The main difference between a "simple" or normal "WebServer" and an E-commerce Webserver is that an E-Commerce accept money orders, like credit card or others while a Webserver, not necessarily.

This difference is really important and fundamental and is necessary to play the necessary attention because there are involved money, goverment taxes, and possible credit card information, that needs the necessary attention for a security point of view. (See Chapter 20. Internet security).
 

If you click on the secure button you will see the certificicate. The certificate may be temporarely (test or unpaid) or definitive (paid and installed).

Installing Apache+OpenSSL+mod_ssl

To activate secure access necessary for secure browsing to protect data (bank operations, credit card data, or simply copyright data), is necessary that Apache is compiled with open-ssl and both openssl and mod-ssl are installed on the server.

From a technical point of view you need to activate the SSL (Secure Socket

To do that there are two possibilities:

• Install a distribution that includes this support, like RedHat 7.1 or FTOSX.
• Compile the Apache and SSL modules for

Othwerwise you can compile and install it.

The first thing to learn about mod_ssl compilation is that the mod_ssl version regards the apache version. So, if you have apache 1.3.12, you need mod_ssl.X.Y.1.3.12

And if you have apache 1.3.20 ... you need the relative mod_ssl.X.Y.1.3.20.

[root@ftosx1 root]# httpd -v
Server version: Apache/1.3.20 (Unix)
Server built:   Aug 15 2001 15:11:10
[root@ftosx1 root]#

Therefore you need to download the mod_ssl-X.Y.1.3.20 !

The Website where to download this software is: http://www.modssl.org/

Here you need to download your mod_ssl please remember that the numbers in the version have a clear and specific direction with apache versions. (Of course you can also try to locate the modssl.rpm package from your Vendor).

Check on this and download the apropriate mod_ssl.

Bytes      Timestamp       Filename
________ ____________________ ____________________________
  751936 May 20 11:31:51 2001 mod_ssl-2.8.4-1.3.20.tar.gz  [LATEST]
  750777 May  4 23:06:54 2001 mod_ssl-2.8.3-1.3.19.tar.gz
  748253 Oct 14 11:00:11 2000 mod_ssl-2.7.1-1.3.14.tar.gz
  736082 Aug 12 22:05:00 2000 mod_ssl-2.6.6-1.3.12.tar.gz
  696789 Feb 24 13:00:07 2000 mod_ssl-2.5.1-1.3.11.tar.gz
  694181 Jan  8 19:51:07 2000 mod_ssl-2.4.10-1.3.9.tar.gz
  654271 Aug  3 12:05:21 1999 mod_ssl-2.3.11-1.3.6.tar.gz
  592157 Apr 12 16:12:28 1999 mod_ssl-2.2.8-1.3.6.tar.gz
  536383 Jan 21 20:42:57 1999 mod_ssl-2.1.8-1.3.4.tar.gz
  220973 Nov  7 14:08:36 1998 mod_ssl-2.0.15-1.3.3.tar.gz

Therefore you need to download the mod_ssl-2.6.6-1.3.20.tar.gz

However you need the OpenSSL Toolkit to compile and use the mod_ssl Apache module that activate the appropriate cryptography to Apache.

Here you can download the latest openssl toolkit!

The compilation process requeries that you uncompress the apache source and compile in sequence:

1. openssl,
2. ssl and
3. apache.

[root@www SecurePart]# cd openssl-0.9.6a
[root@www SecurePart]# ./configure
[root@www SecurePart]# make
[root@www SecurePart]#

Then compile mod_ssl

[root@www SecurePart]# cd mod_ssl-2.8.2-1.3.20
[root@www mod_ssl-2.8.2-1.3.20]# ./configure \
> --with-apache=../apache_1.3.20 \
> --with_ssl=../openssl-0.9.6 \
> --prefix=/usr/local/apache
Configuring mod_ssl/2.8.2 for Apache/1.3.20
 + Apache location: ../apache_1.3.19 (Version 1.3.20)
 + Auxiliary patch tool: ./etc/patch/patch (local)
 + Applying packages to Apache source tree:
   o Extended API (EAPI)
   o Distribution Documents
   o SSL Module Source
   o SSL Support
   o SSL Configuration Additions
   o SSL Module Documentation
   o Addons
Done: source extension and patches successfully applied.

