Perl Scripting And Developing, Ecommerce Web Host Blog

can remove certificates that are currentlyaccepted by Mozilla with a click of the mousein the Certificate Manager. If you want toremove a certificate, highlight the certificateand click the Delete button. You ll be asked toverify that you want to delete the certificate click OK, and it s history. 7.You can view additional certificate details byclicking the Details tab on the CertificateViewer (see Figure 45-4). Figure 45-4: Detailed certificate information. 8.Highlight the fields in the tree control in thecenter pane to view the specific details of thecertificate in the Field Value pane. 5.Click the Authorities tab to see the signingauthorities trusted by your browser (see Figure 45-2). Figure 45-2: The authorities trusted by our browser. 6.Highlight a certificate name and click the Viewbutton (located in the lower left-hand corner ofthe Certificate Manager window). The Certificate Viewer dialog opens with informa- tion about the certificate, as shown in Figure 45-3. Figure 45-3: Information about a specific CA.
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Web server (and you followed our example), the certificate is already in place in /etc/httpd/ conf/ssl.crt/server.crt; all you have to do now isrestart httpd(the Apache server): # service httpd restartStopping httpd: [OK] Starting httpd: Apache/2.0.47 mod_ssl/2.0.47 (Pass Phrase Dialog) Some of your private key files areencrypted for security reasons. In order to read them you have to provideus with the pass phrases. Server localhost.localdomain:443 (RSA) Enter pass phrase: Ok: Pass Phrase Dialog successful. Trusting in Trusted CertificationAuthoritiesWhen customers visit a Web site with the intent tomake a purchase, they want a serious guarantee thattheir personal information name, address, andcredit card number isn t being distributed acrossthe Internet for just anyone to use. When you connect to a Web site secured with anSSL certificate, a little gold padlock appears in thebrowser tray. Hover your mouse over the lock iconto see a short description of the CA that signed thecertificate. To see more information about the certifi- cate (and the signer), click the lock icon. In the PageInfo window that appears, click View to see all thegory details. Exploring Your CertificateCollection with MozillaAs you browse the World Wide Web, you re bound toencounter certificates from various sites. How doesyour Web browser know which certificates to trust? Each browser (Mozilla, Internet Explorer, Netscape, and so on) comes with a set of predefined trustedauthorities. To explore the certificates and authorities trusted byyour Mozilla browser, follow these steps (the proce- dure is similar if you re using a browser other thanMozilla): 1.Open the Main Menu and chooseInternet.Mozilla Web Browser. The Mozilla Web browser opens. 2.To view the certificate authorities that are cur- rently trusted by your Mozilla browser, chooseEdit.Preferences. The Preferences dialog opens. 3.Expand the Privacy & Security portion of thetree control in the Category column and thenclick Certificates. The Certificates dialog opens, as shown in Figure 45-1. Figure 45-1: The Certificates dialog. 4.Click the Manage Certificates button to openthe Certificate Manager.
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

Open a terminal window and give yourselfsuperuser privileges with the su -command: $ su - Password: # 2.Move to the directory that contains the CAshell script: # cd /usr/share/ssl/misc3.Type in the following command: # openssl ca -policy policy_anything \ -in filename.csr \ -out filename.crtSubstitute the CSR name where you see filename.csrand the desired certificate namewhere you see filename.crt. For example, if youwant to sign the CSR for your own Apache Webserver, you would type this: # openssl ca -policy policy_anything \ -in /etc/httpd/conf/ssl.csr/server. csr\ -out /etc/httpd/conf/ssl.crt/server. crtNext, the opensslprogram asks for the pass- phrase that protects your CA s private key: Enter passphrase for ./dem… /cakey.pem: 4.Type in the password that you assigned whenyou created the CA and press Enter. openssldisplays the content of the CSR (inhuman-readable form) and asks if you want tosign the certificate. 5.Look over the content, and if the informationlooks correct, press Y and then Enter to sign it. 6.opensslasks if you want to commit yourchanges to the CA database: Press Y and thenEnter to finish. That s it! The new, signed certificate is saved in thefile that you specified. If you signed the certificatefor another user, e-mail the certificate to the recipi- ent. If you signed a certificate that you want to use inOn Mandrake and SuSE systems, use this com- mand instead: # ./CA.sh -newcaThe CA script now asks you a series of questions, most of which will be familiar by now. The firststep in creating the CA infrastructure is to createa new, self-signed certificate. You re promptedfor an existing CA certificate: CA certificate filename (or enter to create) 4.Just press Enter to create a new certificate. 5.Enter a passphrase that will protect your CA sprivate key: Making CA certificate … Generating a 1024 bit RSA private key……………..++++++ writing new private key to ./demoCA/private/./cakey.pem Enter PEM pass phrase: Verifying - Enter PEM pass phrase: 6.The CA script prompts you for the same bits ofinformation that you provide when creating aself-signed certificate or a certificate signingrequest. Answer each question in turn. After you ve answered the last question, the CA script creates a self-signed certificate in./demoCA/cacert.pem. Take a peek at this certificate with the following command: # openssl x509 -in demoCA/cacert.pem -textNotice that the issuer and the subject are identical that tells you that this is a self-signed certificate. Signing a CSRWhen you have a CA up and running, you can startto sign CSRs (converting them from requests intoactual certificates). To sign a CSR, follow these steps:
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

