mod_nss

Clone
Source Code
GIT

Files

  1.   bb9b72e3fbffa8364ca63e33ce5185066ae0c427
docs
AUTHORS
COPYING
ChangeLog
INSTALL
Makefile.am
Makefile.in
NEWS
README
TODO
aclocal.m4
config.m4
configure.in
ltmain.sh
mod_nss.c
mod_nss.h
modules.mk
nss.conf.in
nss_engine_config.c
nss_engine_init.c
nss_engine_io.c
nss_engine_kernel.c
nss_engine_log.c
nss_engine_pcache.c
nss_engine_pphrase.c
nss_engine_vars.c
nss_expr.c
nss_expr.h
nss_expr_eval.c
nss_expr_parse.c
nss_expr_parse.h
nss_expr_parse.y
nss_expr_scan.c
nss_expr_scan.l
nss_pcache.c
nss_pcache.h
nss_util.c
config.guess
config.sub
configure
depcomp
gencert.in
install-sh
migrate.pl
missing
mkinstalldirs
README 
SYNOPSIS

 This Apache module provides strong cryptography for the Apache 2.0 webserver
 via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
 v1) protocols by the help of the SSL/TLS implementation library NSS

 This module is based heavily on the mod_ssl package. In fact, it's more
 a conversion than anything else.

BUILDING

 To build this you'll need NSPR 4.4.1 and NSS 3.9.3. It may work with earlier
 versions but these are recommended (or tested). These can be retrieved from
 http://www.mozilla.org/. The --with-nspr and --with-nss tags require that
 the package be installed in the same parent directory (e.g. /opt/nspr,
 /usr/local/nspr, etc). It will look in this parent for include/, lib/, etc.

 If --with-nss or --with-nspr are not passed configure will look for the
 mozilla-[nss|nspr]-devel packages and use the libraries with that if found.
 It is strongly recommended that the mozilla.org version be used instead.

 Build and install those packages somewhere then configure the module with
 something like:

 % ./configure --with-apxs[=/path/to/apxs/] --with-nspr=/path/to/nspr/ --with-nss=/path/to/nss/
 % gmake all install

 You only need to use =/path/to/apxs if apxs isn't in your path or if you
 want to install into a specific Apache installation.

 This will install a sample configuration file nss.conf. You'll need to do
 some hand-editing as well to tell Apache to read this file.

 To httpd.conf add (anywhere is fine):

 Include conf/nss.conf

 You'll need to change the default ports in nss.conf from 443 to
 something else if you aren't starting this as root.

CONFIGURING NSS

 You'll need to create an NSS database and get a server certificate installed.
 A script, gencerts, is included to help get things going with a self-signed
 certificate. This is a *BAD* idea and you shouldn't use this. It is for
 demonstration purposes only. As a matter of policy, users should not get
 used to accepting a SSL certifiate signed by an unknown or untrusted
 issuer.

 The result of the gencert script is an NSS database that contains a
 self-signed CA, a server certificate (nickname Server-Cert) and a
 client certificate (alpha). The client certificate is generated to make
 testing client authentication simpler.

 You can store the token passwords in a file so you aren't prompted during
 startup (so you can do unattended starts, for example). To do this, set
 the file that will store the token passwords in the NSSPassPhraseDialog 
 attribute in nss.conf ala:

 NSSPassPhraseDialog  file:/path/to/password.conf

 The format of the file for a non-hardware token is tokenname:password.
 A sample for the internal software token is like:

 internal:netscape

DOCUMENTATION

 See docs/mod_nss.html for additional information.
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.