Sambar Server Documentation
|
SSL Support
|
Overview The most widely implemented encryption system for the Web at present is SSL. The Sambar Server supports SSL encryption and was granted permission to ship 40 and 128-bit SSL encryption by the US government on 2/19/2000. In the United States, RSA Security restricts the distribution of products with SSL functionality (via patent). The SSL Technical Overview was provided to the government and describes the server's SSL implementation. The Sambar Server uses OpenSSL and/or RSA SSL-C to implement SSL. SSL stands for Secure Socket Layer, a protocol developed by Netsacpe for secure transactions across the Web. SSL uses a form of public key encryption, where the information can be encoded by the browser using a publicly available public key, but can only be decoded by someone who knows the corresponding private key. The most common ciphers used with SSL are RC2 and RC4. These ciphers use 128-bit keys, which offers a high degree of security. An "export" version of these ciphers is also available; the export versions use 40-bit keys, but are otherwise idential to their equivalent 128-bit versions. Inside the USA a license from RSA is required to use these ciphers.
US Export Restrictions
Encryption Patents and RSA Outside the US, no license fee is required for the use of the RSA methods because they are only patented inside the US and SSLeay (the technology used by most SSL implementations) uses an independant implementation of the cipher algorithms.
Certificates
Configuration
The SSL DLLs are not shipped with the Sambar Server. In order to run
in secure mode, the appropriate Sambar Server configuration parameters
must be set and the OpenSSL DLLs In order to initiatine a SSL-connection, the secure server must have a certificate (see Verisign Information Desk and RSA FAQ on Cryptography for more informat). The Sambar Server does not currently provide client-certificate verifications.
The first step of running the Sambar SSL Server is to generate a
Private Key. For that, feed a file of random text ( To generate a key, type:
This command sequence will generate a 1024-bit RSA private key and store
it in the file
Obtaining a certificate (Digital ID)Next you must generate a Certificate Signing Request (CSR). The CSR is what contains the name information for the certificate (Country, State/Province, City, Organization, Division, Web Server Domain Name, etc). It also contains your public key. The formats of certificate and CSR used by the Sambar Server are the same as those used by Apache-SSL (both servers use SSLeay for their SSL implementations). CSR should be sent for verification to Certificate Authority (CA) e.g. Verisign (www.verisign.com) or Thawte (www.thawte.com). To generate your CSR, run:
This command sequence will prompt you for the attributes of your certificate. Remember to give the secure server domain name when you would be prompted for "Common Name". The request should look like:
You will now have a private key file (
Upon reception of a signed certificate from CA, name the
certification The certificate should look like:
You can also generate a temporary (untrusted) test certificate by running:
There is also a good temporary untrusted test certificate generator at Cryptsoft.com. For internal corporate use, you might want to get a free trial certificate server from Verisign (choose Apache-SSL) or from Thawte (chose Generate an X.509v3 certificate & Use the most basic format).
Starting the HTTPS Server
SSL and Virtual Hosts
|
© 1998 Sambar Technologies. All Rights reserved. Terms of use.