Apache Server for Windows Little Black Book:Keeping Your Apache Site Secure
function GetCookie (name) { var arg = name + "="; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i < clen) { var j = i + alen; if (document.cookie.substring(i, j) == arg) { var end = document.cookie.indexOf (";", j); if (end == -1) end = document.cookie.length; return unescape(document.cookie.substring(j, end)); } i = document.cookie.indexOf(" ", i) + 1; if (i == 0) break; } return null; } var m1=''; var gifstr=GetCookie("UsrType"); if((gifstr!=0 ) && (gifstr!=null)) { m2=gifstr; } document.write(m1+m2+m3);            Keyword Title Author ISBN Publisher Imprint Brief Full  Advanced      Search  Search Tips Please Select ----------- Components Content Mgt Certification Databases Enterprise Mgt Fun/Games Groupware Hardware IBM Redbooks Intranet Dev Middleware Multimedia Networks OS Prod Apps Programming Security UI Web Services Webmaster Y2K ----------- New Titles ----------- Free Archive To access the contents, click the chapter and section titles. Apache Server for Windows Little Black Book (Publisher: The Coriolis Group) Author(s): Greg Holden with Matthew Keller ISBN: 1576103919 Publication Date: 01/01/99 function isIE4() { return( navigator.appName.indexOf("Microsoft") != -1 && (navigator.appVersion.charAt(0)=='4') ); } function bookMarkit() { var url="http://www.itknowledge.com/PSUser/EWBookMarks.html?url="+window.location+"&isbn=0"; parent.location.href=url; //var win = window.open(url,"myitk"); //if(!isIE4()) // win.focus(); } Search this book:  















Previous
Table of Contents
Next




Applying To A Certification Authority
If you plan to purchase Stronghold NT and make secure commerce transactions (or other secure transactions) available on your server, you should purchase a server certificate from a certification authority. Again, the following steps describe VeriSign’s procedure for requesting and then installing a certificate.

After you have installed Stronghold NT and generated a private key, follow these steps to obtain a certificate from VeriSign:

1.  Open an MS-DOS console window, change the directory to C:\Program Files\Stronghold, and have Stronghold NT generate a CSR to send to VeriSign. Enter the following:


ssleay req -config SSL\LIB\SSLEAY.CONF-
-new -key SSL\PRIVATE\TEST.KEY -out SSL\CERTS\TEST.CSR


2.  Press Enter. The CSR is created and assigned the file name test.csr. This file is stored in the directory SSL\Certs.
3.  Open test.csr in Notepad. The contents of the request file should look like this:


--BEGIN NEW CERTIFICATE REQUEST--
MIIBCTCBtAIBADBPMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlk
A1UEChMPRXllcyBvbiBUaGUgV2ViMRQwEgYDVQQDFAt3d3cuZXR3Lm5l
CSqGSIb3DQEBAQUAA0sAMEgCQQCeojtjnHqg0GTxp+XZ56RaSe1iZWpu
v1FdXzsY1oLOQa090Jtnu1WsQRHh0yDS+45oncjKm1zCG/IZAgMBAAGg
hkiG9w0BAQQFAANBAFBj9g+NiUh8YWPrFGntgf4miUd/wqUshptjJy4P
5svvuh3G//PpGh2aYXIjHpJXTUBQyzxSEIINYtc=
--END NEW CERTIFICATE REQUEST--


4.  Copy the contents of test.csr. Paste them into the textbox at the bottom of the page titled “Step 2 Of 5: Submit CSR” (this page is at digitalid.verisign.com/server/trial/trialStep2.htm) on the VeriSign Web site. Click on the Continue button at the bottom of this page.
5.  Step 3 on the VeriSign Web site is to complete the application for the certificate. When installation is complete, VeriSign sends you your certificate, usually via email.
6.  Copy the new test certificate into the following location: C:\Program Files\Stronghold\SSL\Certs\test.cert.


TIP:  Be sure to pack up your private key and CSR on a backup disk and store the disk in a secure location in case your certificate is lost or damaged.

You can now connect to your secure Stronghold NT site and begin configuring it, as described in the following section.

Configuring Your Secure Site
Once you have a certificate, you can connect to your own secure version of Apache. Launch your browser and connect to your site by accessing the URL with the form https://sitename/.
The first time you connect to your secure site, your browser will present an alert dialog box like the one shown in Figure 12.3.

Figure 12.3  Your browser alerts you before it accepts your new site certificate.
Click on the Next button. A series of alert boxes appears; they provide you with more information about the certificate. When you have closed the last alert box, the Security Information dialog box appears (Figure 12.4).


Figure 12.4  The Security Information dialog box notifies you and your visitors that the information on your site uses encryption.
Click on Continue to close the Security Information dialog box. Your browser will then connect to your Stronghold NT–secured Web site, and you should see the Web page shown in Figure 12.5.


Figure 12.5  When you configure Stronghold NT and obtain a certificate, you connect to this welcome page.
Note the “closed lock” icon in the lower-left corner of the browser window; it indicates that you are connected to a secure site.

At this point, you can begin to configure your Stronghold NT Web site, using one of these two options:

•  You can change settings in the usual Apache configuration files httpd.conf, access.conf, and srm.conf, which are in the directory C:\Program Files\Stronghold\Conf.
•  You can use Stronghold NT’s Web-based Configuration Manager, which gives you a graphical configuration interface.

Unfortunately, the Configuration Manager was not yet implemented in the 2.0b1 version of Stronghold NT that was available at press time. By the time you read this, a more recent version with a graphical configuration interface may be available. If so, you can use the Configuration Manager by accessing your secure site at port 444. Enter the following in your browser’s Go To or Location box:



https://yoursite.com:444/


You will be prompted to supply the username and password you supplied when you first installed Stronghold NT.




Previous
Table of Contents
Next






Products |  Contact Us |  About Us |  Privacy  |  Ad Info  |  Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited.