Creating a Key Pair

return to the top

Installing a Server Digital Certificate using Netscape Enterprise Server 3.5 onwards Installing the Customer's Server Digital Certificate When ipsCA has completed authenticating your enrolment, we will send you instructions for picking up your Digital Certificate. To install a Digital Certificate and associate it with an alias: In the Server Administration page, choose Keys & Certificates|Install Certificate. Check the type of certificate you are installing: Choose This Server Paste the e-mail text in the field called Message text. Be sure to include the headers "Begin Certificate" and "End Certificate." Make sure you check the corresponding radio button for either the file or the text. From the drop-down list, select the alias you used when you requested the certificate. If you choose the incorrect alias, the certificate won't install. Click OK. Another form appears asking if you want to add the certificate. Click the Add button. The certificate is stored in the directory <server_root>/alias. The filename will be <alias>-cert.db. For example, if your alias is mail, the file will be mail-cert.db. Installing the Intermediate Root CA Here are the instructions on how to install the Intermediate Root CA on a Netscape Enterprise web server Download the Intermediate Certificate from here. Enter the administrator console/interface. Next select Key & Certificates under General Administration. From here select install certificate. You will be presented with a series of options. Select the radio button labeled Certificate for :server certificate chain. You will need to either copy and paste the text of the Intermediate Root CA or you can place the text into a file and read the file into the server.

  return to the top

Configure your Admin Server to enable SSL Activating SSL encryption After you have generated a key-pair file and installed your certificate, you can activate SSL for your administration server. See the documentation for individual servers if you want to enable encryption in them. In the Server Manager, choose Admin Preferences|Encryption On/Off. The Encryption On/Off form appears. Check the On radio button. In the drop-down list, choose the alias for the key-pair file and certificate file that you want to use. You must know the password for the key-pair file referenced by this alias--it's the password you must enter before starting or stopping a server that uses SSL encryption. Set any security preferences you want. Stop your server, then restart it, from the command-line or NT control panel. You'll be prompted to enter the password for the key-pair alias you used. URLs to an SSL-enabled administration server are constructed using https instead of simply http. URLs that point to documents on an SSL-enabled server have this format: https://<servername.[domain.[dom]]:[port#]> For example, https://admin.mozilla.com:443. If you use the default secure http port number (443), you don't have to use the port number in the URL. Setting security (SSL) preferences You can set preferences for using SSL encryption on the administration server. Go to the Server Manager and choose Server Preferences|Encryption Preferences. Check the SSL versions you want your server to communicate with. The latest and most secure version is SSL version 3, but many older clients use only SSL version 2. You will probably want to enable your server to use both versions. Check the ciphers you want your server to use. The ciphers are listed for each version of SSL. A cipher is the algorithm used in encryption. Some ciphers are more secure, or stronger, than others. Generally speaking, the more bits a cipher uses during encryption, the harder it is to decrypt the data. Ciphers are described after this list. Click OK. Make sure you restart your server. When a navigator initiates an SSL connection with a server, it lets the server know what ciphers it prefers to use to encrypt information. In any two-way encryption process, both parties must use the same ciphers. Since there are a number of ciphers available, you should consider enabling all ciphers. You can choose ciphers from both the SSL 2 and SSL 3 protocols. Unless you have a compelling reason why you don't want to use a specific cipher, you should check them all.

  return to the top