Securing Your Apache Web Server With a Thawte Digital Certificate



Similar documents
Server Certificate: Apache + mod_ssl + OpenSSL

Building Customer Confidence through SSL Certificates and SuperCerts

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Apache Security with SSL Using Ubuntu

What is an SSL Certificate?

SecuritySpy Setting Up SecuritySpy Over SSL

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

Apache, SSL and Digital Signatures Using FreeBSD

Securing your Online Data Transfer with SSL

Application Note AN1502

esync - Receiving data over HTTPS

Securing the OpenAdmin Tool for Informix web server with HTTPS


e-cert (Server) User Guide For Apache Web Server

Apache Security with SSL Using Linux

Red Hat Linux Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Sun Java System Web Server 6.1 Using Self-Signed OpenSSL Certificate. Brent Wagner, Seeds of Genius October 2007

How to: Install an SSL certificate

Laboratory Exercises VI: SSL/TLS - Configuring Apache Server

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Exercises: FreeBSD: Apache and SSL: SANOG VI IP Services Workshop

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Clearswift Information Governance

SSL Installing your new Certificate

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

RED HAT SECURE WEB SERVER 3.0 DEVELOPER EDITION FOR COBALT NETWORKS SERVERS

Protect your CollabNet TeamForge site

Security Workshop. Apache + SSL exercises in Ubuntu. 1 Install apache2 and enable SSL 2. 2 Generate a Local Certificate 2

EventTracker Windows syslog User Guide

>copy openssl.cfg openssl.conf (use the example configuration to create a new configuration)

The Benefits of the thawte ISP Program

Administering mod_jk. To Enable mod_jk

Securing Microsoft Exchange 2010 WITH THAWTE SSL CERTIFICATES

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

Browser-based Support Console

COMP 3704 Computer Security

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Enterprise SSL Support

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

CentOS. Apache. 1 de 8. Pricing Features Customers Help & Community. Sign Up Login Help & Community. Articles & Tutorials. Questions. Chat.

SSL GUIDE. Everything you need to know about SSL and securing your online business. For Apache Running Apache-SSL, mod_ssl, OpenSSL, ssleay

Obtaining SSL Certificates for VMware View Servers

Best Practices in Hardening Apache Services under Linux

Lab 3.4.2: Managing a Web Server

Starter PKI Program. Get the timesaving convenience of a thawte. multiple digital certificate account What is the Starter PKI Program?

9.92 Using HTTPS for building secure web applications v 1.0

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

Obtaining SSL Certificates for VMware Horizon View Servers

APACHE HTTP SERVER 2.2.8

Tel: Tel: +44 (0) Comodo Group.

Tel: (877) COMODO-5 Tel: +44 (0) Comodo Group.

Creating Certificate Authorities and self-signed SSL certificates

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

To install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.

Generating a Certificate Signing Request (CSR) from LoadMaster

Configuring TLS Security for Cloudera Manager

Using Microsoft s CA Server with SonicWALL Devices

Microsoft IIS 4 Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Using etoken for Securing s Using Outlook and Outlook Express

Using a custom certificate for SSL inspection

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

User Guide Generate Certificate Signing Request (CSR) & Installation of SSL Certificate

Exchange 2010 PKI Configuration Guide

Implementing Secure Sockets Layer on iseries

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Client Authenticated SSL Server Setup Guide for Microsoft Windows IIS

Crypto Lab Public-Key Cryptography and PKI

understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES

How to setup HTTP & HTTPS Load balancer for Mediator

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

LoadMaster SSL Certificate Quickstart Guide

unigui Developer's Manual 2014 FMSoft Co. Ltd.

Installation Procedure SSL Certificates in IIS 7

ECA IIS Instructions. January 2005

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Using Client Side SSL Certificate Authentication on the WebMux

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Installing an SSL certificate on the InfoVaultz Cloud Appliance

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Microsoft IIS 7 Guide to Installing Root Certificates, Generating CSR and Installing certificate

Cisco SSL Encryption Utility

Scenarios for Setting Up SSL Certificates for View

EMC Data Protection Search

Secure IIS Web Server with SSL

SSL Insight Certificate Installation Guide

Certify your Software Integrity with thawte Code Signing Certificates

CA Nimsoft Unified Management Portal

SSL Decryption Certificates

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006

SSL Certificates and Bomgar

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

Transcription:

Contents Securing Your Apache Web Server With a Thawte Digital Certificate 1. Overview 2. Research 3. System requirements 4. Generate your private key 5. Generate your Certificate Signing Request 6. Using a test certificate 7. Request a trusted certificate 8. Download your certificate 9. Install your certificate 10. Securing virtual hosts 11. Useful URLs 12. What role does Thawte play? 13. Conclusion 14. Contact Thawte 1. Overview In this document you ll find out how to purchase, install and use a Thawte SSL digital certificate on your Apache web server. We will also touch on the role of Thawte as a trusted third party. 2. Research The latest Web Server Survey released by E-Soft [www.securityspace.com] reveals that the most popular web server in use today is the Apache Server. Apache serves over 56% of the market. Trailing the Apache server are the Microsoft, Netscape, WebSite, WebStar, and Zeus web servers. For more detailed information on this survey please see: http://www.securityspace.com/s_survey/data/200006/index.html Thawte SSL certificates and SuperCerts are compatible with all of the above browsers. 3. System requirements Before you can install an SSL certificate on your Apache web server you must have installed the required SSL components. You will need to install OpenSSL, as well as either ModSSL or Apache-SSL. OpenSSL and its libraries provide the SSL back-end, while ModSSL or Apache-SSL provide the interface between Apache and OpenSSL. ModSSL and Apache-SSL are fairly similar. Thawte makes no recommendation between the two, and it s up to you which one you choose.

Apache users should find the following web sites useful: Apache is available at www.apache.org ModSSL is available at www.modssl.org Apache-SSL is available at www.apache-ssl.org OpenSSL is available at www.openssl.org 4. Generate your Private Key Use the openssl binary to generate your private key. This key will be kept on your web server so you may want to encrypt it. If you encrypt it, you should be aware that you would have to type in the pass-phrase for that key every time you restart your secure server. The private key can be generated with or without cryptographic protection as follows: With encryption: openssl genrsa -des3 -rand /dev/urandom -out www.domain.com.key 1024 Without encryption: openssl genrsa -rand /dev/urandom -out www.domain.com.key 1024 If you get stuck, or need further options, please go to: openssl genrsa help 5. Generate your Certificate Signing Request You ll need to send Thawte a CSR (Certificate Signing Request) before your certificate can be issued. To generate the CSR, use openssl and your private key as follows: openssl req-new-key www.domain.com.key-out www.domain.com.csr. This step creates a CSR that has the same modulus as the private key. 6. Using a test certificate To familiarize yourself with the workings of a Thawte certificate on an Apache Server, you can set up a test certificate on your server using a self-signed certificate or a Thawte test certificate: 6.1. Self-signed test certificate If you use a self-signed test certificate, your CSR will be signed by your own private key as follows: openssl req -x509 -key www.domain.com.key -in www.domain.com.csr-out www.xxx.com.crt 6.2. Thawte test certificate You can get a Thawte test certificate online from Thawte at: https://www.thawte.com/cgi/server/test.exe. Test certificates are intended for you to test your server configuration before you buy a trusted certificate from a CA (Certificate Authority). Paste in your CSR (Certificate Signing Request) into the test certificate request. Within minutes, you should receive an un-trusted test certificate via mail. Save the test certificate to a file called www.domain.com.crt. You can get your Thawte Consulting (Pty) Ltd October 2000 Page 2

