Filter
Top Products
Secure the Web Server Stack
This section covers web server security.
• Data Transportation—Secure Sockets Layer (SSL) is a widely used technology to protect
data transfer. SSL enablement methods for both the Apache Web server and Tomcat
Application server.
• Application Authentication— Apache Web server provides a built-in authorization module
to enable access protection. Alternatively, Symas CDS provides a directory service solution
based on OpenLDAP, Berkeley DB, Cyrus SASL, and OpenSSL for more fine-grained
authentication purposes. CDS is an integrated authentication and authorization-based
security mechanism for enterprise applications managed and deployed in Apache httpd
and Tomcat Web servers. The directory server can store credential information and
application privileges about the users who are granted or forbidden access to specific
resources. In addition to controlling access based on user identities, OpenLDAP can control
access based on other attributes such as network address, transport, encryption strength,
dynamic relationships, and so on (for example, sets). Some applications or web pages in
specific applications in Apache Web server or Tomcat require access only by authenticated
users. Symas CDS provides this authentication mechanism by storing user credentials in
the directory server.
Enabling HTTPS Support in the Apache HTTP Server
The mod_ssl module provides an SSL implementation that allows web applications running
within the Apache Web server to communicate securely with their respective clients.
Communication can still occur over standard HTTP.
To enable HTTP over SSL (HTTPS), perform the following steps:
1. Run the shell script /usr/bin/gensslcert to create dummy ssl keys for mod_ssl.
This tool copies the /etc/apache2/ssl.crt/ca.crt file to /srv/www/htdocs/CA.crt
and creates the following key files:
• /etc/apache2/ssl.crt/ca.crt
• /etc/apache2/ssl.key/server.key
• /etc/apache2/ssl.crt/server.crt
• /etc/apache2/ssl.csr/server.csr
2. Edit the /etc/sysconfig/apache2 file by adding ssl to the APACHE_MODULES definition
and SSL to the APACHE_SERVER_FLAGS definition.
After completing the edits, the lines should look like the following:
APACHE_MODULES="... ssl ..."
APACHE_SERVER_FLAGS="SSL"
3. Create an SSL virtual host configuration file by copying template file to perform the test:
# cp /etc/apache2/vhosts.d/vhost-ssl.template \
/etc/apache2/vhosts.d/vhost-ssl.conf
4. Restart Apache by entering the following:
# /etc/init.d/apache2 restart
42