You will now use your Netscape Enterprise Server to create a key-pair file and a
Certificate Signing Request
A key-pair file contains both the public and private keys used for SSL
encryption. You use the key-pair file when you request and install a
certificate. The key-pair file is stored encrypted in the directory <server_root>/alias/<alias>-key.db.
When you create the key, you specify a password that you later use when you
start a server that is using encrypted communications.
Log in as root and change to the server root directory.
Run the key-pair file generation program by changing to the directory
bin/admin/admin/bin and typing ./sec-key
When prompted, type an alias for the new key-pair file. You might choose an
alias that matches your server (for example, web or mail). The alias cannot
contain spaces, but it can use symbols that your operating system allows in
filenames (such as underscores). By default, the key-pair file is stored in
<server_root>/alias/<alias> -key.db, where <alias> is the alias you typed.
If you used the alias mail, your key-pair file would be <server_root>
/alias/mail-key.db.
A screen with a progress meter appears. Type any random keys at different
speeds until the progress meter is full. The time between each of your
keystrokes will be used to generate a random number for the unique key-pair
file.
When prompted, type a password of eight characters or more for your key-pair
file. The password must have at least one non-alphabetical character (a
number or punctuation mark). Make sure you memorize this password. The
security of your server is only as good as the security of the key-pair file
and its password.
After you enable SSL for a server (either the administration server or
another Netscape server), you must type the key-pair file password when you
start the server.
Retype the password and click OK. The file is created and stored.
Go to the <server root>/bin/admin/admin/bin directory.
Run the sec-key.exe application. The key-pair file generation program
appears.
When prompted, type an alias for the new key-pair file. You might choose an
alias that matches your server (for example, web or mail). The alias cannot
contain spaces, but it can use symbols that your operating system allows in
filenames (such as hyphens and underscores). By default, the key-pair file
is stored in the directory C:/<server_root>/alias/<alias>-key.db where
<alias> is the alias you typed. If you used the alias mail, your key-pair
file would be C:/<server_root>/alias/mail-key.db.
A screen with a progress meter appears. Move your mouse in random motions at
random speeds. These random movements are used to generate a random number
for the unique key-pair file.
When prompted, type a password of eight characters or more for your key-pair
file. The password must have at least one non-alphabetical character (a
number or punctuation mark). Make sure you memorize this password. The
security of your server is only as good as the security of the key-pair file
and its password.
After you turn on SSL for a server (either the administration server or
another Netscape server), you must type the key-pair file password when you
start the server.
Retype the password and click OK. The file is created and stored.
After you generate the key-pair file, you must create a Special File called a
Certificate Signing Request
In the Server Administration page, choose Keys & Certificates|Request
Certificate.
In the form that appears, specify that this is a new certificate.
Specify that you want to submit the request for the certificate via e-mail
Put YOUR OWN e-mail address in the space specified for the e-mail address of
the CA.
From the drop-down list, select the alias for the key-pair file you want to
use when requesting the certificate.
Type the password for your key-pair file.
Type the information that will appear in your Digital ID. This should be as
follows:
Common Name is the fully qualified hostname used in DNS lookups (for
example, www.netscape.com). This is the hostname in the URL that a
browser uses to connect to your site. It's important that these two
names are the same, otherwise a client is notified that the certificate
name doesn't match the site name, which will make people doubt the
authenticity of your certificate. Please make sure that the common name
ends in the domain name whose ownership you established in step 2.
Email Address is your business email address. This is used for
correspondence between you and VeriSign
Organization is the official, legal name of your company, educational
institution, partnership, and so on. This should be the name of the
company associated with the Dun & Bradstreet number your generated in
step 6
Organizational Unit is an optional field that describes an organization
within your company. This can also be used to note a less formal company
name (without the Inc., Corp., and so on).
Locality is an optional field that usually describes the city,
principality, or country for the organization.
State or Province Spell out in full (e.g. use California instead of CA)
Country is a required, two-character abbreviation of your country name
(in ISO format). The
country code for the United States is US.
Double-check your work to ensure accuracy. The more accurate the
information, the faster VeriSign can approve and issue your certificate
Click OK when the information is correct.
The server generates a certificate signing request that contains your
information and your public key. This
information is e-mailed to you.
Certificate Installation
Start Netscape Suitespot Server Administration page.
1. Log in as the web server administrator.
2. Select "Key" and "Certificates" at the Server Administration page.
3. Click "Install Certificate" on the left side menu frame.
4. Select "This Server" under the Certificate for section.
5. Select Message Text with headers.
6. Cut and paste the contents of your Web Server Certificate sent via email into
this message box.
7. Include the headers and footers of the certificate; beginning with
-----BEGIN CERTIFICATE----- and including -----END CERTIFICATE----- .
8. Select the alias that is associated with this certificate. Click "OK".
9. Click "Add Certificate" to install this certificate into the database.
10. Click "OK" on the popup windows.
Identifying the Server Name
1. Click "Server Administration" located at the top right of the navigation
box.The system returns to the server administration main menu.
2. Click the button that indicates your server name.
3. Click "View Server Settings" on the menu list.
Setting Security and encryption
4. Check your Security settings. If it is off, click on "Security".The
Encryption On/Off page is displayed.
5. Click "Encryption On".Make sure the alias is associated with this
certificate.Click "OK".
6. Click on "Save" and "Apply".
7. Type the password you used when you generated the key pair in the popup
window.
8. Press "Return" and the secure server will start running.
