Server Certificate: Apache + mod_ssl + OpenSSL



Similar documents
e-cert (Server) User Guide For Apache Web Server

e-cert (Server) User Guide For Microsoft IIS 7.0

Securing Your Apache Web Server With a Thawte Digital Certificate

e-cert (Server) User Guide For Microsoft Exchange Server 2010

Application Note AN1502

>copy openssl.cfg openssl.conf (use the example configuration to create a new configuration)

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Red Hat Linux Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Browser-based Support Console

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

SWITCHBOARD SECURITY

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Clearswift Information Governance

Exercises: FreeBSD: Apache and SSL: SANOG VI IP Services Workshop

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Security Workshop. Apache + SSL exercises in Ubuntu. 1 Install apache2 and enable SSL 2. 2 Generate a Local Certificate 2

User Guide Generate Certificate Signing Request (CSR) & Installation of SSL Certificate

Laboratory Exercises VI: SSL/TLS - Configuring Apache Server

Securing the OpenAdmin Tool for Informix web server with HTTPS

To enable https for appliance

Configuring TLS Security for Cloudera Manager

A STEP- BY-STEP GUIDE

QMX ios MDM Pre-Requisites and Installation Guide

HTTPS Configuration for SAP Connector

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

EventTracker Windows syslog User Guide

Creating an Apple APNS Certificate

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

How to: Install an SSL certificate

Apache SSL Certificate Deployment Guide

Zenprise Device Manager 6.1

Sun Java System Web Server 6.1 Using Self-Signed OpenSSL Certificate. Brent Wagner, Seeds of Genius October 2007

Quick Start Guide to Logging in to Online Banking

Using Windows Task Scheduler instead of the Backup Express Scheduler

EMC Data Protection Search

SecuritySpy Setting Up SecuritySpy Over SSL

Using Client Side SSL Certificate Authentication on the WebMux

Generating and Installing SSL Certificates on the Cisco ISA500

Kerberos authentication between multiple domains may fail on LiveCycle Rights Management ES 8.2.1

Apache, SSL and Digital Signatures Using FreeBSD

Exchange Reporter Plus SSL Configuration Guide

SSL Installing your new Certificate

Note: Do not use these characters: < > # $ % ^ * / ( )?. &

SQL 2012 Installation Guide. Manually installing an SQL Server 2012 instance

Apache Security with SSL Using Ubuntu

APNS Certificate generating and installation

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Enterprise SSL Support

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

SSL Certificate Generation

Steps to configure SiteMinder Policy Server to connect to CA Directory using LDAPS

SSL Management Reference

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the BlueSecure Controller (BSC)

Using Internet or Windows Explorer to Upload Your Site

Using custom certificates with Spectralink 8400 Series Handsets

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

Configure Single Sign on Between Domino and WPS

Go to Policy/Global Properties/SmartDashboard Customization, click Configure. In Certificates and PKI properties, change host_certs_key_size to 2048

LoadMaster SSL Certificate Quickstart Guide

ECA IIS Instructions. January 2005

Using etoken for Securing s Using Outlook and Outlook Express

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

SSL Interception on Proxy SG

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Renewing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

Hosted Microsoft Exchange Client Setup & Guide Book

Installation valid SSL certificate

Marriott Enrollment Server for Web User Guide V1.4

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Certificates for computers, Web servers, and Web browser users

Generating an Apple Push Notification Service Certificate

FUJITSU Cloud IaaS Trusted Public S5 Configuring a Server Load Balancer

Creating the Certificate Request

NetSpective Certificate Guide

Specops Command. Installation Guide

IIS EPP v3. Create Certificate for IIS EPP v3. IIS Registry EPP Information. Last saved: November 17, 2015

Scan to Network Guide (Windows )

Generating an Apple Enterprise MDM Certificate

AN054 SERIAL TO WI-FI (S2W) HTTPS (SSL) AND EAP SECURITY

Certificate technology on Pulse Secure Access

SSL Certificates HOWTO

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

NovaBACKUP xsp Version 15.0 Upgrade Guide

Certificate technology on Junos Pulse Secure Access

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

1. If there is a temporary SSL certificate in your /ServerRoot/ssl/certs/ directory, move or delete it. 2. Run the following command:

Exchange 2010 PKI Configuration Guide

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Protect your CollabNet TeamForge site

New Participant Digital Certificate Enrollment Procedure

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

webmethods Certificate Toolkit

Transcription:

Server Certificate: Apache + mod_ssl + OpenSSL Section A: Procedures in Generating Key Pairs and CSR Step 1: To generate the Private Key 1. Select your random seed enhancers: Select five large and relatively random files from your server (Good choices are compressed log files). We refer them as file1, file2, file3, file4, file5 below. 2. Generate the Private Key with the following command: $./openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out your.key 1024 The process will prompt you for a pass phrase, please enter a secure password or leave it blank only if you absolutely trust your server machine. This password is need for starting your SSL server. 3. Backup and protect your Private Key: Backup your key on a diskette or other removeable media and store it in a secure place. Change permission of your key on server to 400 to prevent unauthorized reading. Page 1

Step 2: To generate the Request File 1. Generate the CSR with the following command: $./openssl req -new -key your.key -out your.csr 2. Enter the information for your certificate: when prompted for `Common Name, you MUST type your registered domain name here. For fields Country/Region, State/province and City/locality, please enter HK. 3. View the CSR request file: The certificate request is created and saved to a file your.csr. The contents should look like it: Page 2

Section B: Procedures of Submitting CSR to Hongkong Post for Certificate Generation Step 1: To access online Hongkong Post e-cert (Server) Certificate application form 1. Launch Hongkong Post e-cert (Server) web site: http://www.hongkongpost.gov.hk/5digital/dc3_fr.html You can view an overview of Hongkong Post e-cert (Server). 2. Access Online e-cert (Server) Application Form: On the left frame of the Overview page, click on the link New Application under e-cert (Server) for new application or click on the link Renew Certificate for the certificate renewal. For New Application For Renewal Application Page 3

The following figure is the online Hongkong Post e-cert (Server) Certificate application form: For renewal application, the online application form is below: Step 2: To complete the online Hongkong Post e-cert (Server) Certificate application form (Applicable for New & Renewal Application) 1. Paste the CSR data: open the CSR request file you have generated -> Copy and Page 4

Paste the contents of the request file into the text block of the Hongkong Post e-cert (Server) application form. 2. Enter SSL Server Name and PIN: In the Server Identity Authentication Information section, enter your registered SSL Server Name and the PIN. (The PIN is the 16-digit inside the PIN mailer we have distributed to you before.) Click the Submit button. 3. Complete the Submission of the Hongkong Post e-cert (Server) Application: Check the information for the application and click Submit. Page 5

The response page will be displayed: NOTE: Please write down the reference number for picking up your certificate later. Page 6

Section C: Procedures in Picking up Hongkong Post e-cert (Server) Certificate (Applicable for New & Renewal Application) (After receiving the email notification by Hongkong Post for server certificate pick-up, you can pick up your e-cert (Server) via Hongkong Post web site.) Step 1: To access Hongkong Post e-cert (Server) Certificate Pickup Page 1. Access Pick Up Certificate Page: On the left frame of the Overview page (http://www.hongkongpost.gov.hk/5digital/dc3_fr.html), click on the link Pick up Certificate under e-cert (Server). The Pick Up Certificate page will be displayed: Step 2: To access Hongkong Post e-cert (Server) Certificate Download Page 1. Enter Reference Number: Enter the reference number into the text box. (The reference number is the number generated online after you have submitted your application.) -> Click Submit. Page 7

2. View the Response Page: There are 2 sections in the page. Upper section contains the certificate details of your e-cert (Server): Lower section contains the download section for your e-cert (Server): Step 3: To Download your e-cert (Server) 1. Download Certificates: Click the link in Step 4 of the Response page for downloading your e-cert (Server), together with the certificates along the certification path (i.e. certificates of Hongkong Post e-cert CA and Hongkong Page 8

Post Root CA). They are in base-64 format. After downloading, you will obtain a file called DownloadCert.sh : (In case you don t have the Hongkong Post e-cert CA and Hongkong Post Root CA certificates, you can click the link in step1 and step 2. The two files are in binary format and should be imported into the client browsers for certificate validation.) Page 9

Section D: Procedures in Installing your Hongkong Post e-cert (Server) Certificate into your Apache Web Server Step 1: To extract your e-cert (Server) 1. View your downloaded file: Use a text editor to open the downloaded file DownloadCert.sh. The files should contain 3 certificates: (The following shows the portions of each certificate only.) 2. Extract your e-cert (Server): Extract the user certificate (BEGIN CERTIFICATE... END CERTIFICATE), save it as a file your.crt, making sure that there is no trailing space and should have the following format: Page 10

3. Installation: updating the your Apache configuration file as follows, SSLCertificateFile /path/to/your.crt SSLCertificateKeyFile /path/to/your.key Then start your Apache web server. Congratulation! You have successfully installed the Hongkong Post e-cert (Server) into your Apache We b Server. Page 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information