Now proceed with the following commands (Bourne-Shell syntax):

and then recompile apache.

[root@www SecurePart]# cd ../apache_1.3.20
[root@www SecurePart]# SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
[root@www SecurePart]# make
[root@www SecurePart]# make certificate
[root@www SecurePart]# make install

Of course you can also download an updated version of the relative RPM packages. Of course, is more easy that install the packages. However you need to evaluate the fact that while you compile you can install the binaries and libs in any place on the system.

For example, you can install apache and mod_ssl in /usr/local/ and the server continues to work with your actual Apache setting.

If you install or upgrade the packages, the packages will be overwritten, in any case you are forced to update and enabling the secure WebServer in few minutes or short time, without to make any test.

Of course this is a problem if the setup if the first time.

Therefore if you are running a Server without openssl, install a new server with a distribution that supports openssl, like RedHat 7.1 or FTOSX. Then, activate the secure setup.

Be sure that the Apache configuration includes the mod_ssl (or SSL module).

A correct setup is the following:

<IfDefine HAVE_SSL>
LoadModule ssl_module         modules/libssl.so
</IfDefine>

This is a necessary check for Secure Socket Layer, in your server.
 

Enabling a directory under SSL

After the OpenSSL is installed it includes a default key and certificate.

Verisign flowchart to activate a RSA certificate are the following.

• Step 1: Generate CSR
• Step 2: Submit CSR
• Step 3: Complete Application
• Step 4: Install Test CA Root
• Step 5: Install your Test Server ID

The README explain this in details.

[root@www ssl.crt]# pwd
/etc/httpd/conf/ssl.crt
[root@www ssl.crt]# more README.CRT

 This is the ssl.crt/ directory of Apache/mod_ssl
 where PEM-encoded X.509 Certificates for SSL are stored.

 Per default the following two files are provided:

 o server.crt:
   This is the server certificate for Apache/mod_ssl, configured with the
   SSLCertificateFile directive.  Per default this is a dummy file, but may be
   overwritten by the `make certificate' target under built-time.

 o snakeoil.crt:
   This is the _DEMONSTRATION ONLY_ `Snake Oil' dummy server certificate.
   NEVER USE THIS FOR REAL LIFE! INSTEAD USE A REAL CERTIFICATE!

 o snakeoil-ca.crt:
   This is the certificate of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate
   Authority. This CA is used to sign the server.crt on `make certificate'
   because self-signed server certificates are not accepted by all browsers.
   NEVER USE THIS CA YOURSELF FOR REAL LIFE! INSTEAD EITHER USE A PUBLICALLY
   KNOWN CA OR CREATE YOUR OWN CA!

 o ca-bundle.crt:
   This is a bundle of CA root certificate for Apache/mod_ssl, configurable
   with the SSLCACertificateFile directive. Per default it's disabled but can
   be enabled for client authentication when the clients use certificates
   signed by one of the commonly known public Certificate Authorities.

 You can view the ingredients of a particular certificate file in plain text
 by running the command:

   $ openssl x509 -noout -text -in <name>.crt

[root@www ssl.crt]#
 

To activate the secure browsing on your serving you need to generate your the keys using the openssl program.

After the installation the /etc/httpd/conf presents the following files.

[root@ftosx1 conf]# ls -alR
.:
total 84
drwxr-xr-x    7 root     root          300 Sep  8 22:17 .
drwxr-xr-x    3 root     root           98 Jul 25 11:05 ..
-rw-r--r--    1 root     root          285 Aug 15 21:11 access.conf
-rw-r--r--    1 root     root        50850 Aug 15 21:11 httpd.conf
-rw-r--r--    1 root     root        12441 Aug 15 21:11 magic
lrwxrwxrwx    1 root     root           37 Sep  8 21:46 Makefile -> ../../../usr/share/ssl/certs/Makefile
-rw-r--r--    1 root     root          198 Jun 25 07:12 roaming.conf
-rw-r--r--    1 root     root          297 Aug 15 21:11 srm.conf
drwx------    2 root     root           63 Sep  8 21:46 ssl.crl
drwx------    2 root     root          252 Sep  8 21:46 ssl.crt
drwx------    2 root     root           35 Jul 25 11:05 ssl.csr
drwx------    2 root     root          195 Sep  8 21:46 ssl.key
drwx------    2 root     root          102 Sep  8 21:46 ssl.prm

