 5.5.27, Java 1.5.0.19 (SE 5), and Mod_jk 1.2.28 installed on my server.
I'm not using Tomcat in standalone mode.
I'm not sure where to start. This is all so new to me, so I have quite a few questions. Forgive me if I'm not using proper terms in the questions below.
1) where should I go to purchase a certificate?
2) do I need any additional modules or applications on my server to use ssl?
3) since I'm not planning to use ssl/https sitewide, but only on a few select pages, what sort of configurations are necessary in apache or in tomcat to specify such?
|
| Posted by stdunbar, 10-19-2009, 02:41 PM | | You're doing it the easy way by having Apache in front of Tomcat. This allows you to use mod_ssl in Apache.
There are many options for purchasing an SSL certificate. Since you're using Apache everywhere you go will have something available for that. I personally use the services of namecheap.com as they are also my registrar. They have a RapidSSL cert for $10/year. Again, there are many other choices out there too but do yourself a favor and don't overpay.
To use SSL in Apache you'll need to have configured mod_ssl. This is a part of Apache but may or may not be compiled in by default on your installation. Are you using the supplied distro? If so, it likely already has SSL compiled in. The Apache SSL docs are a good place to start getting set up.
When you say "only on a few select pages", does that mean that you don't want SSL on everything else? There are really two ways to handle this. The first is the J2EE way. You'd put something like:
into your web.xml. However, because you're using Apache in the front this becomes a bit harder to configure. The easier way is to have all of your site under SSL. You'll set up a non-ssl virtual host in Apache that redirects to your SSL host. This host will be entirely under SSL.
The upside to this is that it is really easy to setup. The downside is that, in theory, SSL takes more computing resources on both the server and the client. In practice it isn't significant but if you're getting 10's of thousands of hits per day it would likely affect your server CPU consumption.
|
| Posted by barry[CoffeeSprout], 10-20-2009, 09:46 AM | | I think stdunbar pretty much nailed it.
If in doubt, I'd go with a full SSL setup as it makes it hard to accidentally send pages unencrypted.
|
| Posted by JavaDziner, 10-20-2009, 10:08 AM | | I used namecheap.com for my registrar as well. So that would be convenient to get it from them.
Question - Is RapidSSL a cert that is commonly recognized by the browsers? Or will people be prompted with a warning/notification to accept the certificate each time they visit a secure page?
I just checked to see what applications I have installed on the server, and mod_ssl is available but not currently installed. Its a one-click process to install it, so that won't be a problem.
Yes. I would like to use ssl on login pages, and pages where a form containing personal data is submitted...and not throughout the entire site.
Since I would like to specify the pages I would like to use ssl on, how do I configure Apache for use under that scenario? Or does the Apache website (link you provided for ssl) explain that?
After Apache and mod_ssl are configured, is it as simple as making a url start with https instead of http? Is that how a page knows to use ssl?
|
| Posted by barry[CoffeeSprout], 10-20-2009, 10:13 AM | | I believe any cert these days will not trigger an alert in the most current browsers (so from IE 6 and up)
RapidSSL should be fine; The difference is mostly cosmetic (branding)
It could be that RapidSSL comes with a certificate chain, which might require a little more setup on the server
|
|
 Add to Favourites
 Print this Article
|
