ssl

Hello,

I'm putting together a healthcare demo using the Mercury 1.0 image. The client requires that HTTPS be part of the demo.

I've installed everything and have all up and running. When I try to access an https page, the request times out. I'm not an Apache2 expert, so I'm hoping someone can give me a tip on where I went wrong. The following is a debug listing of the Apache2 error log --

[Thu Mar 25 17:04:28 2010] [info] Loading certificate & private key of SSL-aware server

Google Maps API Premier customers can access Google Maps API HTTP services over a secure connection.

I plan to set up a new mapping site and I'm curious how far I need to go to secure it.

What I would like to do is plan for it in a manner to allow for future SSL compatibility without having to get into the overhead costs of Premier services for secure connections ... which I think means I need to stay away from those modules which play nice with mapping services which offer "free" only up to a certain level...

A zero-day flaw in the TLS and SSL protocols has been made public and man-in-the-middle attacks have been demonstrated. I caught wind of this off of ZDnet.

http://news.zdnet.co.uk/security/0,1000000189,39860592,00.htm

Thoughts?

After a good discussion with others, I cam up with a roadmap of the SSL support in Aegir which is of course up for discussion, but I think it's pretty neat and allows for targeting the problem one chunk at a time. All patches welcome from here on!

There has been some talks in the issue tracker recently about implementing SSL support in Aegir. It's an exciting feature I've been thinking about for a while, and I'm at the point of trying to figure out how it would actually be implemented. I wrote up a first spec draft of what it would look like and I would like to seek wider discussion on the subject. How do you think this should be handled? How does your provider deal with SSL right now? Any specific issues we need to think about?