./ssl.crl:
total 5
drwx------    2 root     root           63 Sep  8 21:46 .
drwxr-xr-x    7 root     root          300 Sep  8 22:17 ..
-rw-r--r--    1 root     root         1569 Jul 25 11:05 Makefile.crl

./ssl.crt:
total 265
drwx------    2 root     root          252 Sep  8 21:46 .
drwxr-xr-x    7 root     root          300 Sep  8 22:17 ..
-rw-r--r--    1 root     root       242153 Jul 25 11:05 ca-bundle.crt
-rw-r--r--    1 root     root         1522 Jul 25 11:05 Makefile.crt
-rw-------    1 root     root         1464 Sep  8 21:46 server.crt
-rw-r--r--    1 root     root         1472 Jul 25 11:05 snakeoil-ca-dsa.crt
-rw-r--r--    1 root     root         1192 Jul 25 11:05 snakeoil-ca-rsa.crt
-rw-r--r--    1 root     root         1452 Jul 25 11:05 snakeoil-dsa.crt
-rw-r--r--    1 root     root         1176 Jul 25 11:05 snakeoil-rsa.crt

./ssl.csr:
total 1
drwx------    2 root     root           35 Jul 25 11:05 .
drwxr-xr-x    7 root     root          300 Sep  8 22:17 ..

./ssl.key:
total 21
drwx------    2 root     root          195 Sep  8 21:46 .
drwxr-xr-x    7 root     root          300 Sep  8 22:17 ..
-rw-------    1 root     root          887 Sep  8 21:46 server.key
-rw-------    1 root     root          668 Jul 25 11:05 snakeoil-ca-dsa.key
-rw-------    1 root     root          887 Jul 25 11:05 snakeoil-ca-rsa.key
-rw-------    1 root     root          668 Jul 25 11:05 snakeoil-dsa.key
-rw-------    1 root     root          891 Jul 25 11:05 snakeoil-rsa.key

./ssl.prm:
total 9
drwx------    2 root     root          102 Sep  8 21:46 .
drwxr-xr-x    7 root     root          300 Sep  8 22:17 ..
-rw-r--r--    1 root     root          455 Jul 25 11:05 snakeoil-ca-dsa.prm
-rw-r--r--    1 root     root          455 Jul 25 11:05 snakeoil-dsa.prm
[root@ftosx1 conf]#
 

We can see that is available a snakeoil files. The Snakeoil files are samples demostrative files for an immaginary company called:  SnakeOil.com.

We also can found the files:

• server.key under the directory ssl.key and the file
• server.crt under the directory ssl.crt

These files are included as valid certificates in the Apache configuration file httpd.conf

      1298 #   Server Certificate:
   1299 #   Point SSLCertificateFile at a PEM encoded certificate.  If
   1300 #   the certificate is encrypted, then you will be prompted for a
   1301 #   pass phrase.  Note that a kill -HUP will prompt again. A test
   1302 #   certificate can be generated with `make certificate' under
   1303 #   built time. Keep in mind that if you've both a RSA and a DSA
   1304 #   certificate you can configure both in parallel (to also allow
   1305 #   the use of DSA ciphers, etc.)
   1306 SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   1307 #SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
   1308
   1309 #   Server Private Key:
   1310 #   If the key is not combined with the certificate, use this
   1311 #   directive to point at the key file.  Keep in mind that if
   1312 #   you've both a RSA and a DSA private key you can configure
   1313 #   both in parallel (to also allow the use of DSA ciphers, etc.)
   1314 SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   1315 #SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
   1316
 

The procedure is as follows. We need to setup a certificate, sign it and the software need to check if this certificate is valid. If valid enable the secure area.

There are different software to support this type of check the following URL for a List http://www.verisign.com/support/csr/

In Linux is common to use the mod_ssl to create a Certificate Signing Request (CSR) and then .

With openssl we can generate a RSA private key and the Certificate Signing Request.

