SSL certificate for secure Outside Access

[brake16]

Good Morning

Well, I was just reading the wiki entry for Outside Access (http://wiki.linuxmce.com/index.php/Outside_Access), and it mentioned that setting up an SSL certificate would be costly and complicated.  So I Googled "buy SSL secure certificate", and found that GoDaddy.com offers several different SSL certificates, starting at $12.99 (http://www.godaddy.com/gdshop/compare/gdcompare_ssl.asp?isc=sslqgo008b)  So my questions:

• Would the $12.99 certificate be sufficient, or what kind of certificate is needed?
• How would it be complicated?
• Does anybody have this sort of setup?  Would you be willing to explain what you did?

Bryce

[merkur2k]

There is absolutely no need to purchase a signed ssl cert for this, since all that does is get rid of the warning in the web browser. A self signed cert is free and you can make it yourself. how to add it to the system is a bit harder though, but there are quite a few guides out there for adding ssl certs to apache.

[colinjones]

merkur2k is right, the only thing a "proper" cert gives you is a chain of trust back to a root authority that everyone trusts... thus means that someone else coming to your site, not only gets encryption but also trusts that your site is what it says it is. I assume that you won't have randoms accessing your site, and that you trust yourself! So you can just create a self-signed cert and use that...

[brake16]

I assume that....you trust yourself!

For the most part.

Has anybody done this?  I have no problem Googling for how-to guides, but I don't want to break anything LMCE specific/special if I can avoid it.

Bryce

[hari]

it should be safe to add a ssl cert to apache (when you know what you are doing). Backup the config files first. AFAIK lmce does not touch those parts of the system at all.

br, Hari

[brake16]

it should be safe to add a ssl cert to apache (when you know what you are doing)...

Gee, had to add that last part, huh?   I'm thinking that'll be something to add to the list of 'things-to-learn'.  Good to know it's not incredibly LMCE sensitive, so I might have some room to 'bumble about'.

Thanks
Bryce

[pigdog]

Hi brake16,

Here's a little help for your list.

http://www.tc.umn.edu/~brams006/selfsign.html

Cheers.

[tschak909]

can somebody:

(1) make a feature request in trac?
(2) work on making this feature work out of the box with the system and submit a patch?

Thanks,
-Thom

[brake16]

Here's a little help for your list.

You are the man.  I wish I could give you a karma bump.

[dlewis]

brake16, please read Thom's post and react accordingly... Thanks!

[merkur2k]

I should have time today to take a poke at this.

[brake16]

can somebody:

(1) make a feature request in trac?
(2) work on making this feature work out of the box with the system and submit a patch?

Thanks,
-Thom

Feature request in trac has been made (http://trac.linuxmce.org/trac.cgi/ticket/226).

First time using trac.  Took me a bit to find it and figure out how to do it.  Feel free to offer thwapping corrections as needed.

Bryce

[merkur2k]

Having spent some time with this this morning, I have come to the conclusion that this will never be possible since apache requires ssl sites to use static ip.
you could certainly work at it enough to do your own implementation, but it will not be possible to do an automated install that works on every setup.

[brake16]

Having spent some time with this this morning, I have come to the conclusion that this will never be possible since apache requires ssl sites to use static ip.
you could certainly work at it enough to do your own implementation, but it will not be possible to do an automated install that works on every setup.

Forgive the newbiness most likely apparent in this quesiton, but will DynDNS help?  I have DSL, and therefore, no static ip.

Bryce

[merkur2k]

Well on a second look it may be possible, but i have hosed up my apache so badly at this point that its gonna hafta wait until i do a reinstall of the core i think.