System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to build a secure web server

 
SOLVED
Go to solution
shankar!
Frequent Advisor

How to build a secure web server

Hi All,

We're planning to build a secure apache web server. We have gone to apache.org and downloaded latest source software (httpd-2.2.11.tar.gz). Now what else should be needed in order to make a secure server (https). This is just for a development work and users inside intranet will use it for a specific purpose.

Can someone please suggest how to do this?

Thanks
8 REPLIES
shankar!
Frequent Advisor

Re: How to build a secure web server

Our OS is, RHEL 4 ES UP 2

Thanks
shankar
Michal Kapalka (mikap)
Honored Contributor
shankar!
Frequent Advisor

Re: How to build a secure web server

Those links from "security focus" helped me a lot..

Now when I try to access the web server, I get a message like
Authenticated by CN and test only certificate. Is this because i don't have a valid SSL certificate?

Thanks
Michal Kapalka (mikap)
Honored Contributor

Re: How to build a secure web server

hi,

it could be, but if you are make a self signed certificate it could be working.

http://www.tc.umn.edu/~brams006/selfsign.html

http://www.akadia.com/services/ssh_test_certificate.html

mikap
Jared Middleton
Frequent Advisor

Re: How to build a secure web server

> RHEL 4 ES UP 2

If you're interested in security, you might want to have a procedure in place to keep the system more up-to-date. RHEL 4 Update 2 is at least a couple years old. It's now at Update 8...

# cat /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant Update 8)
dirk dierickx
Honored Contributor

Re: How to build a secure web server

also keep in mind that you are only securing the http server, this means nothing as you say it will be used for development.

this is where it all could go horribly wrong, it's easy to get a bug, coding error or even sloppy code on your secure web browser and then it's game over.

there are a lot of books on this topic and even some tools that can help test web based app security testing. might want to check some of those out as well.
shankar!
Frequent Advisor

Re: How to build a secure web server

Thank you all.
shankar!
Frequent Advisor

Re: How to build a secure web server

thanks