Security

Enabling SSL communication security on Apache 1.3 web server

To enable the SSL facility on Apache 1.3, an SSL (Digi-SSL™) certificate is required.
Digi-SSL™ certificate can be obtained directly from Digi-Sign and requires a CSR (Certificate Signing Request) code.
A CSR is a file/string containing your certificate application information, including your Public Key, Company Name and the Common Name (in most cases FQDN - Fully Qualified Domain Name host name).

Generate your CSR and then copy and paste the contents of the CSR file into the
Digi-Sign Digi-SSL™ web application form:

https://www.digi-sign.com/order/digi-ssl/index.php

1.1 Generating a Certificate Signing Request (CSR) using Apache 1.3

To generate keys (private and public) and Certificate Signing Request do:

For a 128 bit Certificate:
openssl req -new -newkey rsa:1024 -keyout myserver.key -nodes -out server.csr

For a 256 bit Certificate:
openssl req -new -newkey rsa:2048 -keyout myserver.key -nodes -out server.csr

This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.

    -----
    Country Name (2 letter code) [AU]: GB
    State or Province Name (full name) [Some-State]: Yorks
    Locality Name (eg, city) []: York
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
    Organizational Unit Name (eg, section) []: IT
    Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
    Email Address []:

    Please enter the following 'extra' attributes to be sent with your certificate request

    A challenge password []:
    An optional company name []:
    -----

Use the name of the web server as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a web server certificate.

Your CSR will now be created. Open the server.csr in a text editor and copy and paste the contents into the online enrolment form when requested.

When you make your application, make sure you include the CSR in its entirety into the appropriate section of the Digi-SSL™ web application form – including:

    -----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
    - Click Submit
    - Confirm your details in the Digi-SSL™ web application form
    - Finish the Digi-SSL™ web application form