An Overview Of Certificates And Security - Red Hat ENTERPRISE LINUX 4 System Administration Manual

Note
Newer implementations of various daemons now provide their services natively over
SSL, such as dovecot or OpenLDAP's slapd server, which may be more desirable
than using stunnel.
For example, use of stunnel only provides wrapping of protocols, while the native
support in OpenLDAP's slapd can also handle in-band upgrades for using encryption
in response to a StartTLS client request.
Table 25.1, "Security Packages"
package is optional for the installation of a secure server.
Package Name
httpd
mod_ssl
openssl
httpd-devel
openssh
openssh-askpass
openssh-askpass-gnome
openssh-clients
openssh-server
openssl-devel
stunnel
Table 25.1. Security Packages

25.3. An Overview of Certificates and Security

Your secure server provides security using a combination of the Secure Sockets Layer (SSL) protocol
and (in most cases) a digital certificate from a Certificate Authority (CA). SSL handles the encrypted
communications as well as the mutual authentication between browsers and your secure server.
The CA-approved digital certificate provides authentication for your secure server (the CA puts its
reputation behind its certification of your organization's identity). When your browser is communicating
using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator
(URL) in the navigation bar.
Encryption depends upon the use of keys (think of them as secret encoder/decoder rings in data
format). In conventional or symmetric cryptography, both ends of the transaction have the same key,
which they use to decode each other's transmissions. In public or asymmetric cryptography, two keys
co-exist: a public key and a private key. A person or an organization keeps their private key a secret
and publishes their public key. Data encoded with the public key can only be decoded with the private
key; data encoded with the private key can only be decoded with the public key.
To set up your secure server, use public cryptography to create a public and private key pair. In most
cases, you send your certificate request (including your public key), proof of your company's identity,
and payment to a CA. The CA verifies the certificate request and your identity, and then sends back a
certificate for your secure server.
displays a summary of the secure server packages and whether each
An Overview of Certificates and Security
Optional?
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
255