Table of Contents
Advertisement
Getting an Officially Signed Certificate
There are a number of official certificate authorities that sign your certificates. The
certificate is signed by a trustworthy third party, so can be fully trusted. Publicly oper-
ating secure Web servers usually have got an officially signed certificate.
The best-known official CAs are Thawte
(www.verisign.com). These and other CAs are already compiled into all browsers,
so certificates signed by these certificate authorities are automatically accepted by the
browser.
When requesting an officially signed certificate, you do not send a certificate to the
CA. Instead, issue a Certificate Signing Request (CSR). To create a CSR, call the script
/usr/share/ssl/misc/CA.sh -newreq.
First the script asks for a password with which the CSR should be encrypted. Then you
are asked to enter a distinguished name. This requires you to answer a few questions,
such as country name or organization name. Enter valid data—everything you enter
here later shows up in the certificate and is checked. You do not need to answer every
question. If one does not apply to you or you want to leave it blank, use ".". Common
name is the name of the CA itself—choose a significant name, such as My company
CA. Last, a challenge password and an alternative company name must be entered.
Find the CSR in the directory from which you called the script. The file is named
newreq.pem.
41.6.2 Configuring Apache with SSL
The default port for SSL and TLS requests on the Web server side is 443. There is no
conflict between a "regular" Apache listening on port 80 and an SSL/TLS-enabled
Apache listening on port 443. In fact, HTTP and HTTPS can be run with the same
Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80
and port 443 to separate virtual servers.
IMPORTANT: Firewall Configuration
Do not forget to open the firewall for SSL-enabled Apache on port 443. This
can be done with YaST as described in
with YaST"
(page 834).
(http://www.thawte.com/
Section 44.4.1, "Configuring the Firewall
or Verisign
The Apache HTTP Server
783
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
- NOVELL IDENTITY MANAGER 3.6.1 - UNDERSTANDING POLICIES 05-06-2009
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 08-04-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - ARCHITECTURE-SPECIFIC INFORMATION 08-05-2008
- NOVELL LOGIN SCRIPTS - 08-2008
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - ADMINISTRATOR REFERENCE 06-17-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - 03-31-2010
- NOVELL SUPPORT ADVISOR - 04-2010
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009