|C H A P T E R 4|
Enabling Apache Web Servers
This chapter explains how to configure and enable the Sun Crypto Accelerator 1000 board for use with Apache Web Servers. This chapter includes the following sections:
The following procedure describes how to create the private key and certificate required to enable Apache Web Servers to use the Sun Crypto Accelerator 1000 board. If you already have a private key and certificate, go to Enabling Apache Web Servers.
1. Generate an RSA private key in Privacy-Enhanced Mail (PEM) format.
2. Create your PEM passphrase.
This passphrase protects the key material. Be sure to select a strong passphrase, but one that you can remember. If you forget the passphrase, you will be unable to access your keys.
3. Generate the certificate request.
4. Create a certificate request using the keys you just created.
You must first enter the passphrase to access your keys. Then provide the appropriate information for the following fields:
The following is an example of how the certificate fields are entered:
You are about to be asked to enter information that will be incorporated into your certificate request.
5. Hand off the certreq.csr file to your certificate authority.
6. Once the certificate is signed by the certificate authority, go to the next section to setup the Apache Web Server.
Apache Web Server and mod_ssl are provided with the Solaris 10 Operating System. The following instructions are for these specific releases of Apache Web Server. Refer to the Apache Web Server documentation for more information.
1. Create an httpd configuration file.
For Solaris systems, the httpd.conf-example file is usually in /etc/apache. You can use this file as a template and copy it as follows:
2. Replace ServerName with your server name in the http.conf file.
3. Save the issued key as /etc/apache/ssl.key/.
4. Save the issued certificate as /etc/apache/ssl.crt/server.crt.
Note - When generating the key and copying the certificate, any cert or key with the same filename is overwritten. Other names can be chosen, the names in this example are defaults. If other names are chosen, the administrator must change the SSLCertificateFile and SSLCertificateKeyFile directives in httpd.conf to point to the new filenames.
5. Start the Apache Web Server.
This example assumes the Apache binary directory is /usr/apache/bin; if this is not the Apache binary directory, type in the correct directory.
6. Enter you PEM passphrase if prompted for it.
7. Verify the SSL enabled web server with a browser pointing to the following URL:
8. Verify that the Sun Crypto Accelerator 1000 Board is being used.
Verify that the rsaprivate field is being incremented in the statistics.