test

Sun WebServer 2.1 Installation Guide

Configuring a Web Site for SSL

You must create a port on the web site's IP address that uses SSL. The default port used for SSL connections is 443.

These instructions assume you are using the Sun WebServer GUI. You can also configure the port by editing the configuration file for the web site's server instance (for example, /etc/http/sws_server.httpd.conf). Please refer to the man page for httpd.conf(4) if you choose to edit the configuration file.

To Configure A Web Site for SSL:

  1. Connect to the Sun WebServer GUI and log in.

    For information on connecting, see Chapter 2, Configuring Sun WebServer.

  2. Find the server instance that hosts the web site in the Server List. Click the + to expand the folder if the configuration pages are not listed.

  3. If you do not know the IP address of the web site, choose the Web Sites page.

    The IP address(es) used by the web site are shown in the list.

    Note -

    The IP Address must not be used by multiple web sites. The SSL certificate is bound to a unique IP address and host name.

  4. Click the IP/Ports page to add a port to the web site's IP address.

    The Network Connections list will display on the right, showing all of the IP addresses and ports used by this server instance.

  5. Click Add to create a Network Connection using the web site's IP address and port 443.

    The Network Connection Dialog opens.

  6. Fill in the IP Address and Port fields with the web site's IP address and the port on which you want SSL active (usually 443). Set the Timeout and whether you want to allow HTTP 1.0 Keepalive.

    If you are unsure about Timeout and Allow HTTP 1.0 Keepalive, click Help in the dialog. For best performance, set the Timeout to 300 seconds and allow HTTP 1.0 Keepalive.

  7. Select the Enable SSL check box.

  8. If you want to accept connections only from clients that have valid personal certificates, click the Require Client Certificate box.

    For more information on this field, click Help.

  9. Set the cipher suites you want to enable.

    The server will negotiate with the client to use a common cipher suite. If the client and server have more than one suite in common, the strongest suite will be used.

    If you have the US/Canada encryption software, you may choose 128-bit, 40-bit, or both. Select both, unless you explicitly want to require a certain set from clients.

    If you have global encryption software, you can only use the 40-bit cipher suite. Select the 40-bit check box.

    Note -

    For domestic software, to ensure successful operation with various browsers, always include the strongest available cipher choice (SSL_RSA_WITH_RC4_128_MD5) in the ssl_ciphers attribute when you enable SSL on a port.

  10. Click OK to confirm your changes, then choose Save from the Web Server menu.

  11. If you are configuring SSL on the default site for the server instance, skip the remaining steps.

    The default site on a server listens to all connection endpoints defined for that server, so there is no need to add the new SSL connection to the web site.

  12. From the Server List, choose the Web Site page and select the web site in the list. Choose Edit Web Site from the Edit menu.

    In the Edit Web Site dialog, find the SSL enabled network connection in the Available IP/Ports list of the IP/Ports section, and choose it. The connections are listed as IP_Address:Port combinations.

  13. Click < to move the connection in the Site Connections list.

    Note -

    This option is disabled for default sites because default sites automatically listen in on all connection endpoints for the server. If you are configuring the default site for the server instance, skip steps 12 through 15.

  14. Click Save to save the web site changes.

  15. If you want the web site to be available only through server SSL connections, remove all other ports from its Site Connections list.

    Continue with the next configuration procedure, "Requesting Signed Certificates ".