OpenSolaris

  subsites   code review   repo   packages   bugs   defect   polls   planet
  Contents

Configuring SSL for Cool Stack

This document provides information about how to enable SSL for Cool Stack version 1.1.

What is Cool Stack?

Cool Stack (also called as SAMP stack), contains the following software that is built to work together on Solaris 10 operating system:

Note - MySQL included in this package is a 32-bit version with client-side support to work with PHP.

You can download the latest version of Cool Stack from http://cooltools.sunsource.net/coolstack/. This URL also provides information on how to install Cool Stack.

Cool Stack version 1.1 supports Solaris Express Developer Edition and Solaris 10.

What is SSL?

Secure Socket Layer (SSL) is a protocol used for transmitting secure data through the Internet. SSL uses a cryptographic system that uses two keys to encrypt data: a public key known to everyone and a private or secret key known only to the recipient of the message. Most web browsers support SSL. By convention, URLs that support SSL start with https.

Configuring SSL

Before you proceed to configure SSL for Cool Stack:

  1. Ensure that you have Solaris 10 operating system installed on your host.

  2. Log in as root or as a super user.

  3. Install the CSKamp package from http://cooltools.sunsource.net/coolstack/for your target platform (SPARC or x86).

  4. Make sure you have at least 150 MB of free memory to run Apache HTTPd server.

Configuration changes

In the /opt/coolstack/apache2/conf/httpd.conf file, make the following changes:

  1. Set ServerName to the fully qualified DNS name of the system. If your host does not have a registered DNS name, you can specify the IP address of the host.

    For example: ServerName www.myserver.com:80

  2. Set ServerAdmin to an appropriate email address.

    For example: ServerAdmin you@myserver.com

  3. Uncomment the following line:

    Include conf/extra/httpd-default.conf

    This file contains the default server configuration information.

  4. Uncomment the following line:

    Include conf/extra/httpd-ssl.conf

    This file contains the SSL configuration information.

In the /opt/coolstack/apache2/conf/extra/httpd-default.conf file, make the following changes:

Set UseCanonicalName to On.

UseCanonicalName determines how Apache constructs self-referencing URLs and the SERVER_NAME and SERVER_PORT variables. When set Off, Apache uses the Hostname and Port supplied by the client. When set On, Apache uses the value of the ServerName directive.

In the opt/coolstack/apache2/conf/extra/httpd-ssl.conf file, make the following changes:

  1. Set the virtual server host context parameters. Virtual Server host is the same as you set ServerName in httpd.conf along with port number 443.

    For Example:

    <virtualHost myserver.sun.com:443>

  2. Set the ServerName to the same name that you set in httpd.conf.

    For Example:

    ServerName myserver.sun.com:443

  3. Set the ServerAdmin to the same value as you set in httpd.conf.

    For Example:

    ServerAdmin you@myserver.com

Creating Certificate and Key

Use OpenSSL to create the key and certificate for https.

Apache HTTPd server stores the certificate and certificate key in different files. Location of these files are specified in the httpd-ssl.conf file.

Note - Apache configures SSL at the Virtual host level, not at the listener level.

To generate server key and certificate
  1. At the command prompt, set path variable to point to the location where OpenSSL is installed.

    For example: PATH=/usr/sfw/bin:$PATH

  2. Change directory to the location where apache configuration files are stored.

    For example: cd /opt/coolstack/apache2/conf

  3. Use the openssl command to generate a RSA key.

    openssl genrsa -out server.key 2048

    This command generates a server key and stores it in the /opt/coolstack/apache2/conf directory

    Type openssl -help at the command prompt for help on using the command.

  4. Generate a server certificate using the openssl command.

    openssl req -new -x509 -key server.key -out server.crt -days 365

    This command prompts you to enter the country name, state or province name, locality name, organization name, organization unit name, email address and the common name. For Common Name, enter the value that you used for ServerName in httpd.conf file.

    In this example, enter myserver.sun.com for Common Name.

Starting Apache HTTPd Server in Secure Mode

You are now ready to start Apache server. Use the apachectl start command.

At the command prompt, type the following command:

/opt/coolstack/apache2/bin/apachectl start

If you receive any warnings or error messages, see the log files stored in /opt/coolstack/apache2/logs.

To verify whether the server has started successfully, open your web browser, enter the URL https://myserver.sun.com:443 in the address bar and press enter.

You will see a page with the message 'It Works!'.

You have successfully configured SSL with Cool Stack.

Note - With this configuration, you can also run the server in non-SSL mode. Type the URL http://myserver.sun.com:80 in the address bar of your browser and press enter. You will see a page with the message 'It Works!'.

Contents