SSL Choices

for Unix servers

There are many nuances to the definitions of open source, public domain, and free software. For the purposes of this presentation, it will mean "you can legally download and use this software without paying anybody any money."

The open source solution presented here involves combining Apache + mod_ssl + OpenSSL software. (An alternate open source solution is Apache-SSL.)

Why doesn't Apache come with SSL built in? The answer involves encryption patents, import/export restrictions, and the geographic location of Apache development servers. Apache Week provides a concise explanation.

Why two modules? OpenSSL is a combination SSL/TLS toolkit and general purpose cryptography library. (It can also be used to help apply the SSL protocol to other application layer services besides HTTP.) With the help of OpenSSL, mod_ssl provides strong cryptography for the Apache HTTP server using the SSL protocol.

1. Commercial SSL solutions based on the Apache web server utilize the same open-source software packages (mod_ssl and OpenSSL) that you call install yourself by following the directions in the tutorial.
   
   
2. Prices as of March 1, 2001. Prices may include a server certificate (e.g. Stronghold comes with a certificate from Equifax Secure).
   
   
3. Covalent SSL was previously marketed under the name Raven. My attempt to download and install an evaluation copy of Raven was not successful. An email to Covalent support was never answered.
   
   
4. The iPlanet Web Server Enterprise Edition is the current incarnation of Netscape Enterprise Server. Evaluation copies of the iPlanet Web Server and Certificate Management System are included in the Solaris 8 media kit.
   
   
5. I have successfully downloaded and installed an evaluation copy of the Stronghold 3.0 server. Installation was pretty straightforward.