Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 792

For this purpose, the server sends an SSL certificate that holds information proving the
server's valid identity before any request to a URL is answered. In turn, this guarantees
that the server is the uniquely correct end point for the communication. Additionally,
the certificate generates an encrypted connection between client and server that can
transport information without the risk of exposing sensitive, plain-text content.
mod_ssl does not implement the SSL/TSL protocols itself, but acts as an interface be-
tween Apache and an SSL library. In SUSE Linux Enterprise Server, the OpenSSL li-
brary is used. OpenSSL is automatically installed with Apache.
The most visible effect of using mod_ssl with Apache is that URLs are prefixed with
https:// instead of http://.
40.6.1 Creating an SSL Certificate
In order to use SSL/TSL with the Web server, you need to create an SSL certificate.
This certificate is needed for the authorization between Web server and client, so that
each party can clearly identify the other party. To ensure the integrity of the certificate,
it must be signed by a party every user trusts.
There are three types of certificates you can create: a "dummy" certificate for testing
purposes only, a self-signed certificate for a defined circle of users that trust you, and
a certificate signed by an independent, publicly-known certificate authority (CA).
Creating a certificate is basically a two step process. First, a private key for the certificate
authority is generated then the server certificate is signed with this key.
TIP: For More Information
To learn more about concepts and definitions of SSL/TSL, refer to
httpd.apache.org/docs/2.2/ssl/ssl_intro.html.
Creating a "Dummy" Certificate
Generating a dummy certificate is simple. Just call the script
/usr/bin/gensslcert. It creates or overwrites the following files:
• /etc/apache2/ssl.crt/ca.crt
774 Installation and Administration
http://