Configuring and Managing MPE/iX Internet Services (MPE/iX 6.5)
Chapter 10 175
HP WebWise MPE/iX Secure Web Server
Server Keys and Certificates
Your signed certificate will arrive in raw PEM format, which looks like this:
-----BEGIN CERTIFICATE-----
MIICsTCCAhoCAQEwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkgQ29t
cGFueTEWMBQGA1UECxMNTXkgQ29tcGFueSBDQTEeMBwGA1UEAxMVQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MR8wHQYJKoZIhvcNAQkBFhBjYUBteWNvbXBhbnkuY29tMB4X
DTAwMDQxMzE4MzY0MVoXDTAxMDQxMzE4MzY0MVowgaAxCzAJBgNVBAYTAlVTMREw
DwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTETMBEGA1UEChMKTXkg
Q29tcGFueTEPMA0GA1UECxMGTXkgT3JnMRowGAYDVQQDExF3d3cubXljb21wYW55
LmNvbTEqMCgGCSqGSIb3DQEJARYbd2VibWFzdGVyQHd3dy5teWNvbXBhbnkuY29t
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS1iRItFKSDzOhDShFeoiWkfnc
0yPGp7rkk17T05y6GCfsJdtbH/Umn2uM/tSNOiguAPBYce8prLYjNqyXY4QBCzWQ
NGv/NbGDCoGhElrVzwBEYnBy+TyPMF/dYdH+1oOaaTZ0ZE0WP0l6CimzzXjvwCup
OpcQ82zfh2HTRpPYawIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABlROc1/xpG+FlPd
lekq+E1oc42sOMiLaWe6orfffh74DbuTgxvTWTK8Wo31W8Reqj7jqOAeGvF46mWH
Vq1mFM/Jh9oMQYb2IAjbuA1/7kefkMHdgf6NMC3L0cbCKs6bF7nDJGjWYb9sXcTM
shYJMLBXyKW+cmrvJIqoMnq8DZUv
-----END CERTIFICATE-----
Save this data as /APACHE/SECURE/conf/ssl.crt/server.crt and then proceed to the
“Installing Your Certificate” section. You can display the details of your new server
certificate by doing:
$ openssl x509 -noout -text -in /APACHE/SECURE/conf/ssl.crt/server.crt
...Or Sign Your CSR With Your Own CA
First, create a private key and certificate for your CA. The CA requires a unique
Distinguished Name different from the server certificate(s) you will be signing. One way to
do this is to use a unique Organizational Unit Name when you create the CA certificate.
For example, if your organization is XYZ Corporation, you might want to make the
Organizational Unit Name be XYZ Corporation Certificate Authority.
1. $ cd ../ssl.key
2. $ openssl genrsa -des3 -out ca.key 1024
1128 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.......................................+++++
....................................................+++++
e is 65537 (0x10001)
Enter PEM pass phrase:********
Verifying password - Enter PEM pass phrase:********
3. $ openssl rsa -noout -text -in ca.key (displays the details of your newly
created CA key; output omitted)