Click the Examine Certificate button to see thedetails of the certificate (see the following figure). 2.Click the Details tab, and then highlight theIssuer line in the Certificate Field frame. In the Field Value frame, you ll see the name ande-mail address of the certificate issuer. You can decidefor yourself if this person is trustworthy. Creating a Signing Authoritywith opensslUse opensslto create a certificate authority (CA) yourself if you want to sign certificates for use withinyour organization. Running your own CA can be use- ful if you want to hand out trusted software to otherpeople in your organization. A CA is also useful ifyou want to serve secure content (payroll benefitsand in-house sales, for example). A CA has three responsibilities: Verifying identity Signing requests Maintaining a database of signed certificatesopensslcomes with a program that can handle thelast two responsibilities for you. You still have toverify identities yourself using whatever method isappropriate for your site: If you are creating a CA foryour company, a photo ID card may be sufficient. Creating a certificate authorityTo create a CA, follow these steps: 1.Open a terminal window and give yourselfsuperuser privileges with the su -command: $ su - Password: # 2.If you re using Fedora or SuSE, move to thedirectory that contains the CA shell script: # cd /usr/share/ssl/miscIf you re using Mandrake: # cd /usr/lib/ssl/misc3.Create the CA infrastructure with the followingcommand: # ./CA -newca55_
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

automatically saves the self-signed certificatewhere Apache expects to find it. To see your certifi- cate in action, restart your Apache server: # /sbin/service httpd restartStopping httpd: [OK] Starting httpd: Apache/2.0.47 mod_ssl/2.0.47 (Pass Phrase Dialog) Some of your private key files areencrypted for security reasons. In order to read them you have to provideus with the pass phrases. Server localhost.localdomain:443 (RSA) Enter pass phrase: Ok: Pass Phrase Dialog successful. Notice that Apache now asks for the passphrase thatprotects your server s private key. Now, open a Web browser and connect tohttps://127.0.0.1Notice the preceding URL starts with httpsrather than http. That means it s connectingto a secure server. You ve just created a self-signed certificate andinstalled it on your own Apache server. Because your users may receive a warning whenthey encounter this certificate, it s a good idea togive them a little forewarning about what s going on. See the sidebar, When Mozilla encounters a self- signed certificate, for details on how this works. When Mozilla encounters a self-signed certificateSelf-signed certificates are not very trustworthy. When youvisit a site with a self-signed certificate, you should receive awarning screen from Mozilla asking if you know this jokerand if his certificate is good enough for you (see the follow- ing figure). From here, follow these steps to examine thecertificate: When you receive the final certificate, simply copy itto /etc/httpd/conf/ssl.crt/server.crtand restartyour Apache server. Creating a Self-SignedCertificateCreating a self-signed certificate with Fedora is justas easy as creating a CSR, but you end up with a testcertificate rather than a request that you send to aCA. Again, if you re not using Fedora, we recommendthat you generate SSL certificates with the help ofWebmin s Certificate and Key Management module(see Technique 17 for more details). Here are the steps you need to follow to create a self- signed certificate with Fedora: 1.Open a terminal window and give yourselfsuperuser privileges with the sucommand. 2.Move to the directory /etc/httpd/conf: # cd /etc/httpd/conf3.Type make testcertand press Enter. 4.You re prompted for the password that protectsyour private server key. Type in the passwordand press Enter. 5.OpenSSL prompts you for the same informationthat you provide when creating a CSR (loca- tion, organization, e-mail address, and so on). Answer each question in turn. After you ve answered the last question (youre-mail address), OpenSSL creates a self-signedcertificate and saves it in /etc/httpd/conf/ssl. crt/server.crt. To view the certificate at the command line, use thefollowing command: # openssl x509 -in ssl.crt/server.crt -textYou ll see that the issuer and subject are identical that s a self-signed certificate.
You want to have a cheap webhost for your apache application, then check apache web hosting services.

