S o n o m a U s e r M a n u a l
48
C H A P T E R F I V E
Configure Certificate and Key
For SSL it is recommended, but not required, that new certicates and keys are generated and
installed on the Apache web server with mod_ssl. The factory congured, self-signed certicate is
located in /etc/httpd/server.crt, and the key in/etc/httpd/server.key. After creating new certicates and
private keys, they will need to be saved in /boot/etc/httpd/server.crt and /boot/etc/httpd/server.key. To
generate a new certicate and key, issue these commands:
cd /boot/etc/httpd
openssl req -new -x509 -nodes -out server.crt -keyout server.key
The two les will be created in the /boot/etc/httpd directory. You must reboot the Sonoma for them
to take effect. An excellent book which describes operation and conguration of the various HTTPS
directives and SSL conguration is:
Professional Apache, Wainwright, Wrox Press, 1999.
NTP
You can congure your NTP clients for secure MD5 authentication. See Chapter 3 - NTP, Unix-like
Platforms: MD5 Authenticated NTP Client Setup or Chapter 3 - NTP, Windows: MD5 Authenti-
cated NTP Client Setup. You can also restrict NTP query access. See Restrict Query Access - NTP
in this chapter.
Network Security
Vulnerabilities
EndRun addresses major network security vulnerabilities that affect Sonoma at the top of this web-
page:
http://www.endruntechnologies.com/fsb.htm
This Application Note describes best practices to secure your time server and mitigate many network
security vulnerabilities:
http://www.endruntechnologies.com/pdf/AppNoteSecurity.pdf
To Next Page
Loading...