Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

131

132

133

134

135

136

137

138

139

140

Chapter 14. Apache Secure Server Conﬁguration 139

and protocols (such as POP, IMAP and LDAP) without requiring any changes to the

daemon’s code.

Table 14-1 displays the location of the secure server packages and additional security-related

packages within the package groups provided by Red Hat Linux. This table also tells you

whether each package is optional or not for the installation of a secure Web server.

Table 14-1. Security Packages

Package Name Located in Group Optional?

apache System Environment/Daemons no

mod_ssl System Environment/Daemons no

openssl System Environment/Libraries no

mm System Environment/Libraries no

apache-devel Development/Libraries yes

apache-manual Documentation yes

openssh Applications/Internet yes

openssh-askpass Applications/Internet yes

openssh-askpass-gnome Applications/Internet yes

openssh-clients Applications/Internet yes

openssh-server System Environment/Daemons yes

openssl-devel Development/Libraries yes

stunnel Applications/Internet yes

14.3. An Overview of Certiﬁcates and Security

Your secure Web server provides security using a combination of the Secure Sockets Layer

(SSL) protocol and (in most cases) a digital certiﬁcate from a Certiﬁcate Authority (CA). SSL

handles the encrypted communications and the mutual authentication between browsers

and your secure Web server. The CA-approved digital certiﬁcate provides authentication for

your secure Web server (the CA puts its reputation behind its certiﬁcation of your organi-

zation’s identity). When your browser is communicating using SSL encryption, you will see

the https:// preﬁx at the beginning of the Uniform Resource Locator (URL) in the navigation

bar.

Encryption depends upon the use of keys (think of them as secret encoder/decoder rings in

data format). In conventional or symmetric cryptography, both ends of the transaction have

the same key, which they use to decode each other’s transmissions. In public or asymmetric

cryptography, two keys co-exist: a public key and a private key. A person or an organization

keeps their private key a secret, and publishes their public key. Data encoded with the public

key can only be decoded with the private key; data encoded with the private key can only

be decoded with the public key.

To set up your secure server, you will use public cryptography to create a public and private

key pair. In most cases, you will send your certiﬁcate request (including your public key),

proof of your company’s identity, and payment to a CA. The CA will verify the certiﬁcate

request and your identity, and then send back a certiﬁcate for your secure Web server.