From: Mike Rumph <mrumph@apache.org>
Date: Thu, 31 Aug 2017 18:32:04 +0000 (+0000)
Subject: Adding generated files for encrypt.xml
X-Git-Tag: 2.5.0-alpha~177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3067173c981e86452483f53c568a01fca4d527c;p=thirdparty%2Fapache%2Fhttpd.git

Adding generated files for encrypt.xml

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1806836 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/howto/encrypt.html b/docs/manual/howto/encrypt.html
new file mode 100644
index 00000000000..c88197df1d1
--- /dev/null
+++ b/docs/manual/howto/encrypt.html
@@ -0,0 +1,5 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: encrypt.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1
diff --git a/docs/manual/howto/encrypt.html.en b/docs/manual/howto/encrypt.html.en
new file mode 100644
index 00000000000..0a5c55c4e37
--- /dev/null
+++ b/docs/manual/howto/encrypt.html.en
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+<!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      -->
+<title>How to Encrypt Your Traffic - Apache HTTP Server Version 2.5</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.5</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">How-To / Tutorials</a></div><div id="page-content"><div id="preamble"><h1>How to Encrypt Your Traffic</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/howto/encrypt.html" title="English">&nbsp;en&nbsp;</a></p>
+</div>
+
+    <p>This is the how to guide for making your Apache httpd use encryption to transfer
+    data between you and your visitors. Instead of http: links, your site will use
+    https: ones and, if everything is setup correctly, people visiting your site will
+    have their privacy better protected.
+    </p>
+    <p>
+    This How-To is intended for people that are not really into SSL/TLS and ciphers
+    and all this crypto techno-babble (We are joking, it's a serious field with
+    serious experts and real problems to solve - but it sounds like techno-babble to
+    anyone not intimate with it). People who have heard that their http: server is
+    not really secure enough nowadays. That spies and bad guys are listening. That even
+    legitimate corporations are inserting data into their web pages and selling 
+    profiles of visitors.
+    </p>
+    <p>
+    This guide wants to help you migrate your httpd server from serving insecure http: links
+    to encrypted https: ones, without you becoming a SSL expert first. You might get
+    fascinated by all this crypto things and study it more and become a real expert. But
+    you also might not, run a reasonably secure web server nevertheless and do other
+    things good for mankind with your time.
+    </p>
+    <p>
+    You will get a rough idea what roles these mysterious things called "certificate" and 
+    "private key" play and how they are used to let your visitors be sure they are talking
+    to your server. You will <em>not</em> be told <em>how</em> this works, just how it
+    is used: it's basically about passports.
+    </p>
+  </div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#protocol">A short Introduction Certificates, e.g. Internet Passports</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#buycert">Buy a Certificate</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#freecert">Get a Free Certificate</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="../ssl/ssl_howto.html">SSL How-To</a></li><li><a href="../mod/mod_ssl.html">mod_ssl</a></li><li><a href="../mod/mod_md.html">mod_md</a></li><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protocol" id="protocol">A short Introduction Certificates, e.g. Internet Passports</a></h2>
+    
+    <p>
+    The TLS protocol (formerly known as SSL) is a way a client and a server 
+    can talk to each other without anyone else listening, or better understanding
+    a thing. It is what your browser uses when you open a https: link. 
+    </p>
+    <p>
+    In addition to having a private conversation with a server, your browser also needs
+    to know that it really talks to the server - and not someone else acting like it. That,
+    next to the encryption, is the other part of the TLS protocol.
+    </p>
+    <p>
+    In order to do that, your server does not only need the software for TLS, e.g. the
+    <a href="../mod/mod_http2.html">mod_ssl</a> module, but some sort of identity proof
+    on the Internet. This is commonly referred to as a <em>certificate</em>. Basically, everyone
+    has the same mod_ssl and can encrypt, but only your have <em>your</em> certificate
+    and with that, you are you.
+    </p>
+    <p>
+    A certificate is the digital equivalent of a passport. It contains two things: a stamp
+    of approval from the people issuing the passport and a reference to your digital
+    fingerprints, e.g. what is called a <em>private key</em> in encryption terms.
+    </p>
+    <p>
+    When you configure your Apache httpd for https: links, you need to give it the certificate and
+    the private key. If you never give the key to anyone else, only you will be able to prove
+    to visitors that the certificate belongs to you. That way, a browser talking to your
+    server a second time will be sure that it is indeed the very same server it talked
+    to before.
+    </p>
+    <p>
+    But how does it know that it is the real server, the first time it starts talking to
+    someone? Here, the digital rubber stamping comes into play. The rubber stamp is done
+    by someone else, using her own private key. That person has also a certificate, e.g.
