Next
Previous
Contents
The purpose of this guide is to assist RedHat Linux users with the
installation of server (SSL) certificates using the Apache web server. The
goal is to provide a clear procedure that will save time and, in many cases,
money!
First, I will cover what you need to know about the SSL protocol and
digital certificates. In my experience, building an Apache web server with
ModSSL and OpenSSL is the most beneficial software combination. OpenSSL is
a general-purpose cryptography library that supports the SSL v2/v3 and TLS
v1 protocols. ModSSL is an Apache API module designed to act as an
interface between Apache and OpenSSL. The biggest advantage is that all
three packages are free.
Then, beginning with Section 4, I will go through the step-by-step
procedures for generating keys and installing certificates on a
RedHat-Apache server compiled with ModSSL and OpenSSL. The procedures in
Section 4 will also work with commercial SSL-server packages such as
Stronghold and Raven that are closely related to Apache.
Disclaimer: I am a technical support engineer for Equifax Secure Inc., a
Certificate Authority. Therefore, I use Equifax Secure certificates and
examples geared towards installing Equifax Secure certificates. However,
the instructions will also work with certificates issued by other
Certificate Authorities. Since this document was written at my own
initiative, Equifax Secure Inc. is neither liable nor accountable for any
consequences resulting from the use of these procedures.
My comments to the reader is in this style (emphasized).
Example lines are in plain roman style.
Note that extra comments and advice is found in comments
within the SGML source.
SSL is a presentation layer service, located between the TCP and the
application layer. It is platform and application independent. SSL is
responsible for the management of a secure communications channel between
the client and server. SSL provides a strong mechanism for encrypting data
transferred between a client and a server.
Comments on this guide may be directed to the author
(richard.sigle at equifax.com).
Copyright (c) 2001 by Richard L. Sigle
Please freely copy and distribute this document in any format. It's
requested that corrections and/or comments be forwarded to the document
maintainer. You may create a derivative work and distribute it provided that
you:
- Send your derivative work (in the most suitable format such as sgml)
to the
LDP (Linux
Documentation Project) or the like for posting on the
Internet. If not the LDP, then let the LDP know where it is available.
- License the derivative work with this same license or use GPL. Include
a copyright notice and at least a pointer to the license used.
- Give due credit to previous authors and major contributors.
If you're considering making a derived work other than a translation, it's
requested that you discuss your plans with the current maintainer.
I would like to thank Tony Villasenor for tirelessly reading my drafts and
offering his input and advice. Without Tony, this document would never have
been finished.
Next
Previous
Contents
| 
Free eBook: 
