User manual

Table Of Contents

5 Secure Sockets Layer (SSL)

Use Secure Sockets Layer to provide secure transactions

and encrypted communication to users of the websites

on your server.

If you want to provide secure transactions on your server, such as allowing users to

purchase items from a website, you should set up Secure Sockets Layer (SSL)

protection. SSL lets you send encrypted, authenticated information across the Internet.

If you want to allow credit card transactions through a website, for example, you can

protect the information that’s passed to and from that site.

Setting Up SSL

When you generate a certificate signing request (CSR), the certificate authority sends

you a certificate that you install on your server. They may also send you a CA certificate

(ca.crt). Installing this file is optional. Normally, CA certificates reside in client

applications such as Internet Explorer and allow those applications to verify that the

server certificate originated from the right authority. However, CA certificates expire or

evolve, so some client applications may not be up to date.

Generating a Certificate Signing Request (CSR) for Your Server

The CSR is a file that provides information needed to set up your server certificate.

To generate a CSR for your server:

1 Log in to your server using the root password and open the Terminal application.

2 At the prompt, type these commands and press Return at the end of each one:

dd if=/dev/randon of=rand.dat bs=1m count=1

openssl genrsa -rand rand.dat -des 1024 > key.pem

3 At the next prompt, type a passphrase, then press Return.

The passphrase you create unlocks the server’s certificate key. You will use this

passphrase when you enable SSL on your web server.

LL2350.book Page 45 Friday, August 22, 2003 2:32 PM