Forum OpenACS Q&A: How to add SSL support into the AOLserver configuration

Hi! I am new to OpenACS and AOLserver (and the whole Linux thing) but
I installed OpenACS 3.2.5 successfully on RedHat 7.1 using Jonathan
Marsdens RPMs.
Now I am trying to add SSL support into my AOLserver configuration
but got lost a bit. Can somebody give me a step by step instruction
how to do it? Thanks a lot!

You hare three main options to provide SSL functionality with AOLserver: A.) (40-bit, export-grade SSLv2) module, B.) (128-bit "U.S. domestic" grade SSLv2) module, and C.) (128-bit SSLv2/SSLv3/TLSv1) module. The first two are included in the AOLserver source code but require the hideously expensive RSA BSAFE Crypto-C libraries. The latter (nsopenssl) is open source freeware that uses the open source OpenSSL toolkit.

If you opt to use nsopenssl, you should download the source code from Scott Goodwin's web site and read his notes on installation and configuration. I've successfully compiled both nsopenssl 1.1c and nsopenssl 2.0 (you don't need both). Note that you will need AOLserver source code.

You can find instructions on creating a self-signed certificate in Pascal Scheffer's nsopenssl HOWTO.

Thanks for your answer.
"Note that you will need AOLserver source code."
I guess it's my problem that I don't have source code since I installed using the RPMs.
Well, it's not really a "problem" per se.

The RPMs were created to fill the demand for the "Click the Continue button to continue" crowd who wanted a simple, shrink-wrapped installation of OpenACS. This is great that the OpenACS developers have acknowledged the importance of making the product more accessible to newcomers, but when you roll up your sleeves to get to real work, compiling and installing OpenACS ends up being the really trivial part. The RPM-based install is a gentle way for non-Linux and/or non-web/db folks to dive into the system. It doesn't excuse you from eventually learning about all of this stuff.

Expanding on the OpenACS's core services by customizing the toolkit is what this whole web/db thing is about. You *will* need to learn how to script Tcl, write decent SQL queries, etc., etc. in addition to tuning your Linux kernel, the database, choosing appropriate support services (e.g., replacing sendmail with qmail), etc. etc.

In any case, the AOLserver source code tarball is about 3.6MB, downloadable even on a pokey modem connection (I should know since I'm on one). I have a habit of compiling my security and web software from scratch. RPMs are very convenient for end-users, but don't provide all of the options that compiling from the source offers.
You're going to have to learn how to do this eventually, and learning how to compile and install AOLserver is a pretty gentle introduction to this new realm for you.

Actually I knew that at some stage I would just have to dig my teeth in... Shouldn't be such a big problem. But since I am a bit lazy I have first been looking for an easy way. Thanks for answering my question!