ssl_faq.wml

mod_ssl-2.8.31-1.3.41.tar.gz 好用的ssl工具

             <a href="http://www.iks-jena.de/produkte/ca/">
             http://www.iks-jena.de/produkte/ca/ 
             </a>
       <li>  Uptime Commerce Ltd.<br>
             <a href="http://www.uptimecommerce.com">
             http://www.uptimecommerce.com 
             </a>
       <li>  BelSign NV/SA<br>
             <a href="http://www.belsign.be">
             http://www.belsign.be
             </a>
       </ul>

       <p>
       Second you can use your own CA and now have to sign the CSR yourself by
       this CA. Read the next answer in this FAQ on how to sign a CSR with
       your CA yourself.

       You can see the details of the received Certificate via the command:

       <p>
       <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code>

    <p>
    <li>Now you have two files: <code>server.key</code> and
    <code>server.crt</code>. These now can be used as following inside your
    Apache's <code>httpd.conf</code> file:

       <pre>
       SSLCertificateFile    /path/to/this/server.crt
       SSLCertificateKeyFile /path/to/this/server.key
       </pre>

       The <code>server.csr</code> file is no longer needed.
    </ol>

<faq ref="cert-ownca" toc="How to create my own CA?">
How can I create and use my own Certificate Authority (CA)?
</faq>

    The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
    script provided by OpenSSL. The long and manual answer is this:

    <p>
    <ol>
    <li>Create a RSA private key for your CA 
       (will be Triple-DES encrypted and PEM formatted):

       <p>
       <code><strong>$ openssl genrsa -des3 -out ca.key 1024</strong></code>

       <p>
       Please backup this <code>ca.key</code> file and remember the
       pass-phrase you currently entered at a secure location.
       You can see the details of this RSA private key via the command

       <p>
       <code><strong>$ openssl rsa -noout -text -in ca.key</strong></code>

       <p>
       And you can create a decrypted PEM version (not recommended) of this
       private key via:

       <p>
       <code><strong>$ openssl rsa -in ca.key -out ca.key.unsecure</strong></code>

    <p>
    <li>Create a self-signed CA Certificate (X509 structure) 
       with the RSA key of the CA (output will be PEM formatted):
       
       <p>
       <code><strong>$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt</strong></code>

       <p>
       You can see the details of this Certificate via the command:

       <p>
       <code><strong>$ openssl x509 -noout -text -in ca.crt</strong></code>

    <p>
    <li>Prepare a script for signing which is needed because
       the ``<code>openssl ca</code>'' command has some strange requirements
       and the default OpenSSL config doesn't allow one easily to use
       ``<code>openssl ca</code>'' directly. So a script named
       <code>sign.sh</code> is distributed with the mod_ssl distribution
       (subdir <code>pkg.contrib/</code>). Use this script for signing.

    <p>
    <li>Now you can use this CA to sign server CSR's in order to create real
       SSL Certificates for use inside an Apache webserver (assuming
       you already have a <code>server.csr</code> at hand):

       <p>
       <code><strong>$ ./sign.sh server.csr</strong></code>

       <p>
       This signs the server CSR and results in a <code>server.crt</code> file.
    </ol>

<faq ref="change-passphrase" toc="How to change a pass phrase?">
How can I change the pass-phrase on my private key file?
</faq>

    You simply have to read it with the old pass-phrase and write it again
    by specifying the new pass-phrase. You can accomplish this with the following
    commands:

    <p>
    <code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br>
    <code><strong>$ mv server.key.new server.key</strong></code><br>

    <p>
    Here you're asked two times for a PEM pass-phrase. At the first
    prompt enter the old pass-phrase and at the second prompt
    enter the new pass-phrase.

<faq ref="remove-passphrase" toc="How to remove a pass phrase?">
How can I get rid of the pass-phrase dialog at Apache startup time?
</faq>

    The reason why this dialog pops up at startup and every re-start
    is that the RSA private key inside your server.key file is stored in
    encrypted format for security reasons. The pass-phrase is needed to be
    able to read and parse this file. When you can be sure that your server is
    secure enough you perform two steps:

    <p>
    <ol>
    <li>Remove the encryption from the RSA private key (while
       preserving the original file):

       <p>
       <code><strong>$ cp server.key server.key.org</strong></code><br>
       <code><strong>$ openssl rsa -in server.key.org -out server.key</strong></code>

    <p>
    <li>Make sure the server.key file is now only readable by root:

       <p>
       <code><strong>$ chmod 400 server.key</strong></code>
    </ol>

    <p>
    Now <code>server.key</code> will contain an unencrypted copy of the key.
    If you point your server at this file it will not prompt you for a
    pass-phrase.  HOWEVER, if anyone gets this key they will be able to
    impersonate you on the net.  PLEASE make sure that the permissions on that
    file are really such that only root or the web server user can read it
    (preferably get your web server to start as root but run as another
    server, and have the key readable only by root).

    <p>
    As an alternative approach you can use the ``<code>SSLPassPhraseDialog
    exec:/path/to/program</code>'' facility. But keep in mind that this is
    neither more nor less secure, of course.

