5.1.1 Preparing for SSL communication

You need to install the private key and the certificate issued by the Certification Authority (CA) on the Web server to use the authentication and the data encryption by SSL.

Perform the following:

  1. Creating a private key
    Use the keygen command to create a private key for the Web server.
  2. Creating a Certificate Signing Request (CSR)
    Use the certutil reqgen command to create a Certificate Signing Request (CSR).
  3. Sending the CSR to CA
    Send the CSR created in the above step 2 to the CA.
  4. Acquiring a certificate
    Acquire a PEM formatted certificate from the CA.
  5. Editing the httpsd.conf file (defining directives)
    Specify the SSLEnable directive to enable the SSL. Specify the PEM formatted certificate acquired from the CA in the SSLCertificateFile directive and private key of the Web server in the SSLCertificateKeyFile directive.
    Example: This example enables SSL and defines the PEM formatted certificate and Web server private key.
    • For UNIX Version

      SSLEnable
      SSLCertificateFile /opt/hitachi/httpsd/conf/ssl/server/httpsd.pem
      SSLCertificateKeyFile /opt/hitachi/httpsd/conf/ssl/server/httpsdkey.pem

    • For Windows Version

      SSLEnable
      SSLCertificateFile "<Cosminexus-installation-directory>/httpsd/conf/ssl/server/httpsd.pem"
      SSLCertificateKeyFile "<Cosminexus-installation-directory>/httpsd/conf/ssl/server/httpsdkey.pem"

    When communicating with SSL, use https:// to request from the Web browser. When you omit the port number, the Web server uses the port 443 with standard SSL. However, it is common to specify port 443 in the Port or Listen directive.
  6. Restarting the Web server
    Restart the Web server to enable the definitions of the httpsd.conf file. However, if you change the settings of the SSLCertificateKeyFile directive, stop and then restart the Web server.

To disable SSL, disable the specification given in the above-mentioned step 5, specify the SSLDisable directive and then restart the server.