Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

151

152

153

154

155

156

157

158

159

160

Chapter 9

HP WebWise MPE/iX Secure Web Server

Server Keys and Certificates

153

ed:e2:64:ee:e7:75:99:6e:c3:25:69:36:d5:14:3a:

e1:20:60:04:a0:44:c0:8e:55:cd:bf:8a:18:97:aa:

f7:f9:43:81:db:16:ea:c9:e2:1e:68:a9:f2:56:63:

2e:8f:56:60

4. $ chmod 400 server.key

Create Your Certificate Signing Request (CSR)

Next you need to use your private server key to create a CSR which identifies your company and your web

server. This is the same identity that will be presented to your web browser users, so choose carefully.

When openssl prompts you to enter a value for “Common Name (e.g., YOUR name)”, you need to enter the

fully qualified domain name (FQDN) of your web server. For example, if you want people to access your web

server via a URL prefix of https://www.yourcompanyhere.com, you would enter

www.yourcompanyhere.com in response to this prompt. When openssl prompts you for the 'extra' attributes

to be sent with your certificate request, leave them blank.

To create your CSR:

$ cd ../ssl.csr

2. $ openssl req -new -key ../ssl.key/server.key -out server.csr

Using configuration from /APACHE/A0300/openssl.cnf

Enter PEM pass phrase:********

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ’.’, the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:My State

Locality Name (eg, city) []:My City

Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company

Organizational Unit Name (eg, section) []:My Org

Common Name (eg, YOUR name) []:www.mycompany.com

Email Address []:webmaster@www.mycompany.com

Please enter the following ’extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

3. $ openssl req -noout -text -in server.csr (displays the details of your newly created server CSR)

Using configuration from /APACHE/A0300/openssl.cnf

Certificate Request:

Data:

Version: 0 (0x0)

Subject: C=US, ST=My State, L=My City, O=My Company, OU=My Org,

CN=www.mycompany.com/Email=webmaster@www.mycompany.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit):

00:d2:d6:24:48:b4:52:92:0f:33:a1:0d:28:45:7a:

88:96:91:f9:dc:d3:23:c6:a7:ba:e4:93:5e:d3:d3:

9c:ba:18:27:ec:25:db:5b:1f:f5:26:9f:6b:8c:fe:

d4:8d:3a:28:2e:00:f0:58:71:ef:29:ac:b6:23:36:

ac:97:63:84:01:0b:35:90:34:6b:ff:35:b1:83:0a:

81:a1:12:5a:d5:cf:00:44:62:70:72:f9:3c:8f:30:

5f:dd:61:d1:fe:d6:83:9a:69:36:74:64:4d:16:3f: