Specifications

Enabling Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) provides security for a site and its users by authenticating
the server, encrypting information, and maintaining message integrity.
SSL is a per-site setting that lets you send encrypted, authenticated information across
the Internet. For example, to permit credit card transactions through a website, you
can protect the information that’s passed to and from that site.
The SSL layer is below application protocols (for example, HTTP) and above TCP/IP.
This means that when SSL is operating on the server and on the client computer, all
information is encrypted before being sent.
The Apache web server in Mac OS X Server uses a public key-private key combination
to protect information. A browser encrypts information using a public key provided by
the server. Only the server has a private key that can decrypt that information.
The web server supports SSLv2, SSLv3, and TLSv1. More information about these
protocol versions is available at www.modssl.org.
When SSL is implemented on a server, a browser connects to it using the https prex
in the URL, rather than http. The “s indicates that the server is secure.
When a browser initiates a connection to an SSL-protected server, it connects to
a specic port (443) and sends a message that describes the encryption ciphers it
recognizes. The server responds with its strongest cipher, and the browser and server
then continue exchanging messages until the server determines the strongest cipher
that it and the browser can recognize.
The server then sends its certicate (an ISO X.509 certicate) to the browser. This
certicate identies the server and uses it to create an encryption key for the browser
to use. At this point a secure connection has been established and the browser and
server can exchange encrypted information.
If you are using virtual hosting, you can not use SSL, because SSL is implemented using
the port 443 and the IP address of the web server. Also, your web server must have a
static IP address to use SSL.
Before you can enable SSL protection for a website, you must obtain the proper
certicates. For detailed information about certicates and their management, see
Advanced Server Administration.
To set up SSL for a website:
1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Web.
42 Chapter 3 Creating and Managing Websites