iX 6.5)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

171

172

173

174

175

176

177

178

179

180

Chapter 10 171

HP WebWise MPE/iX Secure Web Server

Server Keys and Certiﬁcates

supplied to the web server at start up time, either by inserting it directly into the

/APACHE/SECURE/JHTTPDS job stream after the command that invokes HTTPDS (caution

— the pass phrase will be in plain text in the JHTTPDS job stream, so you’ll need to

protect the job stream too), or by writing a special script or program that HTTPDS will

invoke to obtain the pass phrase. See the mod_ssl SSLPassPhraseDialog conﬁguration

directive documentation for details.

Key generation uses a random number generator which in order to be portable uses a

rather simple random seed consisting of the current time, process ID, and some memory

buffer contents. To increase the randomness for the initial random number, you should use

the openssl

-rand

parameter to specify a ﬁle that contains possibly random data but

deﬁnitely data that is unique to your machine. For example, because machines have

different patches applied at different times, /SYS/PUB/HPSWINFO might be suitable as a

-rand

ﬁle containing unique data that will only exist on this one machine.

To create your private server key:

1. $ cd conf/ssl.key

2. $ openssl genrsa -rand /SYS/PUB/HPSWINFO -des3 -out server.key 1024

unable to load 'random state'

28199 semi-random bytes loaded

Generating RSA private key, 1024 bit long modulus

................+++++

.................+++++

e is 65537 (0x10001)

Enter PEM pass phrase:********

Verifying password - Enter PEM pass phrase:********

3. $ openssl rsa -noout -text -in server.key

(displays the details of your newly created server key)

read RSA private key

Enter PEM pass phrase:********

Private-Key: (1024 bit)

modulus:

00:d2:d6:24:48:b4:52:92:0f:33:a1:0d:28:45:7a:

88:96:91:f9:dc:d3:23:c6:a7:ba:e4:93:5e:d3:d3:

9c:ba:18:27:ec:25:db:5b:1f:f5:26:9f:6b:8c:fe:

d4:8d:3a:28:2e:00:f0:58:71:ef:29:ac:b6:23:36:

ac:97:63:84:01:0b:35:90:34:6b:ff:35:b1:83:0a:

81:a1:12:5a:d5:cf:00:44:62:70:72:f9:3c:8f:30:

5f:dd:61:d1:fe:d6:83:9a:69:36:74:64:4d:16:3f:

49:7a:0a:29:b3:cd:78:ef:c0:2b:a9:3a:97:10:f3:

6c:df:87:61:d3:46:93:d8:6b

publicExponent: 65537 (0x10001)

privateExponent:

00:ae:e8:8a:47:6a:99:49:a4:a4:df:4a:0c:0b:bf:

c0:ca:b1:25:89:65:fc:3b:14:f1:3e:29:68:34:f1:

4c:07:32:7d:04:32:cf:cc:c4:31:5b:ae:4b:ca:37:

aa:5b:d3:50:7c:01:b9:62:96:7a:a3:a7:2d:9e:fe:

ff:a5:c4:20:40:3e:ea:02:05:fa:9e:00:d6:a9:59:

e0:46:13:ef:9a:ef:64:d1:8a:bd:e6:2b:82:06:c9:

da:8b:15:e9:b8:fa:eb:a0:13:6c:94:ca:10:9c:dc: