Sun Crypto Accelerator 1000 Board Version 1.1 Installation and User's Guide Table of ContentsPrevious ChapterNext ChapterBook Index


C H A P T E R  4
Installing and Configuring iPlanet Web Server 4.1

This chapter explains how to install and configure iPlanet Web Server 4.1. This chapter includes the following sections:

Installing iPlanet Web Server 4.1

You must perform these procedures in order. Refer to the iPlanet Web Server documentation for more information about using iPlanet Web Servers.


procedure icon  To Install iPlanet Web Server 4.1

1. Download the iPlanet Web Server 4.1 software.

You can find the web server software at the following URL:

http://www.iplanet.com

2. Install the web server.

Instructions are included for one example, you may decide to configure your web server differently. The default path name for the server is: /usr/netscape/server4

Accept the default path during the iPlanet Web Server installation. This book refers to these default paths. If you decide to install it in a different location, be sure to note where you installed it.

3. Run the setup program.

4. Answer the prompts in the installation script.

Except for the following prompts, you can accept the default for ease of use.

a. Agree to accept the license terms by typing yes.

b. Enter a fully qualified hostname.domain.

c. Enter the iWS administration server password twice.

d. Press Return when prompted.


procedure icon  To Create a Trust Database

1. Start the administration server.

To start an iPlanet Web Server 4.1, use the following command (instead of running startconsole as setup requests): 

# /usr/netscape/server4/https-admserv/start

iPlanet-WebServer-Enterprise/4.1SP9 BB1-08/23/2001 05:50

startup: listening to http://hostname.domain, port 8888 as root

The response provides the URL for connecting to your servers.

2. Start the iPlanet administration server by opening up a web browser and entering: 

http://hostname.domain:admin_port

In the pop-up window enter the iWS administration server username and password you selected while running setup.


Note - If you used the default settings during iPlanet Web Server setup, enter the word admin for the User ID or the iWS adminstration server username.


3. Click OK.

4. Create the trust database for the web server instance.

You might want to enable security on more than one web server instance. If so, repeat Steps 1-4 for each web server instance.


Note - If you want to run SSL on the administration server as well, the process of setting up a trust database is similar. Refer to the iPlanet documentation for more information.


a. Click the Servers tab in the administration server.

b. Select a server and click the Manage button.

c. Click the Security tab near the top of the page and select the Create Database link.

d. Enter a password (web server trust database) in the two dialog boxes and click OK.

Choose a password of at least eight characters. You will use this to start the internal cryptographic modules when the iPlanet Web Server runs in secure mode.

5. Execute the following script to enable the Sun Crypto Accelerator 1000 board: 

# /opt/SUNWconn/crypto/bin/sslconfig

This script prompts you to choose a web server. It installs the Sun Crypto Accelerator 1000 cryptographic modules for the iPlanet Web Server or Apache Web Server. The script then updates the configuration files to enable the Sun Crypto Accelerator 1000 board.

6. Type 1 to configure your iPlanet Web Server to use SSL and press Enter. 

Sun Crypto Accelerator Installation

---------------------------------------------------------

This script will install the Sun Crypto Accelerator

cryptographic modules for iPlanet Web Server

or Apache.

 

Please select the type of web server you wish to configure

to use the Sun Crypto Accelerator:

---------------------------------------------------------

1. Configure iPlanet Web Server for SSL

2. Configure Apache for SSL

3. Work with iPlanet and Apache keys

Your selection (0 to quit): 1

7. Enter the path of the web server root directory when prompted and press Enter. 

Please enter the full path of the web server

root directory [/usr/netscape/server4]: /usr/netscape/server4

8. Type y and press Enter when prompted, if you want proceed. 

This script will update your iPlanet Web Server installation

in /usr/netscape/server4 to use the Sun Crypto Accelerator

You will need to restart your admin server after this has completed.

Ok to proceed? [Y/N]: y

 

Using database directory /usr/netscape/server4/alias...

Module "Sun Crypto Accelerator" added to database.

/usr/netscape/server4 has been configured to use

the Sun Crypto Accelerator.

 

 

<Press ENTER to continue>

9. Type 0 to quit.


procedure icon  To Generate a Server Certificate

1. Restart the administration server by typing the following commands: 

# /usr/netscape/server4/https-admserv/stop

# /usr/netscape/server4/https-admserv/start

2. To request the server certificate, click the Security tab near the top of this page.

The Create Trust Database window is displayed.

3. Select the Request a Certificate link on the left frame.

 

Screenshot of the Create Trust Database window of the Netscape Web Server Enterprise Edition graphical user interface.[ D ]

4. Fill out the form to generate a certificate request, using the following information:

a. Select a New Certificate.

