HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_292
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 292 Certificate is to be certified until Dec  1 14:59:29 2000 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: OK This signs the CSR and results in a server.crt file. [root@deep ssl]# mv server.crt certs/ Now you have two files: server.key and server.crt. These now can be for example used as following inside your Apache's httpd.conf file: SSLCertificateFile    /etc/ssl/certs/server.crt   Our web server public key SSLCertificateKeyFile /etc/ssl/private/server.key   Our web server private key The server.csr file is no longer needed. [root@deep ssl]# rm -f server.csr Securing OpenSSL Make your keys “Read and Write” only by the super-user “root”. This is important because no one need to touch this files. · To make your keys “read and Write” only by “root”, use the following commands: [root@deep /]# chmod 600 /etc/ssl/certs/ca.crt [root@deep /]# chmod 600 /etc/ssl/certs/server.crt [root@deep /]# chmod 600 /etc/ssl/private/ca.key [root@deep /]# chmod 600 /etc/ssl/private/server.key Some possible uses of OpenSSL software OpenSSL can be used to: 1. Create your own Certificate Server. 2. Provide data confidentiality, integrity, authentication, and electronic signature in transmission for the users. 3. Secure electronic commerce transactions. Installed files > /etc/ssl > /etc/ssl/crl > /etc/ssl/certs > /etc/ssl/private > /etc/ssl/openssl.cnf > /usr/bin/openssl > /usr/bin/c_rehash > /usr/bin/sign.sh > /usr/bin/c_hash > /usr/bin/c_info > /usr/bin/c_issuer > /usr/bin/c_name > /usr/bin/der_chop > /usr/include/openssl > /usr/man/man1/verify.1 > /usr/man/man1/version.1 > /usr/man/man1/x509.1 > /usr/man/man3/BN_CTX_new.3 > /usr/man/man3/BN_CTX_start.3 > /usr/man/man3/BN_add.3 > /usr/man/man3/BN_add_word.3 > /usr/man/man3/BN_bn2bin.3 > /usr/man/man3/BN_cmp.3 > /usr/man/man3/BN_copy.3 > /usr/man/man3/BN_generate_prime.3 > /usr/man/man3/BN_mod_inverse.3 > /usr/man/man3/BN_mod_mul_montgomery.3  > /usr/man/man3/BN_mod_mul_reciprocal.3