Providing the Certificates for the Apache Web Server (UNIX)
On UNIX the Apache Web server is used as the TREX Web server for communicating with the Content Management (CM) TREX Java client. The Apache Web server requires the following so that it can communicate with the Java client using a secure connection:
-
A server certificate issued by the same certification authority (CA) as issued the Java client certificate
-
The root certificate of the CA
You configure the secure connection between the Apache Web server and the TREX Java client using the cryptography tool OpenSSL. You generate OpenSSL and the library libssl.so for the security configuration using a script from the downloaded sources of the cryptography software. More information: Providing Cryptography Software for the Apache Web Server
You have generated the cryptography tool OpenSSL and the corresponding library modSSL (libssl.so) using a build script.
Process Flow
The graphic below depicts the steps required in the order in which you carry them out.
-
Create a private key and a certificate request for the Web server. The certificate request contains the public key and information on the owner of the certificate.
-
Send this request to the CA.
-
When the CA has issued your server certificate, you collect the certificate, signed by the CA. Collect the root certificate of the CA.
-
Then configure the Web server for SSL. To do this you edit the configuration file of the Apache Wev server (http.conf) and enter the following information there:
-
The path to the files that contain the private key of the Web server, the server certificate, and the root certificate of the CA.
-
The owner and issuer of the certificate that belongs to the Java client. The Web server can authenticate the Java client using this information.
-
-
You then change the start mode of the Web server so that it starts in SSL mode. You make this change in the configuration file TREXDaemon.ini.