Manualshelf

User manual

ManualsBrandsApple ManualsSoftwareMac OS X Server Java Application Server Administration For Version 10.3 or Later
41424344454647484950
Table Of Contents
46 Chapter 5 Secure Sockets Layer (SSL)
4 If it doesn’t already exist on your server, create a directory at the location /etc/httpd/
ssl.key.
Make a copy of the key.pem file (created in step 2) and rename it server.key. Then copy
server.key to the ssl.key directory.
5 At the prompt, type the following command and press Return:
openssl req -new -key key.pem -out csr.pem
This generates a file named csr.pem in your home directory.
6 When prompted, enter the following information:
Country: The country in which your organization is located.
State: The full name of your state.
Locality: The city in which your organization is located.
Organizational name: The organization to which your domain name is registered.
Organizational unit: Usually something similar to a department name.
Common name of your web server: The DNS name, such as server.apple.com.
Email address: The email address to which you want the certificate sent.
The file csr.pem is generated from the information you provided.
7 At the prompt, type the following, then press Return:
cat csr.pem
The cat command lists the contents of the file you created in step 5 (csr.pem). You
should see the phrase “Begin Certificate Request” followed by a cryptic message. The
message ends with the phrase “End Certificate Request.” This is your certificate signing
request (CSR).
Obtaining a Website Certificate
You must purchase a certificate for each website from an issuing authority.
Keep these important points in mind when purchasing your certificate:
You must provide an InterNIC-registered domain name thats registered to your
organization.
If you are prompted to choose a software vendor, choose Apache Freeware with
SSLeay.
You have already generated a CSR, so when prompted, open your CSR file using a
text editor. Then copy and paste the contents of the CSR file into the appropriate text
field on the issuing authoritys website.
You can have an SSL certificate for each IP address on your server. Because
certificates are expensive and must be renewed each year, you may want to purchase
a certificate for one host name and use the URL with host name followed by domain
name to avoid having to purchase multiple certificates. For example, if your domain
name is mywidgets.com, you could purchase a certificate for the host name “buy
and your customers would connect to the URL https://buy.mywidgets.com.
LL2350.book Page 46 Friday, August 22, 2003 2:32 PM