If you can directly post your certificate request to a web-capable certificate authority or registration authority, select the CA URL link. Otherwise, choose CA Email Address and enter an email address where you would like the certificate request to be emailed to.

b. Select the Cryptographic Module you want to use.

Each realm has its own entry in this pull-down menu. Be sure that you select the correct realm. To use the Sun Crypto Accelerator 1000, you must select a module in the form of user@realm-name.

c. In the Key Pair File Password dialog box, provide the password for the user@realm-name that will own the key.

d. Provide the appropriate information for the following fields:

    • Requestor Name: Contact information for the requestor

    • Telephone Number: Contact information for the requestor

    • Common Name: Website Domain that is typed in a visitor's browser hostname.domain

    • Email Address: Contact information for requestor

    • Organization: A value for the Organization to be asserted on the certificate

    • Organizational Unit: (Optional) A value for the Organizational Unit that will be asserted on the certificate

    • Locality: (Optional) City, county, principality, or country, which is also asserted on the certificate if provided

    • State: (Optional) The full name of the state in this field

    • Country: The two-letter ISO code for the country (for example, the United States is US)

e. Click the OK button to submit the information.

5. Use a certificate authority to generate the certificate.

  • If you choose to post your certificate request to a CA URL, the certificate request is automatically posted there.

  • If you choose the CA Email Address, copy the certificate request that was mailed to you with the headers and hand it off to your certificate authority.

6. Once the certificate is generated, copy it, along with the headers, to the clipboard.

Note that the certificate is different from the certificate request and is usually presented to you in text form.


procedure icon  To Install the Server Certificate

1. Select the Install Certificate link on the left side of the page.

Once your request has been approved by a certificate authority and a certificate has been issued, you must install the certificate in the iPlanet Web Server.

2. Select the Security tab.

3. On the left frame, choose the Install Certificate link.

 

Screenshot of the Install Certificate window of the Netscape Web Server Enterprise Edition graphical user interface.[ D ]

4. Fill out the form to install your certificate:

  • Certificate For: This Server

  • Cryptographic Module: Select the appropriate user@realm-name name.

  • Key Pair File Password: Provide the password for the user@realm-name that owns the key that was generated earlier.

  • Certificate Name: In most cases, you can leave this blank. If you provide a name, it will alter the name the web server uses to access the certificate and key when running with SSL support.

5. Choose Message text (with headers) and paste the certificate you copied earlier.

6. Click the OK button at the bottom of the page.

7. Paste the certificate you copied from the certificate authority into the Message box.

You are shown some basic information about the certificate.

8. If everything looks correct, click the Add Server Certificate button.

On-screen messages tell you to restart the server. This is not necessary as the web server instance has been shut down the entire time. You are also notified that in order for the web server to use SSL the web server must be configured to do so. Use the following procedure to configure the web server.

Configuring iPlanet Web Server 4.1

Now that your web server and the Server Certificate are installed, you must configure the web server for SSL.


procedure icon  To Configure the iPlanet Web Server 4.1

1. From the main administration page, choose the web server instance you want to work with and click Manage.

2. If the Preferences tab is not selected at the top of the page, click tab.

3. Select the Encryption On/Off link on the left side of the page.

4. Set encryption to On.

The Port field in the dialog box should update to the default SSL port number 443. Alter the port number if necessary.

5. Click the OK button.

6. Apply these changes by clicking the Save button.

The web server is now configured to run in secure mode.

7. Edit the /usr/netscape/server4/https-hostname/config/magnus.conf file by adding the following line: 

CERTDefaultNickname user@realm-name:Server-Cert

Where hostname is the name of the web server.

By default, the certificate you generated in Step 2 and Step 4 is named
Server-Cert. If your certificate has a different name, substitute the name of the certificate for Server-Cert.

8. Select the server you want to administer and click the Apply button in the far upper right corner of the page.

This action applies the changes through the administration server.

9. Click the Load Configuration Files button to apply the changes you just made to the magnus.conf file.

If you click the Apply Changes button when the server is off, a pop-up window prompts you for password. This window is not resizable, and you might have a problem submitting the change. There are two workarounds for this problem:

  • Click the Load Configuration Files instead.

  • Start up the web server first, and click on the Apply Changes button.

10. On the web server page, select the On/Off link on the left side of the page.

11. Enter the passwords for the servers and click the OK button.

You are prompted for one or more passwords. At the Module Internal prompt, provide the password for the web server trust database.

At the Module user@realm-name prompt, enter the password you set when you created user in the realm-name using secadm.

12. Verify the new SSL-enabled web server at the following URL:

https://hostname.domain:server_port/

Note that the default server_port is 443.

 



  Sun Crypto Accelerator 1000 Board Version 1.1 Installation and User's Guide 816-2450-11 Table of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2002, Sun Microsystems, Inc. All rights reserved.