We need to create a key or a cd /etc/

At first we need to create a key running the following command:

[root@ftosx1 root]# openssl genrsa -des3 1024 > www.futuretg.com.key
Generating RSA private key, 1024 bit long modulus
.......++++++
.........................++++++
e is 65537 (0x10001)
Enter PEM pass phrase: write_your_password
Verifying password - Enter PEM pass phrase: write_your_password

This create a 1024 bit RSA Private Key storing its result on the file www.futuretg.com.key

Looking into this date we get:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0113C7F40AB9C543

RiyydUXItpwbUoZj8G94xgUQVAC0IdvvpayfHHvvKFnMxxB1Dh/D9KByOH31NPJ7
4I/1XEOsU7FpLcKEC6Hi97FHUPSOaFO1UtJoHilFyXOqEwdGIUULAeL7Qmt6r8zr
XpQW065K7wQYy+q6u9tn1WwhF4FKde1/i9k0If9GdwqTmj9Hbh/EqxhzDrBRJ+ih
My65WwcqqXnzVEYn/cNi8y/B7/6F3sc5hWaWV6PKPneIjICCeG4iTRugRMfhDUG3
34+AcIn5l0JCXslEkSFA2b2YOGb3m4TvXSf9Ba6KWV98EIAViRKovhubgeUxCWPn
5ZVTPmRIwnVfCf4c3e/AYYw23QKucciD/HKY/0ejWs7DtRfCBmr/JYymglj+ZqkN
WmhzpvGUJ90lIlp8aG6pOm5113ADHmpp6MYVvFCTg13SCpJ5dhKw7sdb6ZKluUCo
/bpHODr+AgWX0TGmfgCHAPqnVNsBuG6m0FZt6+IHsEbxxVGYOGE2TidHFl6p1vTl
Im7m/1nPCjKUV03zumH3i/bPf5R/FaPL1MGVPr+ooZ9PjqGnCMSH+tp9rPfF6rjo
BYGAjXZE9gWQwlFkYkcKMTYDl0Za9EIcbKKpTwaL2oga/OZJr1+/a18viYHa/XdN
BnabLcl0lO63FuRI6lIXFC52AVUEaMxf3kYMh36KQ9eAGRXj7p4rPc7a+Sk8sK3s
6IBWmnCek6JrgxoivKivItWbySAY87rO8/xwFpXJkauwLmiWpUaUMTwbL3bdR62T
EWU7vKIZI1sQpep2OC3/M8S9xU/qGzUDVxis94zRZLSxc/Y2VlmpOA==
-----END RSA PRIVATE KEY-----

[root@ftosx1 root]# openssl req -new -key www.futuretg.com.key -out www.futuretg.com.csr
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:Oakland
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Kornell Spacers Inc
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.kornellspacers.com
Email Address []:info@kornellspacers.com

Please enter the following 'extra' attributes
to be sent with your certificate requestA challenge password []:
An optional company name []:
[root@ftosx1 root]#

The challenge password and company name generally are left blank.

This create the CSR or the Certficate Signing Request.

Now, we need to sign it ourselves to create a temporarely certificate for the private key we generate earlier:

[root@ftosx1 root]# openssl req -x509 -key www.futuretg.com.key -in www.futuretg.com.csr -out www.futuretg.com.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:
[root@ftosx1 root]#

This file looks like this:

[root@ftosx1 root]# more www.futuretg.com.crt
-----BEGIN CERTIFICATE-----
MIIDkjCCAvugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdPYWtsYW5kMRwwGgYDVQQKExNLb3JuZWxs
IFNwYWNlcnMgSW5jMR8wHQYDVQQDExZ3d3cua29ybmVsbHNwYWNlcnMuY29tMSYw
JAYJKoZIhvcNAQkBFhdpbmZvQGtvcm5lbGxzcGFjZXJzLmNvbTAeFw0wMTA5MTMx
MDU0MzlaFw0wMTEwMTMxMDU0MzlaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
Q0ExEDAOBgNVBAcTB09ha2xhbmQxHDAaBgNVBAoTE0tvcm5lbGwgU3BhY2VycyBJ
bmMxHzAdBgNVBAMTFnd3dy5rb3JuZWxsc3BhY2Vycy5jb20xJjAkBgkqhkiG9w0B
CQEWF2luZm9Aa29ybmVsbHNwYWNlcnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDlQp48ExFP1HAiOTWlB7czVS1uJE7lxlFvCSqiAmnugcvl6mO/Hr23
mHQhbZmrG7zJd05SGp95DpK/cFALPcp4mNfD3B4W2pqFQprOsRgo0PM+IAwGZY81
xDElbIzGNW1SPHWxATr+mZuBg5qKJQ0I8lCkOn2SFuInUaydCLovDwIDAQABo4Hz
MIHwMB0GA1UdDgQWBBTjl2d9hfwbf9v8cllYg/scWIYMGzCBwAYDVR0jBIG4MIG1
gBTjl2d9hfwbf9v8cllYg/scWIYMG6GBmaSBljCBkzELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAkNBMRAwDgYDVQQHEwdPYWtsYW5kMRwwGgYDVQQKExNLb3JuZWxsIFNw
YWNlcnMgSW5jMR8wHQYDVQQDExZ3d3cua29ybmVsbHNwYWNlcnMuY29tMSYwJAYJ
KoZIhvcNAQkBFhdpbmZvQGtvcm5lbGxzcGFjZXJzLmNvbYIBADAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBBAUAA4GBANXOsLwq3G3xg13B9hz6S4CJmeQYozAfPBK2
it8Ffecx+/TLK7k+FNgzqmcZyTqVvecpmfKNuFA6skvSIykc4vd4Sh1pyeR1ICkm
U/gEfmaGH/E7y+wkFN913zIiI+lUSaAlhoa9Ss2OQBEoXRYxn5pARk1s+BTMQ1uf
OTman4yc
-----END CERTIFICATE-----
[root@ftosx1 root]#

You will now have a RSA Private Key in www.futuretg.com.key and a Certificate Signing Request in www.futuretg.com.csr. The file www.futuretg.com.key is your secret key, and must be installed as per the instructions that come with mod_ssl. The file www.futuretg.com.csr is your CSR, and the important bit looks something like this:

To generate both files we uses the same configuration file: /usr/share/ssl/openssl.cnf

Now we have two important files, that will allow to setup our Secure directory:

• The secret key file: www.futuretg.com.key that must be installed in the /etc/httpd/conf/ssl.key/
• and the Auto Signed Certify: www.futuretg.com.crt /etc/httpd/conf/ssl.crt/

<VirtualHost 213.82.126.2:443>
    ServerName www.FutureTG.com
    SSLEngine on
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.futuretg.key
    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.futuretg.com.crt
</VirtualHost>

You can create any number of certificates for any number of servives to apply to any number of directories.
 

<VirtualHost 213.82.126.3>
    DocumentRoot /mnt/www/FTLinuxCourse.com
    ServerName www.FTLinuxCourse.com
    ErrorLog logs/www.FTLinuxCourse.com-error_log
    CustomLog logs/www.FTLinuxCourse.com-access_log common
    <Directory "/mnt/www/FTLinuxCourse.com/FTLC_Private">
    SSLRequireSSL
    </Directory>
</VirtualHost>

These files must be installed in the right directories following the mod_ssl instructions.

To check the actual state of the secure service you may run the command:

[root@www /root]# openssl s_client -connect localhost:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
...
[root@www /root]#

However for limited period of time, these auto signed certificates may be valid and the worldwide customers can accept or not. In other words the setup procedure is not completed.

You need to get a signed certificate from one of the largest certificate authorities: Verisign or Thawte, and pay for it

Then, installing this certificate on your server you will not receive a request to accept or not the certificate, because the certificate will be valid.

These two final steps:

• Step 4: Install Test CA Root
• Step 5: Install your Test Server ID

• Check Verisign: http://www.verisign.com/support/csr/apache/v00.html
• Enrollment: https://www.verisign.com/products/srv/trial/intro.html
• Check the FAQ here: http://www.verisign.com/server/trial/faq/index.html

Verisign offers differents products, we list here some of these products:

• Simple Secure browsing ... without online payments.
• Accept Online payments.

Checkout for E-commerce Setup.

The e-commerce elements are the same that for the normal (non e-commerce) Web server, more some additional one:

We resume here also normal WebServer elements and includes some formal non-technical steps to check.

Normal WebServer Techincal Steps.

