Installing & Configuring SSL

Before you enable SSL in your server, you should consider how it will interact with regular serving of unencrypted pages. In most cases it is not a good idea to use HTTPS for all of your pages. Because SSL encrypts each page before transmitting it, clients may notice that it is slower than the HTTP interchange. In addition, some older web browsers do not support encryption and will not be able to access documents served via the HTTPS protocol. Make sure you read and understand SSL and Multiple Domains before proceeding.

Steps to Secure Serving

To start serving your website securely, follow these overall steps:

1 Check your DNS records to be sure you know the authoritative host name and the exact IP address.

For information, see DNS .

2 Generate a Private Key file for this host.
3 Generate a Certificate Request for this host.

You can store these files anywhere on your disk, but do not change their names after you have created them.

4 Choose the Certificate Authority, and follow the directions Obtaining and Installing Certificates to buy a certificate. A certificate proves that you are authorized to use the business or institutional name.
5 Add your certificate and key information to the SSL entry for this host.
6 If you have private data areas, set up a security policy with Realms and passwords.
7 Test your secure uploads and private areas carefully.

To access your secure pages, you'll need a browser which supports SSL, such as Netscape Navigator or Internet Explorer. To run the browser on the same Macintosh as the server, you will need enough free RAM for the browser, and server performance will decrease while the browser is running.

Performing the Installation

The WebSTAR Server Suite Installer automatically includes SSL when you install from the CD. Due to export restrictions, download installers do not include SSL installations, although they will upgrade SSL servers.

For instructions on installing WebSTAR servers, see Installation .

Upgrading from Earlier Versions of SSL

If you are installing WebSTAR Server Suite 4 over an existing SSL configuration, be sure to use the Secure Server upgrade option (see Upgrading SSL Versions of WebSTAR ).

The Installer does not move the WebSTAR/SSL Settings file to the WebSTAR (old) folder when upgrading. Instead, the first time the WebSTAR 4 server starts up, it extracts the Private Key password from this file and stores it in the new WebSTAR Settings file. After this extraction has taken place you are free to delete the old WebSTAR/SSL Settings file.

Your certificate will be converted the first time the new server is run. The old certificate will be renamed to old Digital ID . The new file will be named Certificate . The password is also converted.

The older certificate format is only converted the first time WebSTAR 4 runs. See Need to convert an old certificate for instructions on converting.

SSL Tools Folder

In the Tools & Examples folder, the SSL Tools folder contains two small applications for generating Private Keys and Certificate Signing Requests.