C H A P T E R 4 |
Enabling Apache Web Servers |
This chapter explains how to configure and enable the Sun Crypto Accelerator 1000 board for use with Apache Web Servers. This chapter includes the following sections:
The following procedure describes how to create the private key and certificate required to enable Apache Web Servers to use the Sun Crypto Accelerator 1000 board. If you already have a private key and certificate, go to Enabling Apache Web Servers.
To Create a Private Key and Certificate |
1. Generate an RSA private key in Privacy-Enhanced Mail (PEM) format.
2. Create your PEM passphrase.
This passphrase protects the key material. Be sure to select a strong passphrase, but one that you can remember. If you forget the passphrase, you will be unable to access your keys.
Caution - You must remember the passphrase you enter. Without the passphrase, you cannot access your keys. There is no way to retrieve a lost passphrase. |
3. Generate the certificate request.
% /usr/sfw/bin/openssl req -new -key /etc/apache/ssl.key/server.key -out /etc/apache/ssl.csr/certreq.csr |
4. Create a certificate request using the keys you just created.
You must first enter the passphrase to access your keys. Then provide the appropriate information for the following fields:
The following is an example of how the certificate fields are entered:
5. Hand off the certreq.csr file to your certificate authority.
6. Once the certificate is signed by the certificate authority, go to the next section to setup the Apache Web Server.
Apache Web Server and mod_ssl are provided with the Solaris 10 Operating System. The following instructions are for these specific releases of Apache Web Server. Refer to the Apache Web Server documentation for more information.
To Enable the Apache Web Server |
1. Create an httpd configuration file.
For Solaris systems, the httpd.conf-example file is usually in /etc/apache. You can use this file as a template and copy it as follows:
2. Replace ServerName with your server name in the http.conf file.
3. Save the issued key as /etc/apache/ssl.key/.
4. Save the issued certificate as /etc/apache/ssl.crt/server.crt.
5. Start the Apache Web Server.
This example assumes the Apache binary directory is /usr/apache/bin; if this is not the Apache binary directory, type in the correct directory.
6. Enter you PEM passphrase if prompted for it.
7. Verify the SSL enabled web server with a browser pointing to the following URL:
8. Verify that the Sun Crypto Accelerator 1000 Board is being used.
Verify that the rsaprivate field is being incremented in the statistics.
Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.