browser to trust that test certificate by clicking on http://www.thawte.com/servertest.crt and installing the Test Certificate CA root. Before you can use the test certificate you will have to configure your Apache web server properly. To do this, edit the httpd.conf file so that the web server points to the private key and test certificate. To do this, you will use the SSLCertificateKeyFile and SSLCertificateFile directives. Enable SSL and make sure that the server is listening on port 443 with the "Listen 443" directive. Once you have done this, you can restart your server and connect to it on https://www.domain.com/ 7. Request a trusted certificate Thawte SSL certificates and SuperCerts are requested online from Thawte. During the certificate request process, you will be asked to copy and paste your CSR (Certificate Signing Request) into a text area on the online enrollment form. Please ensure that you are submitting the correct CSR, if you have generated more than one (you can check your CSR as follows: openssl req text noout in csrfilename.csr ). You will have to provide all the requested information during the enrollment process, and send us documentation proving your, or your company s, identity (a company registration certificate for instance). You can view detailed instructions for obtaining a Thawte SSL certificate at: https://www.thawte.com/certs/server/request.html The enrollment process for SuperCerts is the same as for SSL certificates. However, during the process you will need to check the box that indicates that you would like a SuperCert. You will also have to generate a 1024-bit key, and make sure your Apache Server is 128-bit enabled. Once you have completed the online request process, Thawte will take a number of steps to verify your identity and the other details you provided in the CSR. Thawte performs a considerable amount of background checking before it issues the certificate. As a result, it could take a few days to verify your company identity and details, and issue the certificate. During that period, you can track the progress of your request on your personal status page at http://www.thawte.com/cgi/server/status.exe SuperCerts are SSL certificates that allow international browsers to step-up to 128- bit encryption. Internet Explorer 5.01, Netscape Communicator 4.7 and later browsers recognize Thawte s SuperCerts. 128-bit encryption is regarded as being impossible to crack. For more information on SuperCerts please see: http://www.thawte.com/certs/server/128bit/contents.html 8. Download your certificate Once the certificate has been issued, you will be able to download it from your status page by clicking on the Fetch Certificate button (which only appears once the certificate has been issued). 9. Install your certificate Once the certificate has been issued, you can install it by simply copying it and pasting it into a file on your server. The certificate is stored in Thawte s database indefinitely, and can be downloaded again at any stage. For consistency, you should probably save it to a file called www.domain.com.crt. Thawte Consulting (Pty) Ltd October 2000 Page 3

If you generated a self-signed certificate or requested a test certificate earlier in the process and you configured your web server to use that test/self-signed certificate, then you do not need to make any changes to your configuration file. You can simply copy the real ( trusted ) certificate file over the test/self-signed certificate. If you did not configure your server to look for the self-signed test certificate, then you'll need to update your httpd.conf file to look for the new certificate. Open the httpd.conf configuration file and make sure that you have the SSLCertificateFile and SSLCertificateKeyFile directives associated with the correct file paths. For example, if you have your certificate in the /usr/local/ssl/certs/ directory and your private key in the /usr/local/ssl/private/ directory, then you will have the following in your httpd.conf file: SSLCertificateFile /usr/local/ssl/certs/www.domain.com.crt SSLCertificateKeyFile /usr/local/ssl/private/www.domain.com.key You will also need to make sure your Apache Server is listening on port 443 and "switch on" SSL with the "SSLEngine on" or SSLEnable directives in ModSSL or Apache-SSL respectively. 10. Securing virtual hosts If you have secure virtual hosts, each will need its own IP, as SSL does not support name-based virtual hosts. 11. Useful URLs Common problems experienced with Apache are dealt with in our FAQs:http://www.thawte.com/support/server/apachessl.html You ll find a key generation guide for Apache at: http://www.thawte.com/certs/server/keygen/apachessl.html The certificate enrollment process for SSL and SuperCerts begins at: https://www.thawte.com/certs/server/request.html How to generate a test certificate: https://www.thawte.com/cgi/server/test.exe Installing the test certificate CA root into your browser: http://www.thawte.com/servertest.crt 12. What role does Thawte play? Thawte Consulting issues server certificates to organizations and individuals worldwide. Thawte verifies that the company ordering the certificate is a registered organization and that the person in the company who orders the certificate is authorized to do so. Thawte also checks that the company in question owns the relevant domain. Thawte digital certificates interoperate smoothly with Apache and the latest software from Microsoft and Netscape, so you can rest assured that your purchase of a Thawte Server Certificate will give your customers confidence in your system and integrity; they will feel secure about transacting with you online. Thawte Consulting (Pty) Ltd October 2000 Page 4

13. Conclusion Apache web servers, together with Apache-SSL, or ModSSL provide an excellent platform on which to base an e-commerce website, and Thawte certificates provide the necessary security. 14. Contact Thawte If you would like more information about Thawte s SSL and other online security products, please visit http://www.thawte.com. If you have any questions, please e-mail info@thawte.com. Thawte Consulting (Pty) Ltd October 2000 Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information