ApacheCon US 2008 Session

Securing Communications with your Apache HTTP Server

This talk will introduce you to the fundamentals of securing the client-server communication of your Apache HTTP Server with HTTPS. We will start by explaining the basics of X.509 server and client certificates, certification authorities, and using the OpenSSL toolkit. The TLS/SSL protocol will be introduced and how it is used together with HTTP in order to provide for data encryption, integrity, and authentication. The basic configuration of the Apache HTTP Server will be explained, as well as the Mozilla Firefox and Microsoft Internet Explorer clients. We will walk through some standard use cases and common pitfalls and issues when using HTTPS.