Hitachi

uCosminexus Application Server HTTP Server User Guide

5.2.1 Acquiring a certificate

This section describes the procedure for acquiring a certificate for each encryption type.

Organization of this subsection

(1) When using RSA encryption

The following describes the procedure for acquiring a certificate when using RSA encryption. To create the Web server private key and Certificate Signing Request (CSR) required for acquiring a certificate, use the openssl.bat command in Windows and use the openssl.sh command in UNIX.

Figure 5‒2: Acquiring the certificate

[Figure]

Acquire a certificate file signed by the CA according to the procedure shown in the preceding figure. Then save the part of the certificate file that begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE---- as a certificate file (httpsd.pem in the standard httpsd.conf) to be specified in the directive. After that, define the private key file in the SSLCertificateKeyFile directive and the saved certificate file in the SSLCertificateFile directive to use SSL. Note that the private key file defined in the SSLCertificateKeyFile directive must be in the format conforming to PKCS#1 or PKCS#8.

To Page Top

(2) When using elliptic curve cryptography

The following describes the procedure for acquiring a certificate when using elliptic curve cryptography. To create the Web server private key and Certificate Signing Request (CSR) required for acquiring a certificate, use the openssl.bat command in Windows and use the openssl.sh command in UNIX.

[Figure]

Acquire a certificate file signed by the CA according to the procedure shown in the preceding figure. Then save the part of the certificate file that begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE---- as a certificate file (httpsd.pem in the standard httpsd.conf) to be specified in the directive. After that, define the private key file in the SSLCertificateKeyFile directive and the saved certificate file in the SSLCertificateFile directive to use SSL. Note that the private key file defined in the SSLCertificateKeyFile directive must be in the format conforming to PKCS#8.

To Page Top

(3) Note

To use the encryption suites for both RSA encryption and elliptic curve cryptography at the same time, define the private keys and certificates for RSA encryption and elliptic curve cryptography in the relevant directives.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.