G - A P P E N D I X -

A P P E N D I X G

Frequently Asked Questions

How Do I Configure the Web Server to Startup Without User Interaction on Reboot?

You can enable both Sun ONE and Apache Web Servers to perform an unattended startup at reboot with an encrypted key.

To Create an Encrypted Key for Automatic Startup of Apache Web Servers on Reboot

1. Verify that the following entry exists in the httpd.conf file:

SSLPassPhraseDialog exec:/opt/SUNWconn/cryptov2/bin/apgetpass

This directive retrieves a password from a protected password file in the /etc/apache directory.

2. Create a password file that contains only the password in the /etc/apache directory with the following file name convention:

server_name:port.KEYTYPE.pass

server_name - The value that you put in the "ServerName" directive in the httpd.conf file.

port - The port that this SSL server will run on (for example, 443)

KEYTYPE - Either RSA or DSA

Example: For a server named webserv101 running SSL on port 443 with an RSA key, you create the following file in /etc/apache:

webserv101:443.RSA.pass

It is recommended to change the permissions and ownership of the password file as follows:

# chmod 400 server_name:port.KEYTYPE.pass

# chown root server_name:port.KEYTYPE.pass

Refer to the mod_SSL and OpenSSL documentation for more information.

To Create an Encrypted Key for Automatic Startup of Sun ONE Web Servers on Reboot

1. Navigate to the config subdirectory for your Sun ONE Web Server instance--for example, /usr/iplanet/servers/https-webserver_instance_name/config).

2. Create a password.conf file with only the following lines (See TABLE 5-1 for password definitions):

internal:trust_db_password

keystore_name:username:password

3. Set the file ownership of the password file to the UNIX user ID that the web server runs as, and set the file permissions to be readable only by the owner of the file:

# chown web_server_UNIX_user_ID password.conf

# chmod 400 password.conf

How Do I Assign Different MAC Addresses to Multiple Boards Installed in the Same Server?

There are two methods to assign different MAC addresses to multiple boards in a single server. The first method is at the operating environment level, and the second is at the OpenBoot PROM (OBP) level.

To Assign Different MAC Addresses From a Terminal Window

1. Enter the following command:

# eeprom "local-mac-address?"=true

Note - With the "local-mac-address?" parameter set to true, all nonintegrated network interface devices use the local MAC address assigned to the product at the manufacturing facility.

2. Reboot the system.

To Assign Different MAC Addresses From the OpenBoot PROM Level

1. Enter the following command at the OBP prompt:

ok setenv local-mac-address? true

Note - With the "local-mac-address?" parameter set to true, all nonintegrated network interface devices use the local MAC address assigned to the product at the manufacturing facility.

2. Boot the operating environment.

How Can I Configure the Sun Crypto Accelerator 1000 for Use With Apache After I Have Installed the Sun Crypto Accelerator 4000 Software?

Once the SUNWkcl2a software package is installed, the system will be configured with Apache Web Server mod_ssl 1.3.26.

If you want to configure Sun Crypto Accelerator 1000 with Apache, you must have the following patches.

To configure the Sun Crypto Accelerator 1000 for use with Apache 1.3.26 on a Solaris 8 system with the SUNWkcl2a package installed, you need the following patches:

For Apache 1.3.26 - Patch ID 109234-09 or later

For Sun Crypto Accelerator 1000 version 1.0 software - Patch ID 112869-02

For Sun Crypto Accelerator 1000 version 1.1 software - Patch ID 113355-01

To configure the Sun Crypto Accelerator 1000 for use with Apache 1.3.26 on a Solaris 9 system with the SUNWkcl2a package installed, you need the following patches:

For Apache 1.3.26 - Patch ID 113146-01 or later

For Sun Crypto Accelerator 1000 version 1.1 software - Patch ID 113355-01

How Do I Self-Sign a Certificate for Testing?

Refer to the mod_SSL and OpenSSL documentation for this procedure.