iX 6.5)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

171

172

173

174

175

176

177

178

179

180

Chapter 10 175

HP WebWise MPE/iX Secure Web Server

Server Keys and Certiﬁcates

Your signed certiﬁcate will arrive in raw PEM format, which looks like this:

-----BEGIN CERTIFICATE-----

MIICsTCCAhoCAQEwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMREwDwYD

VQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkgQ29t

cGFueTEWMBQGA1UECxMNTXkgQ29tcGFueSBDQTEeMBwGA1UEAxMVQ2VydGlmaWNh

dGUgQXV0aG9yaXR5MR8wHQYJKoZIhvcNAQkBFhBjYUBteWNvbXBhbnkuY29tMB4X

DTAwMDQxMzE4MzY0MVoXDTAxMDQxMzE4MzY0MVowgaAxCzAJBgNVBAYTAlVTMREw

DwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkg

Q29tcGFueTEPMA0GA1UECxMGTXkgT3JnMRowGAYDVQQDExF3d3cubXljb21wYW55

LmNvbTEqMCgGCSqGSIb3DQEJARYbd2VibWFzdGVyQHd3dy5teWNvbXBhbnkuY29t

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS1iRItFKSDzOhDShFeoiWkfnc

0yPGp7rkk17T05y6GCfsJdtbH/Umn2uM/tSNOiguAPBYce8prLYjNqyXY4QBCzWQ

NGv/NbGDCoGhElrVzwBEYnBy+TyPMF/dYdH+1oOaaTZ0ZE0WP0l6CimzzXjvwCup

OpcQ82zfh2HTRpPYawIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABlROc1/xpG+FlPd

lekq+E1oc42sOMiLaWe6orfffh74DbuTgxvTWTK8Wo31W8Reqj7jqOAeGvF46mWH

Vq1mFM/Jh9oMQYb2IAjbuA1/7kefkMHdgf6NMC3L0cbCKs6bF7nDJGjWYb9sXcTM

shYJMLBXyKW+cmrvJIqoMnq8DZUv

-----END CERTIFICATE-----

Save this data as /APACHE/SECURE/conf/ssl.crt/server.crt and then proceed to the

“Installing Your Certiﬁcate” section. You can display the details of your new server

certiﬁcate by doing:

$ openssl x509 -noout -text -in /APACHE/SECURE/conf/ssl.crt/server.crt

...Or Sign Your CSR With Your Own CA

First, create a private key and certiﬁcate for your CA. The CA requires a unique

Distinguished Name different from the server certiﬁcate(s) you will be signing. One way to

do this is to use a unique Organizational Unit Name when you create the CA certiﬁcate.

For example, if your organization is XYZ Corporation, you might want to make the

Organizational Unit Name be XYZ Corporation Certiﬁcate Authority.

1. $ cd ../ssl.key

2. $ openssl genrsa -des3 -out ca.key 1024

1128 semi-random bytes loaded

Generating RSA private key, 1024 bit long modulus

.......................................+++++

....................................................+++++

e is 65537 (0x10001)

Enter PEM pass phrase:********

Verifying password - Enter PEM pass phrase:********

3. $ openssl rsa -noout -text -in ca.key (displays the details of your newly

created CA key; output omitted)