PUBLIC MARKS from falko with tags ssl & linux

This guide is Debian specific but could be ported to other distributions since the concept is the same. In order to use TLS Extensions we have to patch and recompile Apache2 and recompile OpenSSL with the enable-tlsext directive. Since TLS extensions are relatively new, some Internet browsers will not work so the Apache2 server will deliver just the default site as http 1.0 does on an http 1.1 server.

This tutorial shows how to set up a Gentoo 2007.0 based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the x86 version of Gentoo 2007.0, but should apply to other architectures with very little modification.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it is protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

This article will guide you through the entire process of setting up a secure website using SSL and digital certificates. This guide assumes that you already have a fully functional (and configured) server running Apache, BIND, and OpenSSL. Just as a side note, this guide was written based on a Fedora Core 6 distribution, but should be the same for most other distros out there.

This guide documents how to configure a WebDAV resource using SSL and two-factor authentication and how to access that resource from Windows, Linux and Mac.