OPENSSL HTTPS SSL SOLARIS COOLSTACK

por | 9 agosto, 2008

Contents

Configuring SSL for Coolstack

This document provides information about how to enable SSL for Coolstack version 1.1.

What is Coolstack?

Coolstack (also called as SAMP stack), contains the following software that is built to work together on Solaris 10 operating system:

  • Apache HTTPd server version 2.2.3
  • MySQL version 5.0.33
  • PHP version 5.2.0

Note – MySQL included in this package is a 32-bit version with client-side support to work with PHP.


You can download the latest version of Coolstack from http://cooltools.sunsource.net/coolstack/. This URL also provides information on how to install Coolstack.

Coolstack version 1.1 supports Solaris Express Developer Edition and Solaris 10.

What is SSL?

Secure Socket Layer (SSL) is a protocol used for transmitting secure data through the Internet. SSL uses a cryptographic system that uses two keys to encrypt data: a public key known to everyone and a private or secret key known only to the recipient of the message. Most web browsers support SSL. By convention, URLs that support SSL start with https.

Configuring SSL

Before you proceed to configure SSL for Coolstack:

  1. Ensure that you have Solaris 10 operating system installed on your host.
  2. Log in as root or as a super user.
  3. Install Apache, MySQL, PHP.
  4. Install OpenSSL on your machine.
  5. Make sure you have at least 150 MB of free memory to run Apache HTTPd server.

Configuration changes

In your installation path (install-dir), where the AMP stack is installed, change folder to apache2/conf.

In the /install-dir/apache2/conf/httpd.conf, make the following changes:

  1. Set ServerName to the fully qualified DNS name of the system. If your host does not have a registered DNS name, you can specify the IP address of the host.

    For example: ServerName www.myserver.com:80

  2. Set ServerAdmin to an appropriate email address.

    For example: ServerAdmin you@myserver.com

  3. Uncomment the following line:

    Include conf/extra/httpd-mpm.conf

    Multi-Processing Modules (MPMs) provide the interface between the running Apache server and the underlying operating system. Its primary role is to optimize Apache for each platform, while ensuring the server runs efficiently and securely.

  4. Uncomment the following line:

    Include conf/extra/httpd-default.conf

    This file contains the default server configuration information.

  5. Uncomment the following line:

    Include conf/extra/httpd-ssl.conf

    This file contains the SSL configuration information.

In /install-dir/apache2/conf/extra/httpd-default.conf, make the following changes:

Set UseCanonicalName to On.

UseCanonicalName determines how Apache constructs self-referencing URLs and the SERVER_NAME and SERVER_PORT variables. When set Off, Apache uses the Hostname and Port supplied by the client. When set On, Apache uses the value of the ServerName directive.

In /install-dir/apache2/conf/extra/httpd-ssl.conf, make the following changes:

  1. Set the virtual server host context parameters. Virtual Server host is the same as you set ServerName in httpd.conf along with port number 443.

    For Example:

    <virtialHost muserver.sun.com:443>
  2. Set the ServerName to the same name that you set in httpd.conf.

    For Example:

    ServerName myserver.sun.com:443
  3. Set the ServerAdmin to the same value as you set in httpd.conf.

    For Example:

    ServerAdmin you@myserver.com

Creating Certificate and Key

Use OpenSSL to create the key and certificate for https.

If OpenSSL is not already installed on your host, download the latest version from http://sunfreeware.com.

To install OpenSSL:

  1. Expand the downloaded zip file.
  2. Use pkgadd -d command to add the package.

    OpenSSL is installed in the default location: /usr/local/.

Apache HTTPd server stores the certificate and certificate key in different files. Location of these files are specified in the httpd-ssl.conf file.


Note – Apache configures SSL at the Virtual host level, not at the listener level.


To generate server key and certificate

  1. At the command prompt, set path variable to point to the location where OpenSSL is installed. For example: PATH=/usr/local/ssl/bin:$PATH
  2. Change directory to the location where apache configuration files are stored. For example: cd /usr/local/apache2/conf
  3. Use the openssl command to generate a RSA key.openssl genrsa -out server.key 2048

    This command generates a server key and stores it in the /install-dir/apache2/conf directory

    Type openssl -help at the command prompt for help on using the command.

  4. Generate a server certificate using the openssl command.openssl req -new -x509 -key server.key -out server.crt -days 365

    This command prompts you to enter the country name, state or province name, locality name, organization name, organization unit name, email address and the common name. For Common Name, enter the value that you used for ServerName in httpd.conf file.

    In this example, enter myserver.sun.com for Common Name.

Starting Apache HTTPd Server in Secure Mode

You are now ready to start Apache server. Use the apachectl start command.

At the command prompt, type the following command:

/install-dir/apache2/bin/apachectl start

If you receive any warnings or error messages, see the log files stored in install-dir/apache2/logs.

To verify whether the server has started successfully, open your web browser, enter the URL https://myserver.sun.com:443 in the address bar and press enter.

You will see a page with the message ‘It Works!’.

You have successfully configured SSL with Coolstack.


Note – With this configuration, you will also be able to run the server in non-SSL mode. Type the URL http://myserver.sun.com:80 in the address bar of your browser and press enter. You will see a page with the message ‘it Works!’.


Contents

Company Info Contact Terms of Use Privacy Copyright 1994-2007 Sun Microsystems, Inc.