Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

151

152

153

154

155

156

157

158

159

160

Chapter 9

HP WebWise MPE/iX Secure Web Server

Server Keys and Certificates

155

Your signed certificate will arrive in raw PEM format, which looks like this:

-----BEGIN CERTIFICATE-----

MIICsTCCAhoCAQEwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMREwDwYD

VQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkgQ29t

cGFueTEWMBQGA1UECxMNTXkgQ29tcGFueSBDQTEeMBwGA1UEAxMVQ2VydGlmaWNh

dGUgQXV0aG9yaXR5MR8wHQYJKoZIhvcNAQkBFhBjYUBteWNvbXBhbnkuY29tMB4X

DTAwMDQxMzE4MzY0MVoXDTAxMDQxMzE4MzY0MVowgaAxCzAJBgNVBAYTAlVTMREw

DwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkg

Q29tcGFueTEPMA0GA1UECxMGTXkgT3JnMRowGAYDVQQDExF3d3cubXljb21wYW55

LmNvbTEqMCgGCSqGSIb3DQEJARYbd2VibWFzdGVyQHd3dy5teWNvbXBhbnkuY29t

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS1iRItFKSDzOhDShFeoiWkfnc

0yPGp7rkk17T05y6GCfsJdtbH/Umn2uM/tSNOiguAPBYce8prLYjNqyXY4QBCzWQ

NGv/NbGDCoGhElrVzwBEYnBy+TyPMF/dYdH+1oOaaTZ0ZE0WP0l6CimzzXjvwCup

OpcQ82zfh2HTRpPYawIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABlROc1/xpG+FlPd

lekq+E1oc42sOMiLaWe6orfffh74DbuTgxvTWTK8Wo31W8Reqj7jqOAeGvF46mWH

Vq1mFM/Jh9oMQYb2IAjbuA1/7kefkMHdgf6NMC3L0cbCKs6bF7nDJGjWYb9sXcTM

shYJMLBXyKW+cmrvJIqoMnq8DZUv

-----END CERTIFICATE-----

Save this data as /APACHE/PUB/conf/ssl.crt/server.crt and then proceed to the “Installing Your

Certificate” section. You can display the details of your new server certificate by doing:

$ openssl x509 -noout -text -in /APACHE/PUB/conf/ssl.crt/server.crt

...Or Sign Your CSR With Your Own CA

First, create a private key and certificate for your CA. The CA requires a unique Distinguished Name

different from the server certificate(s) you will be signing. One way to do this is to use a unique

Organizational Unit Name when you create the CA certificate. For example, if your organization is XYZ

Corporation, you might want to make the Organizational Unit Name be XYZ Corporation Certificate

Authority.

1. $ cd ../ssl.key

2. $ openssl genrsa -des3 -out ca.key 1024

1128 semi-random bytes loaded

Generating RSA private key, 1024 bit long modulus

.......................................+++++

....................................................+++++

e is 65537 (0x10001)

Enter PEM pass phrase:********

Verifying password - Enter PEM pass phrase:********

3. $ openssl rsa -noout -text -in ca.key (displays the details of your newly created CA key; output

omitted)

4. $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Using configuration from /APACHE/A0300/ssl/openssl.cnf

Enter PEM pass phrase:********

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ’.’, the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:My State

Locality Name (eg, city) []:My City

Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company