+    her own passport. The browser can make sure that this passport is based on the same
+    key that was used to rubber stamp your server passport. Now, instead of making sure
+    that your passport is correct, it must make sure that the passport of the person that 
+    says <em>your</em> passport is correct, is correct. 
+    </p>
+    <p>
+    And that passport is also rubber stamped digitally, by someone else with a key and a 
+    certificate. So the browser only needs to make sure that <em>that</em> one is correct
+    that says it is correct to trust the one that says your server is correct. This trusting
+    game can go to a few or many levels (usually less than 5).
+    </p>
+    <p>
+    In the end, the browser will encounter a passport that is stamped by its own key. It's
+    a Gloria Gaynor certificate that says "I am what I am!". The browser then either trust
+    this Gloria or not. If not, your server is also not trusted. Otherwise, it is. Simple. 
+    </p>
+    <p>
+    The trust check for the Gloria Gaynors of the Internet is easy: your browser (or your
+    operating system) comes with list of Gloria passports to trust, pre-installed. If it 
+    sees a Gloria certificate, it is either in this list or not to be trusted.
+    </p>
+    <p>
+    This whole thing works as long as everyone keeps his private keys to himself. Anyone copying
+    such a key can impersonate the key owner. And if the owner can rubber stamp passports, the
+    impersonator can also do that. And all the passports stamped by an impersonator, 
+    all those certificates will look 100% valid, indistinguishable from the "real" ones.
+    </p>
+    <p>
+    So, this trust model works, but it has its limits. That is why browser makers are so keen
+    on having the correct Gloria Gaynor lists and threaten to expel anyone from it that
+    is careless with her keys.
+    </p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="buycert" id="buycert">Buy a Certificate</a></h2>
+    
+    <p>
+    Well, you can buy one. There are a lot of companies selling Internet Passports as a service. In
+    <a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">this list 
+    from Mozilla</a> you find all companies that the Firefox browser trusts. Pick one, visit their
+    website and they will tell you what it costs. And how you need to prove that you are who
+    you claim to be so they can rubber stamp your passport with confidence. 
+    </p>
+    <p>
+    They all have their own methods, also depending on what kind of passport you apply for, and
+    it's probably some sort of click web interface in a browser. They may send you an email that
+    you need to answer or do something else. In the end, they will show you how to generate
+    your own, unique private key and issue you a stamped passport matching it.
+    </p>
+    <p>
+    You then place the key in one file, the certificate in another. Put these on your server, make
+    sure that only a trusted user can read the key file and add it to your httpd configuration. 
+    This is extensively covered in the <a href="../ssl/ssl_howto.html">SSL How-To</a>.
+    </p>
+    <p>
+    </p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="freecert" id="freecert">Get a Free Certificate</a></h2>
+    
+    <p>
+    There are also companies that offer certificates for web servers free of charge. The pioneer
+    in this is <a href="https://letsencrypt.org">Let's Encrypt</a> which is a service of the
+    <a href="">Internet Security Research Group (ISRG)</a>, a not-for-profit organization to 
+    "reduce financial, technological, and education barriers to secure communication over the 
+    Internet."
+    </p>
+    <p>
+    They not offer free certificates, they also developed a interface that can be used by
+    your Apache httpd to get one. This is where <a href="../mod/mod_md.html">mod_md</a>
+    comes in.
+    </p>
+    <p>
+    (zoom out the camera on how to configure mod_md and virtual host...)
+    </p>
+  </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/howto/encrypt.html" title="English">&nbsp;en&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/trunk/howto/encrypt.html';
+(function(w, d) {
+    if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+        d.write('<div id="comments_thread"><\/div>');
+        var s = d.createElement('script');
+        s.type = 'text/javascript';
+        s.async = true;
+        s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+        (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+    }
+    else {
+        d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+    }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+    prettyPrint();
+}
+//--><!]]></script>
+</body></html>
\ No newline at end of file
diff --git a/docs/manual/howto/encrypt.xml.meta b/docs/manual/howto/encrypt.xml.meta
new file mode 100644
index 00000000000..764799a41f1
--- /dev/null
+++ b/docs/manual/howto/encrypt.xml.meta
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- GENERATED FROM XML: DO NOT EDIT -->
+
+<metafile reference="encrypt.xml">
+  <basename>encrypt</basename>
+  <path>/howto/</path>
+  <relpath>..</relpath>
+
+  <variants>
+    <variant>en</variant>
+  </variants>
+</metafile>