WebSTAR 4 Manual & Technical Reference

Manual Contents | Chapter Contents | Previous Page | Next Page

---

Installing Your Server Certificate

1 Make sure that your web server has SSL capabilities. It should say "SSL" in the Status window on the server, and have an SSL Security item in the list of Settings in WebSTAR Admin.

To install an SSL server, you may need to install WebSTAR from the distribution CD.

2 Make sure the Status window is open on the server machine.

3 In WebSTAR Admin, Settings window (on any machine), select SSL Security .

See Web Server Administration for details.

4 The top area lists the IP addresses you have set using the IP Secondary Addresses file, as described in IP Multihoming: Special Configuration . The lower area sets your security options, including certificate and private key data. The checkboxes set your policy regarding incoming connections.

For information on setting up multiple IP addresses, see Virtual Hosts and SSL and Multiple Domains .

Each IP address uses a different certificate. You can have certificates for several of these addresses, but one IP address can only have a single certificate.

5 Select the item for the IP address which corresponds to the host name of the current Certificate.

6 On the Security popup menu, select SSL 2 and SSL 3 .

7 Use the Certificate Choose button to select the certificate file you have saved in your host root folder described in Generate a Key .

8 Use the Private Key File Choose button to select the private key file saved in your host root folder, described in Downloading Your Certificate .

9 Type or paste your Private Key Password into the appropriate field.

10 Click the Save button.

11 Look at the server Status window. You should see a message confirming that the SSL certificate was accepted:

 

	SSL context for 192.168.0.2:443 created.

Encryption Ciphers

The cipher checkboxes indicate which encryption algorithms you will support. The client can connect only if they support at least one of the cipher you enable, and they negotiate to find the best fit.

• Very high-security sites will just enable 3DES and RC4-128.
• Some U.S. government sites require DES only, so if you are in that situation, do not enable the RC4 options.
• If you decide that your server does not require DES as the primary method, consider whether to allow your server to negotiate DES (which is more computationally intensive), or to allow only RC4.
• Most sites that want to allow overseas users will need to turn on DES, DES-40 and RC4-40. RC4-40 is the only supported encryption method that can be exported from the United States to other countries.
• MAC is a little different, and should only be used if you need to allow users to connect to your SSL server in an unsecure mode. There are a few countries where authentication is allowed but encryption is not, and the MAC cipher is sometimes used by clients in these countries. The MAC cipher will send your certificate to the client and ensure the integrity of the data you send, but it won't encrypt the data.

When you have chosen your cipher settings, click Save again to send the information to the server.

Manual Contents | Chapter Contents | Previous Page | Next Page