Configure SSL and verify that it works properly before using the product. In order to make an SSL connection, you must be able to trust the certificate authority of an incoming certificate. For example, if a browser presents a certificate that is signed by VeriSign, you must have a VeriSign Certificate Authority that is installed and trusted in the web server. In addition to trusting client certificates that are presented, the server itself must have a certificate to present to the clients. The clients have to trust the Certificate Authority that issued the certificate. This setting allows mutual authentication. Once these certificates have been installed, you can configure the Web Server to use SSL and require certificates, if desired.
For detailed SSL configuration information, see the documentation that is provided with your web server software. This section contains step-by-step instructions for configuring your web server and browser to establish an SSL connection.
If a certificate authority is already installed in the Web Server, go on to the next section. Otherwise, install a certificate for the Certificate Authority on the SSL Web Server.
Follow these steps:
Configure the Netscape Web Server for SSL by requiring certificates.
Follow these steps:
Note: Do not turn on Required Certificates for the Certificate or Basic Authentication Scheme.
If a certificate authority is installed in the Web Server, you can establish trust between the two.
Follow these steps:
Trust your client certificates by installing the appropriate Certificate Authority Certificates.
SSL Web Servers must have certificates for each Certificate Authority. Major certificate authorities could possibly have been installed. You can configure certificates in Windows operating environments by using the Certificates snap-in.
Be sure that a secure port has been enabled on the Web Server. Generally this is port 443. You can verify this through the Management Console by right-clicking on the Web Server and in the Web site tab you will see an SSL Port. Be sure a port number has been installed.
The advanced authentication schemes will create virtual directories in the Web Server. These directories will automatically be configured to require SSL and certificates as required by the specific authentication scheme. However, for testing purpose, you may want to create a test virtual directory. You can configure this virtual directory to require certificates through the Directory Security tab, Secure Communications.
https://servername:port/virtual directory - Ensure that the browser is asked for a certificate.
If you have not already done so, you will need to generate a key for your Web server. This is done through the Management Console, Key Manager. Access the Key Manager by doing the following:
Note: Note this process may be slightly different for IIS 3 and IIS 4.
To install the IIS Web Server Certificate
Once you create a key, you can request a certificate using the file created in the steps mentioned earlier. Go to the Certificate Authority and request a certificate for this server. You will need to paste the certificate request information generated in Step 1 in order to receive a certificate. Once you received a certificate, go back to Management Console, Directory Security and click Key Manager to install the certificate for the key described in the next step.
If a certificate authority is already installed on your web server, go on to the next section. Otherwise, install a certificate for the Certificate Authority on the SSL web server as follows.
Follow these steps:
The process for installing a certificate on an Apache Web Server varies with individual configurations. Consult the documentation for Mod_SSL and OpenSSL for details about how to configure these components.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|