can see that the certificate contains all the infor- mation that you entered. The CSR is digitally signedwith your private key; the CA verifies the signatureby using the public key included in the CSR. Send the CSR (/etc/httpd/conf/ssl.csr/server.csr) to the certification authority that you ve selected, along with the proof-of-identity documents that itrequires. LISTING45-1: EXAMININGACERTIFICATESIGNINGREQUESTCertificate Request: Data: Version: 0 (0×0) Subject: C=US, ST=Virginia, L=Anytown, O=TrixieWare, OU=Cosmology, CN=www.trixieware.com/emailAddress=newdoo@trixieware.comSubject Public Key Info: Public Key Algorithm: rsaEncryptionRSA Public Key: (1024 bit) Modulus (1024 bit): 00:ac:fd:51:b4:b0:42:80:eb:cf:7f:53:54:64:1b: 8a:13:fe:45:81:9c:7b:d5:a4:58:23:68:3a:d1:84: 0e:51:77:57:21:27:b6:3a:5b:e1:50:ca:81:2e:5e: e2:65:36:9e:64:ed:63:88:a7:d0:55:2f:58:a9:19: 39:2b:85:0a:c2:a2:3b:a6:ce:3e:a1:57:a8:99:72: 32:6d:40:70:32:86:10:a6:f0:09:ac:f9:66:e9:64: c1:a0:d3:ca:7a:61:01:4a:b0:3f:5b:0d:15:1d:58: 6a:01:b9:ca:e2:c8:dd:ac:49:03:4e:e4:3e:1d:fb: c3:ef:ca:30:c0:1e:6f:a9:39Exponent: 65537 (0×10001) Attributes: a0:00Signature Algorithm: md5WithRSAEncryption04:61:e0:3d:4b:69:2b:92:27:fb:e7:f1:a1:e2:2a:21:3d:89: 7f:ba:67:9a:34:9c:9e:73:00:f4:79:6c:0a:bf:57:99:6d:08: 0e:ad:4d:a8:0c:5a:f3:fc:43:a2:4a:fc:5a:24:c7:4b:02:55: 1d:be:d8:2a:12:49:91:d0:f1:c3:61:62:d8:73:95:62:c9:f8: ca:6a:c2:34:f7:67:02:34:5d:dc:b6:36:59:46:c7:9d:36:7a: 29:8a:4d:de:5e:f6:b9:52:26:33:e5:8d:f2:fd:cf:da:4b:65: f6:4f:fa:12:cf:10:13:d7:bb:1b:f7:22:60:b9:9a:4d:20:49: 81:80—–BEGIN CERTIFICATE REQUEST—– MIIB3DCCAUUCAQAwgZsxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJWYTETMBEGA1UEBxMKRnJvZyBMZXZlbDETMBEGA1UEChMKVHJpeGllV2FyZTESMBAGA1UECxMJQ29 bW9sb2d5MRswGQYDVQQDExJ3d3cudHJpeGlld2FyZS5jb20xJDAiBgkqhkiG9w0BCQEWFW5ld2Rvb0B0cml4aWV3YXJlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQA gYkCgYEArP1RtLBCgOvPf1NUZBuKE/5FgZx71aRYI2g60YQOUXdXISe2OlvhUMqBLl7iZTaeZO1jiKfQVS9YqRk5K4UKwqI7ps4+oVeomXIybUBwMoYQpvAJrPlm6WTBoNPKemEBSrA/Ww0VHVhqAbnK4sjdrEkDTuQ+HfvD78owwB5vqTkCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAARh4D1LaSuSJ/vn8aHiKiE9iX+6Z5o0nJ5zAPR5bAq/ V5ltCA6tTagMWvP8Q6JK/Fokx0sCVR2+2CoSSZHQ8cNhYthzlWLJ+MpqwjT3ZwI0Xdy2NllGx502eimKTd5e9rlSJjPljfL9z9pLZfZP+hLPEBPXuxv3ImC5mk0gSYGA—–END CERTIFICATE REQUEST—–
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.