<faq ref="verify-key" toc="How to verify a key/cert pair?">
How do I verify that a private key matches its Certificate?
</faq>

    The private key contains a series of numbers. Two of those numbers form
    the "public key", the others are part of your "private key".  The "public
    key" bits are also embedded in your Certificate (we get them from your
    CSR).  To check that the public key in your cert matches the public
    portion of your private key, you need to view the cert and the key and
    compare the numbers.  To view the Certificate and the key run the
    commands: 

    <p>
    <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br>
    <code><strong>$ openssl rsa  -noout -text -in server.key</strong></code>
     
    <p>
    The `modulus' and the `public exponent' portions in the key and the
    Certificate must match.  But since the public exponent is usually 65537
    and it's bothering comparing long modulus you can use the following
    approach:

    <p>
    <code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br>
    <code><strong>$ openssl rsa  -noout -modulus -in server.key | openssl md5</strong></code>

    <p>
    And then compare these really shorter numbers. With overwhelming
    probability they will differ if the keys are different. BTW, if I want to
    check to which key or certificate a particular CSR belongs you can compute

    <p>
    <code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code>

<faq ref="keysize1" toc="Bad Certificate Error?">
What does it mean when my connections fail with an "alert bad certificate"
error?
</faq>

    Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
    routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL
    logfile, this means that the browser was unable to handle the server
    certificate/private-key which perhaps contain a RSA-key not equal to 1024
    bits. For instance Netscape Navigator 3.x is one of those browsers.

<faq ref="keysize2" toc="Why does a 2048-bit key not work?">
Why does my 2048-bit private key not work?
</faq>

    The private key sizes for SSL must be either 512 or 1024 for compatibility
    with certain web browsers. A keysize of 1024 bits is recommended because
    keys larger than 1024 bits are incompatible with some versions of Netscape
    Navigator and Microsoft Internet Explorer, and with other browsers that
    use RSA's BSAFE cryptography toolkit. 

<faq ref="hash-symlinks" toc="Why is client auth broken?">
Why is client authentication broken after upgrading from
SSLeay version 0.8 to 0.9?
</faq>

    The CA certificates under the path you configured with
    <code>SSLCACertificatePath</code> are found by SSLeay through hash
    symlinks. These hash values are generated by the `<code>openssl x509 -noout
    -hash</code>' command. But the algorithm used to calculate the hash for a
    certificate has changed between SSLeay 0.8 and 0.9. So you have to remove
    all old hash symlinks and re-create new ones after upgrading. Use the
    <code>Makefile</code> mod_ssl placed into this directory.

<faq ref="pem-to-der" toc="How to convert from PEM to DER?">
How can I convert a certificate from PEM to DER format?
</faq>

    The default certificate format for SSLeay/OpenSSL is PEM, which actually
    is Base64 encoded DER with header and footer lines.  For some applications
    (e.g. Microsoft Internet Explorer) you need the certificate in plain DER
    format. You can convert a PEM file <code>cert.pem</code> into the
    corresponding DER file <code>cert.der</code> with the following command:

    <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code>

<faq ref="verisign-getca" toc="Verisign and the magic getca program?">
I try to install a Verisign certificate. Why can't I find neither the
<code>getca</code> nor <code>getverisign</code> programs Verisign mentions?
</faq>

    This is because Verisign has never provided specific instructions
    for Apache+mod_ssl. Rather they tell you what you should do
    if you were using C2Net's Stronghold (a commercial Apache
    based server with SSL support). The only thing you have to do
    is to save the certificate into a file and give the name of
    that file to the <code>SSLCertificateFile</code> directive.
    Remember that you need to give the key file in as well (see
    <code>SSLCertificateKeyFile</code> directive). For a better
    CA-related overview on SSL certificate fiddling you can look at <a
    href="http://www.thawte.com/certs/server/keygen/mod_ssl.html">
    Thawte's mod_ssl instructions</a>.

<faq ref="gid" toc="Global IDs or SGC?">
Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global
ID) also with mod_ssl?
</faq>

    Yes, mod_ssl since version 2.1 supports the SGC facility.  You don't have
    to configure anything special for this, just use a Global ID as your
    server certificate. The <i>step up</i> of the clients are then
    automatically handled by mod_ssl under run-time. For details please read
    the <tt>README.GlobalID</tt> document in the mod_ssl distribution.

<faq ref="gid" toc="Global IDs and Cert Chain?">
After I have installed my new Verisign Global ID server certificate, the
browsers complain that they cannot verify the server certificate?
</faq>

    That is because Verisign uses an intermediate CA certificate between
    the root CA certificate (which is installed in the browsers) and
    the server certificate (which you installed in the server). You
    should have received this additional CA certificate from Verisign.
    If not, complain to them. Then configure this certificate with the
    <code>SSLCertificateChainFile</code> directive in the server. This
    makes sure the intermediate CA certificate is send to the browser
    and this way fills the gap in the certificate chain.

</ul>

<p>
<br>
<h2>About SSL Protocol</h2>

<ul>

<faq ref="random-errors" toc="Random SSL errors under heavy load?">
Why do I get lots of random SSL protocol errors under heavy server load?
</faq>

    There can be a number of reasons for this, but the main one
    is problems with the SSL session Cache specified by the
    <tt>SSLSessionCache</tt> directive. The DBM session cache is most
    likely the source of the problem, so trying the SHM session cache or
    no cache at all may help.

<faq ref="load" toc="Why has the server a higher load?">
Why has my webserver a higher load now that I run SSL there?
</faq>

    Because SSL uses strong cryptographic encryption and this needs a lot of
    number crunching. And because when you request a webpage via HTTPS even
    the images are transfered encrypted. So, when you have a lot of HTTPS
    traffic the load increases.

<faq ref="random" toc="Why are connections horribly slow?">
Often HTTPS connections to my server require up to 30 seconds for establishing
the connection, although sometimes it works faster?
</faq>

    Usually this is caused by using a <code>/dev/random</code> device for
    <code>SSLRandomSeed</code> which is blocking in read(2) calls if not
    enough entropy is available. Read more about this problem in the refernce
    chapter under <code>SSLRandomSeed</code>.

<faq ref="ciphers" toc="Which ciphers are supported?">
What SSL Ciphers are supported by mod_ssl?
</faq>