Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

151

152

153

154

155

156

157

158

159

160

Chapter 9

HP WebWise MPE/iX Secure Web Server

Server Keys and Certificates

157

emailAddress :IA5STRING:’webmaster@www.mycompany.com’

Certificate is to be certified until Apr 13 18:36:41 2001 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

CA verifying: ../ssl.csr/server.crt <- CA cert

../ssl.csr/server.crt: OK

2. $ rm -fR ca.db.*

3. $ cd ..

4. $ mv ssl.csr/server.crt ssl.crt/server.crt

5. $ openssl x509 -noout -text -in ssl.crt/server.crt (displays the details of your newly created

self-signed server certificate)

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 1 (0x1)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=My State, L=My City, O=My Company, OU=My Company CA, CN=Certificate

Authority/Email=ca@mycompany.com

Validity

Not Before: Apr 13 18:36:41 2000 GMT

Not After : Apr 13 18:36:41 2001 GMT

Subject: C=US, ST=My State, L=My City, O=My Company, OU=My Org,

CN=www.mycompany.com/Email=webmaster@www.mycompany.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit):

00:d2:d6:24:48:b4:52:92:0f:33:a1:0d:28:45:7a:

88:96:91:f9:dc:d3:23:c6:a7:ba:e4:93:5e:d3:d3:

9c:ba:18:27:ec:25:db:5b:1f:f5:26:9f:6b:8c:fe:

d4:8d:3a:28:2e:00:f0:58:71:ef:29:ac:b6:23:36:

ac:97:63:84:01:0b:35:90:34:6b:ff:35:b1:83:0a:

81:a1:12:5a:d5:cf:00:44:62:70:72:f9:3c:8f:30:

5f:dd:61:d1:fe:d6:83:9a:69:36:74:64:4d:16:3f:

49:7a:0a:29:b3:cd:78:ef:c0:2b:a9:3a:97:10:f3:

6c:df:87:61:d3:46:93:d8:6b

Exponent: 65537 (0x10001)

Signature Algorithm: md5WithRSAEncryption

19:51:39:cd:7f:c6:91:be:16:53:dd:95:e9:2a:f8:4d:68:73:

8d:ac:38:c8:8b:69:67:ba:a2:b7:df:7e:1e:f8:0d:bb:93:83:

1b:d3:59:32:bc:5a:8d:f5:5b:c4:5e:aa:3e:e3:a8:e0:1e:1a:

f1:78:ea:65:87:56:ad:66:14:cf:c9:87:da:0c:41:86:f6:20:

08:db:b8:0d:7f:ee:47:9f:90:c1:dd:81:fe:8d:30:2d:cb:d1:

c6:c2:2a:ce:9b:17:b9:c3:24:68:d6:61:bf:6c:5d:c4:cc:b2:

16:09:30:b0:57:c8:a5:be:72:6a:ef:24:8a:a8:32:7a:bc:0d:

95:2f

6. $ mv ssl.key/ca.crt ssl.crt/ca.crt

Installing Your Certificate

Certificates (and keys) are sensitive information and must be protected from unauthorized usage:

1. $ cd /APACHE/PUB/conf/ssl.crt

2. $ make (to rebuild the certificate hash symbolic links)

ca-bundle.crt ... Skipped

ca.crt ... dc91dd8e.0

server.crt ... 2f66b362.0

snakeoil-ca-dsa.crt ... 0cf14d7d.0