beautypg.com

Setting up secure sockets layer (ssl) service, Setting up secure sockets layer (ssl) service 383 – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 383

background image

Web Service

383

Setting Up Secure Sockets Layer (SSL) Service

If you want to provide secure transactions on your server, such as allowing users to purchase
items from a Web site, you should set up Secure Sockets Layer (SSL) protection. SSL lets you
send encrypted, authenticated information across the Internet. If you want to allow credit
card transactions through a Web site, for example, you can protect the information that’s
passed to and from that site.

When you generate a certificate signing request (CSR), the certificate authority sends you a
certificate that you install on your server. They may also send you a CA certificate (ca.crt).
Installing this file is optional. Normally, CA certificates reside in client applications such as
Internet Explorer and allow those applications to verify that the server certificate originated
from the right authority. However, CA certificates expire or evolve, so some client
applications may not be up to date.

Generating a Certificate Signing Request (CSR) for Your Server

The CSR is a file that provides information needed to set up your server certificate.

To generate a CSR for your server:

1

Log in to your server using the root password and open the Terminal application.

2

At the prompt, type these commands and press Return at the end of each one.

cd

openssl md5 * > rand.dat

openssl genrsa -rand rand.dat -des 1024 > key.pem

3

At the next prompt, type a passphrase, then press Return.

The passphrase you create unlocks the server’s certificate key. You will use this passphrase
when you enable SSL on your Web server.

4

If it doesn’t already exist on your server, create a directory at the following location:

/etc/httpd/ssl.key

Make a copy of the key.pem file (created in step 2) and rename it server.key. Then copy
server.key to the ssl.key directory.

5

At the prompt, type the following command and press Return.

openssl req -new -key key.pem -out csr.pem

This generates a file named csr.pem in your home directory.

6

When prompted, enter the following information:

m Country: The country in which your organization is located.

m State: The full name of your state.

m Locality: The city in which your organization is located.

LL0395.Book Page 383 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: