background preloader


Facebook Twitter

Generating an SSL Certificate with Apache+mod_ssl. Introduction This document is intended to be a quick guide to generating and installing an SSL certificate on an Apache web server with the mod_ssl module. While this is not an overly difficult process, it does involve running several long commands with numerous options. This document should be all that you need to walk you through the process of generating the certificate and installing it in your web server. This document does not attempt to discuss compiling or installing Apache and mod_ssl.

For detailed instructions on that topic, please see "Building Apache with mod_ssl and Other Modules". Brief SSL Primer This section will serve as a very brief introduction to SSL, the Secure Socket Layer. Normal web traffic is sent unencrypted over the Internet. SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). Generating a Private Key and CSR The first step is to create your RSA Private Key. . $ openssl rsa -in server.key -out server.pem. Disabling Certificate Validation in an HTTPS Connection. By default, accessing an HTTPS URL using the URL class results in an exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates. Apache2 SSL on Windows.

Keytool-Key and Certificate Management Tool. A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value.

keytool-Key and Certificate Management Tool

(See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it. keytool stores the keys and certificates in a so-called keystore. The default keystore implementation implements the keystore as a file. The jarsigner tool uses information from a keystore to generate or verify digital signatures for Java ARchive (JAR) files.

Please note: the keytool and jarsigner tools completely replace the javakey tool provided in JDK 1.1. The KeyStore class provided in the package supplies well-defined interfaces to access and modify the information in a keystore. - /SSL/ How do I create an SSL socket connection from a Java application? How do I... Request and install SSL certificates in IIS 7.0? Shining Light Productions - Win32 OpenSSL. Shining Light Productions' Technical Support is highly acclaimed by many as the best in the software industry.

Shining Light Productions - Win32 OpenSSL

The reason? You get to talk to the original/current developer of the product one-on-one...this means that there is no annoying third party using scripted responses. The downside is that, since you ARE e-mailing a real developer, you need to realize this and respect the developer, no matter what mood he/she is in. A developer's time is extremely valuable and a developer may not be in the most pleasant mood all the time. You can quickly get on any developer's nerves by e-mailing multiple times, mis-spelling, mis-communicating, need to be told where your "Start" button is, or you manage to catch the developer at the end of an eight hour debugging session (or worse, the frantic portion of a release cycle).

Feature Requests: To suggest a feature, send an e-mail to Shining Light Productions describing the feature in as much detail as possible. Knowledge Center - SSL Certificates Support. This document provides instructions for generating a Certificate Signing Request on Apache.

Knowledge Center - SSL Certificates Support

If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Apache-SSL. NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR, and certificate must all match in order for the installation to be successful. SSL/TLS Strong Encryption: FAQ. Available Languages: en | fr The wise man doesn't give the right answers, he poses the right questions.-- Claude Levi-Strauss Configuration Is it possible to provide HTTP and HTTPS from the same server?

SSL/TLS Strong Encryption: FAQ

Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. Which port does HTTPS use? You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. How do I speak HTTPS manually for testing purposes? While you usually just use $ telnet localhost 80 GET / HTTP/1.0 for simple testing of Apache via HTTP, it's not so easy for HTTPS because of the SSL protocol between TCP and HTTP.

. $ openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0. Frequently used SSL commands. Using opensslusing keytool (included in recent Sun java reference implementations) openssl generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA) openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key.

frequently used SSL commands