OpenSSL program now asks you a series ofquestions regarding your identity. 5.Enter the two-letter code for your country. For example, type USfor United States or CAforCanada. 6.Enter the full name (not the abbreviation) foryour state or province. 7.Enter the name of your organization (a com- pany name, for example). 8.Enter the name of your department within theorganization. Or, if you re requesting a certifi- cate for your entire organization, just pressEnter. 9.Enter the name of your Web server (for exam- ple, www.example.com). If you have (or plan tohave) multiple Web servers at your site, use a * in place of the host name, like this: *.example. com(you still need to include your domainname). It s very important that you enter your real Webserver name here. When the CA issues a certifi- cate, it belongs to a specific Web site. If you tryto use that certificate on a Web server with a dif- ferent name, visitors to your Web site will begreeted with a scary message warning of certifi- cate forgery. 10.Enter your e-mail address. 11.Next, you re prompted for two extra pieces ofinformation: a challenge password and anoptional company name. Just press Enter twiceto ignore those questions. OpenSSL saves the resulting CSR (certificatesigning request) in /etc/httpd/conf/ssl.csr/ server.csr. If you d like to see what s inside the CSR in human- readable form, use the following command: $ openssl req -text -inssl.csr/server.csr. You see a result similar to that shown in Listing 45-1. CSR contains two important pieces of information: your identity and your public key. In an SSL certificate, the identity is called the subject(and the CA is called the issuer). Every subject (and every issuer) is identified by the followinginformation: Location (country, state/province, city) Organization (organization name and organiza- tional unit) Common name (the name of your Web server, asseen by the outside world) E-mail addressIf you re a Fedora user, you can use the toolsinstalled with Apache to generate a CSR (we showyou how in a moment). If you re not using Fedora, you have a bit more work to do: We suggest usingWebmin and Webmin s Certificate and Key Manage- ment module to generate a CSR. Technique 17 showsyou how to install and use Webmin (the Certificateand Key Management module is an add-on that you llhave to download separately from the www.webmin. comWeb site). Fedora makes it easy to create a CSR (and the public/private key pair that you need in order to sign the CSR): 1.Open a terminal window and give yourselfsuperuser privileges with the sucommand. 2.Move to the directory /etc/httpd/conf: # cd /etc/httpd/conf3.Type make certreqand press Enter. 4.If you have an existing server key (it s stored in/etc/httpd/conf/ssl.key/server.key), you reprompted for the passphrase for that key. If youdon t have an existing server key, OpenSSL cre- ates a new server key for you and asks for apassphrase that will protect your private serverkey from unauthorized use. In either case, typein the passphrase and press Enter.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

identity. A passport contains your name, birthdate, and birthplace. An SSL certificate contains yourname, location (country, state/province, and city), organization name, and e-mail address. Passports (and SSL certificates) also provide somemethod for ensuring that your identity is correct. Your passport contains a photograph that someonecan compare with your face. An SSL certificate con- tains the public half of a public/private key pair. A passport also contains safeguards against forgery: Every passport contains a watermark, and manygovernments will soon issue passports that containholograms (which are very difficult to forge). Like- wise, an SSL certificate is digitally signed with theissuer s private key, and any tampering makes thedigital signature invalid. Passports and SSL certificates share another impor- tant characteristic: They re both issued by trustedthird parties. A border authority isn t likely to trust apassport that you ve issued to yourself. Instead, apassport office (the U.S. State Department, for exam- ple) verifies your identity and issues a passport. Foreign governments trust that the passport officehas done a thorough job investigating your identity. SSL certificates work the same way. Choosing an SSL CertificateTo obtain an SSL certificate, you send a request(called a certificate signing request, or CSR), alongwith proof of your identity, to a trusted authority. The trusted authority (also known as a certificationauthority, or CA) compares your request to the proofof identity that you provide, and if it s satisfied thatyou are who you claim to be, it issues you a certifi- cate. The certificate that you receive is signed withthe issuer s private key you can verify the signa- ture by using the issuer s public key. You can get three different types of SSL certificate, and each provides a different level of trust: A self-signed certificate is untrustworthy (butuseful for testing). A certificate signed by a local CA (a CA that youcreate and manage yourself) can be trusted byyour peers. A certificate signed by a well-known CA can betrusted by outside parties (that is, customers). Obtaining a signed certificate costs money. The CAassumes the work of verifying your identity and main- taining a database of valid certificates. A number ofcompanies are in the certification business, and twoof the best known are VeriSign (www.verisign.com) and thawte (www.thawte.com). If you decide to go thisroute, see the following section, Creating a CertificateSigning Request, for details on how to get the certifi- cate from a CA. If you want to test out your Web site before you shellout a few bucks to a CA, you can create a self-signedcertificate. A self-signed certificate looks and actslike a normal certificate except for one very impor- tant difference: You should never trusta self-signedcertificate. Trusting a self-signed certificate is liketrusting a self-issued passport. Anyone can create aself-signed certificate, and more importantly, anyonecan forge a self-signed certificate. We explain howthis is done in the Creating a Self-Signed Certificate section, later in this technique. In some cases, you may want to act as a CA yourself. For instance, if you head up the IT department at alarge company, you can issue certificates to in-houseWeb servers without having to pay a third-party CAfor each one. You might use your in-house CA to distribute trusted software or deliver confidentialcontent such as payroll information. Creating a Certificate Signing Request To request a signed certificate from a CA, you mustfirst create a certificate signing request (or CSR). The55_
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

45Save Time By Generating your own SSLcertificate Signing your own SSLcertificates for privateuse Viewing the CAs that yourbrowser currently trustsTechniqueSafeguarding YourApache Server withSSL CertificatesSSL (Secure Sockets Layer) is a security protocol that assures usersvisiting your Web site that you are who you say you are. OpenSSL isa Linux software package that implements the SSL protocol. If you rerunning a Web server that handles financial transactions or sensitivedocuments, an SSL certificate tells your customers or colleagues thattheir information is really in yourhands, and not in the hands of sometroll who has intercepted the transaction. To use SSL security at your Web site, you need a signed SSL certificate. Your Web server (typically Apache) sends your certificate whenever abrowser requests a secure connection. You can purchase a signature froma trusted authority, or you can obtain a signature from an intermediateauthority to generate a certificate that s part of a chain of trust. In a chainof trust, a high-level certification authority entrusts an intermediary who inturn signs your certificate, guaranteeing that you re reputable. You can also sign your own certificates by becoming your own certificateauthority without a chain of trust. Your certificate may not convey enoughtrust for consumers to send in their credit card numbers, but within a cir- cle of colleagues, having an active certificate is an assurance that theirtransactions are being handled with respect. In this technique, we explain the trust levels associated with each type ofcertificate. We also show you how to request a signed certificate from atrusted certificate authority, how to create a self-signed certificate thatyou can use to test your Web server configuration, and how to create yourowncertificate authority. You ll save time and assure your colleagues andcustomers that they really are in contact with your computer and not aninterceptor. Understanding the Basics of How Certificates WorkIn geek-speak, a certificateis a document that proves your identity. Certificates are like passports in that they contain information about55_
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

column and click the right-arrow but- ton to include that database in the BackupContent pane. Expand the database into a treecontrol form by clicking the arrow next to thedatabase name. Check the boxes next to eachtable name to include (or uncheck the boxes toexclude) the tables in the backup (see Figure 44-9). Figure 44-9:Creating a new backup profile. When your profile is complete, click the SaveProject button. To run the backup, click the StartBackup button. In this technique, we ve given you other, dependable ways to back up. They re notgraphical, but dependability counts whenyou re making backups. Until this productmatures a bit, we recommend sticking to triedand true backups for data you treasure. Restore Backup: The Restore Backup menuselection opens a dialog designed to restore fromarchives created with the Backup menu. For now, we recommend that you use more dependablemethods to back up and restore. Replication Status: The Replication Status menuselection opens a dialog displaying informationabout the state of your replication topology. (Wecover MySQL replication features earlier in thistechnique.) Catalogs: The Catalogs menu selection displaysinformation about the databases and tablesdefined on your MySQL server. The creators of MySQL Administrator are a bitloose with their labels. The Catalogs andSchemata labels both refer to what are nor- mally called databases. Highlight a database name in the Schemataframeto see the tables stored in that database. Highlight a table name in the top panel to displaythe columns within that table, as shown inFigure44-10. Use the tab controls in the lower panel to viewinformation about the Columns, Indices, TableStatus, and Row Status. Figure 44-10:Table information displayed with MySQLAdministrator. MySQL Administrator should grow up to be anifty timesaving tool. If you re just starting touse MySQL, you may want to avoid the frus- tration (and slowdowns) caused by the bugsand skip the installation of the version distrib- uted with Fedora (3.x). You can download the RPM packages that you need to installMySQL version 4.0 or better from www. mysql.com/downloads.
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.