|
Last modified: 09 Dec 2005
This document covers SSL implementation on H-Sphere Unix Web servers.
SSL is implemented by the mod_ssl Apache utility and uses OpenSSL package installed on the box.
Before H-Sphere 2.5, OpenSSL is installed by the hsphere-openssl package. H-Sphere 2.5 and up uses
native OpenSSL packages installed with operating systems.
SSL modes:
Dedicated SSL
In dedicated SSL mode, a single SSL certificate is issued for a dedicated IP.
For dedicated IPs, SSL keys are located in the user home directory:
/hsphere/local/home/{user_name}/ssl.conf/{domain_name}/
If SSL is enabled, the following files will be placed to this directory:
- server.crt - SSL certificate
- server.key - SSL private key
Shared SSL
In shared SSL mode, one SSL certificate would be used for all IPs under the same domain zone.
Directories with SSL certificates and keys are
located in the Apache config directory (/hsphere/shared/apache/config/).
/hsphere/shared/apache/conf/ssl.shared - directory for shared SSL
certificates and keys.
Shared SSL directory structure:
- ssl.shared/{domain_name} - directory with
SSL certificate and private key for a domain
With SSL enabled, the following files are placed into this directory:
- server.crt - SSL Certificate
- server.key - SSL Private Key
- server.csr - SSL signing request (if certificate has been generated by H-Sphere
SSL generator tool)
When the user turns off SSL, the files remain on the server. When the user turns SSL
back on, they are overwritten with the new files.
|
