Scribd
Upload
11 views3 pages

Apache Implementation Overview

The document provides an overview of SSL implementation in three web servers: Apache, Nginx, and LiteSpeed. It details the necessary configurations and modules required for each server to enable SSL, including the use of mod_ssl for Apache, specific directives for Nginx, and a user-friendly interface for LiteSpeed. Additionally, it highlights the importance of SSL certificates, key management, and performance optimization techniques across these platforms.

Uploaded by

maxa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views3 pages

Apache Implementation Overview

The document provides an overview of SSL implementation in three web servers: Apache, Nginx, and LiteSpeed. It details the necessary configurations and modules required for each server to enable SSL, including the use of mod_ssl for Apache, specific directives for Nginx, and a user-friendly interface for LiteSpeed. Additionally, it highlights the importance of SSL certificates, key management, and performance optimization techniques across these platforms.

Uploaded by

maxa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Apache Implementation Overview

SSL in Apache uses the interface module, mod_ssl, to allow for the implementation of the SSL
cryptographic protocol. In order to use mod_ssl, Apache must be established with the OpenSSL
library. By default, Apache’s SSL support is disabled, and it needs to be activated during the
compilation installation process. To establish secure connections, users must install the Apache
web server with the mod_ssl module and compile it against the OpenSSL library.

To use SSL in Apache, a series of configurations must be set. First, the support must be enabled.
After that, at least one virtual host for port 443 must be defined. Then, an SSL certificate file
and key file must be copied. HTTPS is the secure form of HTTP that uses the SSL cryptographic
protocol. It works at port 443. However, because the SSL port numbers are shown as service
names that are more meaningful to humans, HTTPS uses service names explicitly. In the
Apache server, the configuration symbols * and _file will be concatenated. When an SSL-
enabled virtual host is requested, the Apache web server will access the default SSL config file.
By default, this will be the SSL configuration file. SSL is configured by the mod_ssl module
and its settings are fine-tuned. Parameters of the SSL module are set using different directives.
There are two types of directives: one-shot directive and SSL toolkit directive. The
configuration option is placed in the global section of the [Link] file.

Nginx SSL Implementation Overview


SSL support can be enabled in Nginx by adding the directives ssl on, ssl_certificate key
statements and providing certificate and private key file paths. At a very high level, Nginx’s
SSL analysis, its overall execution, and the options they deliver can be broken down as follows.
In order to tell Nginx what certificate file to use, the SSL certificate file path should be set using
the ssl_certificate directive. Typically, the ssl_certificate_key directive, also SSL-specific, is
specified to tell Nginx which private key is associated with the previously mentioned SSL
certificate. Because of this, when enabling SSL support, Nginx also leverages the base Apache
directive for ssl_protocol to dictate the SSL version number and state the local secure
preference, which can then be set as ssl_protocol TLSv1 to enforce the use of the newer
Transport Layer Security version 1 protocol, instead of SSL version 1 shown here. Likewise,
Nginx also enables SSL’s optimization for the local system using the ssl_ciphers directive,
which can be set to ssl_ciphers high:3DES:!MD5. By intentionally moving the 3DES suite to
be the most preferred first algorithm, the Nginx user can be sure that this support will be
negotiated. Optimally, perhaps one of the greatest advantages of the Nginx system is that it
excludes the use of SSLv2 by default, which is achieved through setting the ssl_protocols
directive to only the secure SSLv3 and TLSv1 exclusively, e.g., ssl_protocols TLSv1. SSL
caching, when properly utilized, proves to serve the same purpose as a web proxy cache;
increasing the original data fetching process’s efficiency. Nowadays, web administrators
leverage SSL session resumption on the internet for one overall common goal: to improve
performance. The suggestion that an unjustly high level of SSL encryption is to blame as the
root cause of slow modern-day SSL connections is entirely incorrect. When an SSL connection
is properly set up without encryption, further encrypted client-to-server as well as server-to-
client communication can be negotiated instantly. However, establishing SSL connections still
obviously requires some processing between the server and the client. The main portion of this
processing occurs during the server-side of the SHA-1 handshake, primarily starting from the
moment when the server presents its initially generated SSL certificate and a common
symmetric key is temporarily generated and secured thereafter. Even in a modern SHA-256
virtual hosting environment, all that remains during the server-side SSL handshake is
quadruple-blowfish encrypted data bundles to produce and pass around. With the rationale and
potential reasoning of the Apache dispositions in mind, let us take a more detailed look at what
the proper implementation mechanisms and optimization settings of the SSL module in a more
optimally configured web SSL server, in this specific instance: Nginx. Making such an
examination will serve as a good teaching tool to web administrators and assist in understanding
the necessary techniques that should be utilized to optimize the performance of web servers
through proper HTTPS and SSL configuration for one that utilizes Nginx. It also should show
that indeed it is possible to incrementally optimize a web SSL server in a simple and efficient
enough manner so that the dispositions seen with Apache configuration can be reversed in SSL.

LiteSpeed . SSL Implementation Overview


Setting up SSL with LiteSpeed Web Server is a very dynamic process with an SSL WebAdmin
Console featuring a user-friendly interface that facilitates the task of configuring SSL vhosts.
In this subsection, we elaborate on how to configure SSL certificates in LiteSpeed using the
SSH Terminal feature. Nevertheless, LiteSpeed Web Server also supports a highly intuitive and
efficient SSL extension for WHM/cPanel with knowledge required to use only the built-in
features of the two SSL management engines. To avoid PHP blocking processes, the installation
of both SSL extension programs is usually performed through the command line.

5.1.1. Obtain and Install the SSL Certificate To configure the SSL certificates in LiteSpeed, the
first thing that users should have is a trusted SSL certificate. Some providers offer shared SSL
certificates that are not trusted by various web applications. An SSL certificate package consists
of trusted certificates along with the private key. The LiteSpeed platform also allows users to
obtain a certificate signing request file to replace an expired SSL certificate or add a new
subdomain on the user’s domain. The CSR combined with an existing private key can also be
used to obtain an SSL certificate. Optionally, users can mount a given SSL package manually
from the LSWS SSL configuration file in the WebAdmin Console. Most of these steps to be
performed are handled by the given platform with user permission. Additionally, to the SSL
installation and renewal, the platform also manages private keys and provides a brand-new
private key configuration setting to enhance performance and security. uses symlinks to map
domain DocumentRoot directories to the private key storage directory.

LiteSpeed has a unique cache engine feature that is different from and. Due to these differences,
introduce host-level key details to the configuration file. LiteSpeed, however, handles SSL key
details on instance creation with virtual hosts. Also, and LiteSpeed can utilize SSL caching
engines. The use of SSL session ID caches, which has proliferated in the last several years,
strengthens the purpose of a unique external SSL process thread preceding the HTTP secure
connection. A cached data file on a disk or in RAM, controlled by the KeepAliveTimeout
setting, maintains the SSL connection. Meanwhile, the non-blocking SSL cache disk
microseconds its lifetime. In the worst-case situation, the expired SSL connection is
compounded by a non-writable disk cache condition, affecting the performance of the live
server. Modern LiteSpeed and native only employ the SSLInMemoryCache directive.
LiteSpeed admin cannot touch or monitor the memory cache. The real factors that need
contemplation these days would be the settings.

You might also like