[deployment-guide/comm-rel: 636/727] Updated the chapter introduction.

Tue Oct 19 13:19:07 UTC 2010

commit 55ff03efd5451df44ddead8d0aa3dbc8b6dfdaf4
Author: Jaromir Hradilek <jhradile at redhat.com>
Date:   Fri Sep 10 14:35:25 2010 +0200

    Updated the chapter introduction.
    
    I have also written the Enabling the mod_ssl Module section.

 en-US/The_Apache_HTTP_Server.xml |   61 +++++++++++--------------------------
 1 files changed, 18 insertions(+), 43 deletions(-)
---

diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 2ea8386..1670acd 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -2940,57 +2940,32 @@ ErrorDocument 404 /404-not_found.html</screen>
       To activate a newly created virtual host, the web server has to be restarted first. Refer to <xref linkend="s3-apache-running-restarting" /> for more information on how to restart the <systemitem class="service">httpd</systemitem> service. 
     </para>
   </section>
-  <section id="s1-httpd-secure-server">
-    <title>Apache HTTP Secure Server Configuration</title>
+  <section id="s1-apache-mod_ssl">
+    <title>Setting Up an SSL Server</title>
     <para>
-      This section provides basic information on the Apache HTTP Server with the <filename>mod_ssl</filename> security module enabled to use the OpenSSL library and toolkit. The combination of these three components are referred to in this section as the secure Web server or just as the secure server.
+      <firstterm>Secure Sockets Layer</firstterm> (<acronym>SSL</acronym>) is a cryptographic protocol that allows a server and a client to communicate securely. Along with its extended and improved version called <firstterm>Transport Layer Security</firstterm> (<acronym>TLS</acronym>), it ensures both privacy and data integrity. The Apache HTTP Server in combination with <systemitem class="resource">mod_ssl</systemitem>, a module that uses the OpenSSL toolkit to provide the <acronym>SSL</acronym>/<acronym>TLS</acronym> support, is commonly referred to as the <firstterm>SSL server</firstterm>.
     </para>
     <para>
-      The <filename>mod_ssl</filename> module is a security module for the Apache HTTP Server. The <filename>mod_ssl</filename> module uses the tools provided by the OpenSSL Project to add a very important feature to the Apache HTTP Server — the ability to encrypt communications. In contrast, regular HTTP communications between a browser and a Web server are sent in plain text, which could be intercepted and read by someone along the route between the browser and the server.
+      Unlike a regular HTTP connection that can be read and possibly modified by anybody who is able to intercept it, the use of <systemitem class="resource">mod_ssl</systemitem> prevents any inspection or modification of the transmitted content. This section provides basic information on how to enable this module in the Apache HTTP Server configuration, and guides you through the process of generating private keys and self-signed certificates.
     </para>
-    <para>
-      This section is not meant to be complete and exclusive documentation for any of these programs. When possible, this guide points to appropriate places where you can find more in-depth documentation on particular subjects.
-    </para>
-    <para>
-      This section shows you how to install these programs. You can also learn the steps necessary to generate a private key and a certificate request, how to generate your own self-signed certificate, and how to install a certificate to use with your secure server.
-    </para>
-    <para>
-      The <filename>mod_ssl</filename> configuration file is located at <filename>/etc/httpd/conf.d/ssl.conf</filename>. For this file to be loaded, and hence for <filename>mod_ssl</filename> to work, you must have the statement <computeroutput>Include conf.d/*.conf</computeroutput> in the <filename>/etc/httpd/conf/httpd.conf</filename> file. This statement is included by default in the default Apache HTTP Server configuration file.
-    </para>
-    <section id="s2-secureserver-optionalpackages">
-      <title>An Overview of Security-Related Packages</title>
+    <section id="s2-apache-mod_ssl-enabling">
+      <title>Enabling the <systemitem class="resource">mod_ssl</systemitem> Module</title>
       <para>
-        To enable the secure server, you must have the following packages installed at a minimum:
+        If you intend to set up an SSL server, make sure you have the <package>mod_ssl</package> (the <systemitem class="resource">mod_ssl</systemitem> module) and <package>openssl</package> (the OpenSSL toolkit) packages installed. To do so, type the following at a shell prompt:
       </para>
-      <variablelist>
-        <varlistentry>
-          <term><filename>httpd</filename></term>
-          <listitem>
-            <para>
-              The <filename>httpd</filename> package contains the <command>httpd</command> daemon and related utilities, configuration files, icons, Apache HTTP Server modules, man pages, and other files used by the Apache HTTP Server.
-            </para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><filename>mod_ssl</filename></term>
-          <listitem>
-            <para>
-              The <filename>mod_ssl</filename> package includes the <filename>mod_ssl</filename> module, which provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
-            </para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><filename>openssl</filename></term>
-          <listitem>
-            <para>
-              The <filename>openssl</filename> package contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL and TLS protocols, and also includes a general purpose cryptography library.
-            </para>
-          </listitem>
-        </varlistentry>
-      </variablelist>
+      <screen>~]# <command>yum install mod_ssl openssl</command></screen>
+      <para>
+        This will create the <systemitem class="resource">mod_ssl</systemitem> configuration file at <filename>/etc/httpd/conf.d/ssl.conf</filename>, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the <systemitem class="service">httpd</systemitem> service as described in <xref linkend="s3-apache-running-restarting" />.
+      </para>
+      <!-- TODO: Move the following paragraphs elsewhere.
       <para>
-        Additionally, other software packages provide certain security functionalities (but are not required by the secure server to function):
+        Additionally, you should also install the <package>crypto-utils</package> package that provides a set of utilities to generate and manage <acronym>SSL</acronym> certificates and private keys, including the <command>genkey</command> utility described below:
       </para>
+      <screen>~]# <command>yum install httpd mod_ssl openssl crypto-utils</command></screen>
+      <para>
+        For more information on how to install new packages in &MAJOROS;, refer to <xref linkend="sec-Installing" />.
+      </para>
+      -->
     </section>
     <section id="s2-secureserver-overview-certs">
       <title>An Overview of Certificates and Security</title>
