5.1.1 Preparing for SSL communication
You need to install the private key and the certificate issued by the Certification Authority (CA) on the Web server to use the authentication and the data encryption by SSL.
Perform the following:
-
Creating a private key
Create a private key for the Web server by using the openssl.bat genrsa command or openssl.sh genrsa command.
-
Creating a Certificate Signing Request (CSR)
Create a CSR by using the openssl.bat reqgen command or openssl.sh reqgen command.
-
Sending the CSR to CA
Send the CSR created in the above step 2 to the CA.
-
Acquiring a certificate
Acquire a PEM formatted certificate from the CA.
-
Editing the httpsd.conf file (defining directives)
Specify On in the SSLEngine directive to enable SSL. Specify the PEM formatted certificate acquired from the CA in the SSLCertificateFile directive and private key of the Web server in the SSLCertificateKeyFile directive.
Example: This example enables SSL and defines the PEM formatted certificate and Web server private key.
-
For UNIX Version
SSLEngine On SSLCertificateFile /opt/hitachi/httpsd/conf/ssl/server/httpsd.pem SSLCertificateKeyFile /opt/hitachi/httpsd/conf/ssl/server/httpsdkey.pem
-
For Windows Version
SSLEngine On SSLCertificateFile "Application-Server-installation-directory/httpsd/conf/ssl/server/httpsd.pem" SSLCertificateKeyFile "Application-Server-installation-directory/httpsd/conf/ssl/server/httpsdkey.pem"
When communicating with SSL, use https:// to request from the Web browser. When you omit the port number, the Web server uses the port 443 with standard SSL. Therefore, it is common to specify port 443 in the Listen directive.
-
-
Restarting the Web server
Restart the Web server to enable the definitions of the httpsd.conf file. However, if you change the settings of the SSLCertificateKeyFile directive, stop and then restart the Web server.
To disable SSL, disable the specification given in the above-mentioned step 5, and restart the server.