Previous Topic: SSL and the Secure Proxy Server

Next Topic: Generate a Private RSA Key

Keys and Server Certificates Management

The SPS fully supports the Secure Sockets Layer (SSL) protocol. SSL provides secure communication between client and server, enabling mutual authentication (using certificates) and private encrypted messages (using keys).

The SPS uses the OpenSSL cryptography toolkit, which implements the SSL v2/v3 and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by these protocols. The OpenSSL toolkit includes the openssl command line tool for generating keys and certificates. The openssl executable image and supporting libraries are located in the <install dir>\SSL\bin folder or corresponding UNIX directory.

Note: To enable SSL on Solaris, you must have patch 127127-11 installed on the same system as the Secure Proxy Server.

To run the openssl command line tool, connect to the appropriate folder or directory. Open a command line Window or UNIX shell. Use the following syntax as a guideline for entering openssl commands:

openssl command [ command_opts ] [ command_args ]

The openssl tool provides a large number of commands (command in the synopsis above); each one can include numerous options and arguments (command_opts and command_args in the synopsis). You can find complete documentation for openssl at the following URL:

http://www.openssl.org/docs/apps/openssl.html

Important! When you issue the openssl command for any propose be sure to specify a valid path to the openssl configuration file (openssl.conf) using the -config parameter in the command line.

The commands you are most likely to use to perform fundamental SSL tasks are as follows:

Before you proceed, review the following important information about private keys and server certificates: