Operation Manual
is established. Data integrity is ensured and client and server are able to authenticate
each other.
For this purpose, the server sends an SSL certicate that holds information proving the
server's valid identity before any request to a URL is answered. In turn, this guarantees
that the server is the uniquely correct end point for the communication. Additionally,
the certicate generates an encrypted connection between client and server that can
transport information without the risk of exposing sensitive, plain-text content.
mod_ssl does not implement the SSL/TSL protocols itself, but acts as an interface
between Apache and an SSL library. In openSUSE, the OpenSSL library is used.
OpenSSL is automatically installed with Apache.
The most visible effect of using mod_ssl with Apache is that URLs are prexed with
https:// instead of http://.
TIP: Example Certicate
An example certicate for a hypothetical company “Snake Oil” is available when
installing the package apache2-example-certificates.
30.6.1 Creating an SSL Certicate
In order to use SSL/TSL with the Web server, you need to create an SSL certicate.
This certicate is needed for the authorization between Web server and client, so that
each party can clearly identify the other party. To ensure the integrity of the certicate,
it must be signed by a party every user trusts.
There are three types of certicates you can create: a “dummy” certicate for testing
purposes only, a self-signed certicate for a dened circle of users that trust you, and
a certicate signed by an independent, publicly-known certicate authority (CA).
Creating a certicate is basically a two step process. First, a private key for the certicate
authority is generated then the server certicate is signed with this key.
522 Reference