Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
31323334353637383940
11. Click the back arrow on the top right, and repeat from step 4 for any other
subnets.
12. Click Save.
4.4 Enabling the Secure Sockets Layer
The Secure Sockets Layer (SSL) is a protocol that allows encrypted network
communications, providing protection to data such as e-mail and web transactions.
Mac OS X includes SSL support and using SSL is recommended whenever possible.
The SSL implementation shipped with Mac OS X is an open-source project called
OpenSSL (http://www.openssl.org).
SSL uses public key cryptography to authenticate and encrypt. Public key
cryptography involves two keys, one called the public key and the other called the
private key. These keys are mathematically linked such that data encrypted with one
key can only be decrypted by the other, and vice versa. If a user named Bob publicly
distributed his public key, then user Alice could use it to encrypt a message and send
it to him. Only Bob will be able to decrypt and read the message, because only he has
his private key.
The security of SSL is dependent on SSL certificates, which are files that contain
information about a machine and its public key, along with a signature of those
items.
In this scenario, Alice still has to verify that the key she has that is supposedly from
Bob is really from him. Suppose a malicious user posing as Bob sent Alice his own
public key. The malicious user would then be able to decrypt Alice's message, which
may have been intended for Bob only.
In order to verify that it's really Bob who is sending Alice his public key, a trusted
third party can verify the authenticity of Bob's public key. In SSL parlance, this
trusted third party is known as a Certificate Authority (CA). The CA signs Bob’s
public key with its private key, creating a certificate. Now, anyone can verify the
certificate's authenticity using the CA's public key.
This presents something of a chicken-and-egg problem, since a malicious user could
also pose as a CA. However, client software includes public keys from well-known
CA's, so no network communication with a CA is necessary to verify that the
signature inside a server’s SSL certificate is authentic.
4.4.1 Obtaining SSL Certificates
If your server must communicate using SSL with external machines out of your
control, purchasing SSL certificates from a well-known CA is recommended. The
33
UNCLASSIFIED