• High-Speed Phone connection: DSL, T-1. (We don't advice ISDN too slow). (See Chapter 2)
• Pentium PC - HD 80 GB and 512 MB of RAM.
• Linux Distribution using ReiserFS (RedHat 7.1 with ReiserFS, Mandrake, FTOSX)
• Apache (HTTP) service (See Chapter 17)
• DNS (See Chapter (See Chapter 18)
• Sendmail or other mailing program. (See Chapter 19)
• Netscape Communicator (or other non-Linux software for Web-design like Macromedia DreamWeaver, including vectorial graphics software like Adobe Illustrator). See Chapters: 3, 5, 6, 7, 8, 9, 10, 11, 12, 13.

To run a Secure Web Server, support Clients data like Address, Phone, credit card and other data, the Web Server must includes also:

• MySQL (or other DB). We advice MySQL, see Chapter
• PHP is the better mode to use MySQL (but not the only one).
• FireWalls,  (See Chapter 19)
• OpenSSL, see the relative section later in this chapter.

If your Website will traffic with money information (credit cards) or others, you need to have an Internet Merchant Account to receive the money that your customers send to you.
Any bank in any place of the world offer normal account services but only some banks can open Internet Merchant Account.

Work with a bank that handle Real-Time Internet Merchant Accounts. This is fundamental for the e-commerce operations!. Real-Time means that you will have the money in your account some seconds or minutes after the order confirmation, no days or weeks, like happens in some places.

Despite of the local Merchant services and also of local banks that does not offer this service. Work with your bank and Verisign.

There are also another company that trust merchant operatios Thawte Consulting cc, however we advice Verisign.

Generally in the US, working with your bank and Verisign e-commerce operations are real-time.

Verisign offers the PayFlow product service that allows you to accept any credit card operation.

We list here the Verisign's Steps to setup your Internet Merchant Account.

• Identify the acquirer you will work with.
• As you consider acquirer, evaluate your current banking relationships.
• Complete the acquirer's applications.
• Have the acquirer set up your account to process payments with Verisign Payment Services
• Verify your bank information
• Register with Verisign

The E-commerce setup needs technical and non-technical setup, including your sign when you open a bank account.
 

Conclusions and Disclaimer.

Today, setup a Web Server is relatively easy. All the

The OpenSSL Authors print an important message on its main page:

Me, Dr. Giovanni A. Orlando, and my company Future Technologies in Italy and Future Technologies Inc (a Delaware Company) joins to this. We want only want to teach and offer training on OpenSource Technologies.

We are not liable for any violations.

Good luck!
 
 

1. Install RedHat 7.1 or FTOSX. Open /etc/httpd/conf/httd.conf and list all the lines with "SSL" occurences.
2. Download and read "Enabling Secure Payment Processing On Your Site" at Verisign.com

1. List one difference between E-commerce Websites and normal Websites.
2. Is necessary to have a bank account to run an e-commerce server? Is sufficient ?
3. What is Verisign PayFlow ?
4. Is necessary to install a special mod_ssl or just the latest?
5. If you want to install mod_ssl is sufficient to install the latest or must be some special version ?
6. What means SSL ?
7. What is TSL?
8. What are SSL and TSL ?
9. What are the difference between SSL and TSL ?
10. What is the difference between open-ssl and mod_ssl ?
11. What is the command to create the certificate ?
12. Where are installed the certificate ?
13. The file "/etc/httpd/conf/ssl.crt" belong to openssl or mod_ssl ?
14. What means CRT ?
15. What is the difference between CSR and CRT ?
16. What is the name of the certificate installed by default in the system ?
17. What is the sense of 1024 in the Certificate Signing Request (CSR) generation ?
18. What means x509 when you sign ourselves your certificate ?
19. What means the new certificate message like this ?
20. How a worldwide customer may trust a company ?

Check the Interactive Exam Cram WebMaster: 

Read the answers to the exercises.
 

Internet Resources for this Chapter.

• http://www.apache.org/
• http://www.openssl.org/
• SSL 3.0 Specification
• http://www.ietf.org/rfc/rfc2246.txt
• http://www.verisign.com/support/csr/
• http://www.verisign.com/support/csr/apache/v00.html
• https://www.verisign.com/products/srv/trial/intro.html
• http://www.verisign.com/server/trial/faq/index.html