Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

141

142

143

144

145

146

147

148

149

150

142 Chapter 14. Apache Secure Server Conﬁguration

To see a list of CAs, click on the Security button on your Navigator toolbar or on the

padlock icon at the bottom left of the screen, then click on Signers to see a list of certiﬁ-

cate signers from whom your browser will accept certiﬁcates. You can also search the

Web for CAs. Once you have decided upon a CA, you will need to follow the instruc-

tions they provide on how to obtain a certiﬁcate from them.

4. When the CA is satisﬁed that you are indeed who you claim to be, they will send you

a digital certiﬁcate.

5. Install this certiﬁcate on your Web server, and begin handling secure transactions.

Whether you are getting a certiﬁcate from a CA or generating your own self-signed certiﬁ-

cate, the ﬁrst step is to generate a key. See Section 14.6 for instructions on how to generate a

key.

14.6. Generating a Key

First, cd to the /etc/httpd/conf directory. Remove the fake key and certiﬁcate that were

generated during the installation with the following commands:

rm ssl.key/server.key

rm ssl.crt/server.crt

Next, you need to create your own random key. Type in the following command:

make genkey

Your system will display a message similar to the following:

umask 77 ; \

/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key

Generating RSA private key, 1024 bit long modulus

.......++++++

................................................................++++++

e is 65537 (0x10001)

Enter PEM pass phrase:

You now need to type in a password. For best security, your password should contain at least

eight characters, include numbers and/or punctuation, and not be a word in a dictionary.

Also, remember that your password is case sensitive.

Note

You will need to remember and enter this password every time you start your secure Web server, so

do not forget it.

You will be asked to re-type the password, to verify that it is correct. Once you have typed it

in correctly, a ﬁle called server.key, containing your key, will be created.

Note that if you do not want to type in a password every time you start your secure Web

server, you will need to use the following two commands instead of make genkey to create

the key. Both of these commands should be typed in entirely on one line.

Use the following command: