Configuring SSL for Coolstack
This document provides information about how to enable SSL for Coolstack version 1.1.
What is Coolstack?
Coolstack (also called as SAMP stack), contains the following software that is built to work together on Solaris 10 operating system:
Note – MySQL included in this package is a 32-bit version with client-side support to work with PHP.
You can download the latest version of Coolstack from http://cooltools.sunsource.net/coolstack/. This URL also provides information on how to install Coolstack.
Coolstack version 1.1 supports Solaris Express Developer Edition and Solaris 10.
What is SSL?
Secure Socket Layer (SSL) is a protocol used for transmitting secure data through the Internet. SSL uses a cryptographic system that uses two keys to encrypt data: a public key known to everyone and a private or secret key known only to the recipient of the message. Most web browsers support SSL. By convention, URLs that support SSL start with https.
Before you proceed to configure SSL for Coolstack:
In your installation path (install-dir), where the AMP stack is installed, change folder to apache2/conf.
In the /install-dir/apache2/conf/httpd.conf, make the following changes:
In /install-dir/apache2/conf/extra/httpd-default.conf, make the following changes:
Set UseCanonicalName to On.
UseCanonicalName determines how Apache constructs self-referencing URLs and the SERVER_NAME and SERVER_PORT variables. When set Off, Apache uses the Hostname and Port supplied by the client. When set On, Apache uses the value of the ServerName directive.
In /install-dir/apache2/conf/extra/httpd-ssl.conf, make the following changes:
Creating Certificate and Key
Use OpenSSL to create the key and certificate for https.
If OpenSSL is not already installed on your host, download the latest version from http://sunfreeware.com.
To install OpenSSL:
Apache HTTPd server stores the certificate and certificate key in different files. Location of these files are specified in the httpd-ssl.conf file.
Note – Apache configures SSL at the Virtual host level, not at the listener level.
To generate server key and certificate
Starting Apache HTTPd Server in Secure Mode
You are now ready to start Apache server. Use the apachectl start command.
At the command prompt, type the following command:
If you receive any warnings or error messages, see the log files stored in install-dir/apache2/logs.
To verify whether the server has started successfully, open your web browser, enter the URL https://myserver.sun.com:443 in the address bar and press enter.
You will see a page with the message ‘It Works!’.
You have successfully configured SSL with Coolstack.
Note – With this configuration, you will also be able to run the server in non-SSL mode. Type the URL http://myserver.sun.com:80 in the address bar of your browser and press enter. You will see a page with the message ‘it Works!’.