Chapter 10. Installing the Red Hat Linux Secure Web Server

Introduction

The next few chapters are intended to get you started running the Apache World Wide Web (WWW or Web) server version 1.3.12 with the mod_ssl security module and the OpenSSL library and toolkit. The combination of these three components, provided with Red Hat Linux, will be referred to in this manual as the Red Hat Linux Secure Web Server (or secure server, for short).

Web servers provide Web pages to browsers (e.g., Netscape Navigator, Microsoft Internet Explorer) who request them. In more technical terms, Web servers support the HyperText Transfer Protocol (HTTP), the Internet standard for Web communications. Using HTTP, a Web server sends HyperText Markup Language (HTML) Web pages and CGI and other types of scripts to browsers at the request of the browser. When users click on a link on a Web page, a request is sent to a Web server for the content named by the link. The Web server receives the request and provides the content that was asked for (e.g., an HTML page, an interactive script, a Web page dynamically generated from a database, etc.), or it sends back an error message. Apache, the Web server provided in this product, is the most widely used Web server on the Internet today (see http://www.netcraft.net/survey/).

The mod_ssl module is a security module for the Apache Web server. The mod_ssl module uses the tools provided by the OpenSSL Project to add a very important capability to Apache — the ability to encrypt communications. In contrast, using "regular" HTTP, communications between a browser and a Web server are sent in plain text, which could be intercepted and read along the route between the browser and the server.

The OpenSSL Project includes a toolkit which implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and a general purpose cryptography library. The SSL protocol is used for secure data transmission over the Internet today; the TLS protocol is a proposed Internet standard for private (secure) and reliable communications over the Internet. OpenSSL tools are used by the mod_ssl module to provide security for Web communications.

These chapters are not meant to be complete and exclusive documentation for any of these programs. When possible, this guide will point you to appropriate places where you can find more in-depth documentation on particular subjects.

This guide will show you how to install the included programs, as well as the basic options for configuring your Apache Web server. You will also be walked through the steps necessary to get a certificate from a Certificate Authority (CA), how to generate your own self-signed certificate, and how to install a certificate to use with your secure Web server.