Setting Up A Secure Web Server With Ssl - Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - ADMINISTRATION:
- Installation (5 pages) ,
- Manual (450 pages)
Table of Contents
Advertisement
27.6 Setting Up a Secure Web Server
with SSL
Whenever sensitive data, such as credit card information, is transferred between Web
server and client, it is desirable to have a secure, encrypted connection with authentica-
tion. mod_ssl provides strong encryption using the secure sockets layer (SSL) and
transport layer security (TLS) protocols for HTTP communication between a client and
the Web server. Using SSL/TSL, a private connection between Web server and client
is established. Data integrity is ensured and client and server are able to authenticate
each other.
For this purpose, the server sends an SSL certificate that holds information proving the
server's valid identity before any request to a URL is answered. In turn, this guarantees
that the server is the uniquely correct end point for the communication. Additionally,
the certificate generates an encrypted connection between client and server that can
transport information without the risk of exposing sensitive, plain-text content.
mod_ssl does not implement the SSL/TSL protocols itself, but acts as an interface be-
tween Apache and an SSL library. In SUSE Linux Enterprise Server, the OpenSSL li-
brary is used. OpenSSL is automatically installed with Apache.
The most visible effect of using mod_ssl with Apache is that URLs are prefixed with
https:// instead of http://.
27.6.1 Creating an SSL Certificate
In order to use SSL/TSL with the Web server, you need to create an SSL certificate.
This certificate is needed for the authorization between Web server and client, so that
each party can clearly identify the other party. To ensure the integrity of the certificate,
it must be signed by a party every user trusts.
There are three types of certificates you can create: a "dummy" certificate for testing
purposes only, a self-signed certificate for a defined circle of users that trust you, and
a certificate signed by an independent, publicly-known certificate authority (CA).
Creating a certificate is basically a two step process. First, a private key for the certificate
authority is generated then the server certificate is signed with this key.
The Apache HTTP Server
401
Advertisement
Table of Contents
Troubleshooting
