HP Secure Web Server Based on Apache SSL User Guide

This user guide for HP Secure Web Server on OpenVMS, based on Apache (November 2005), details the implementation and management of Secure Sockets Layer (SSL) for secure web communication.

The document explains that the HP Secure Web Server integrates mod_ssl (an Apache module) with the OpenSSL toolkit to provide essential security features:

• Privacy through encryption: Protecting data from eavesdropping.
• Server authentication: Verifying the identity of the web server to clients.
• Message integrity: Ensuring data has not been tampered with.
• Optional client authentication: Verifying client identity to the server.

Key aspects covered include:

• SSL Protocol Fundamentals: An introduction to how SSL establishes secure links, the SSL handshake process, public-key encryption (asymmetric and symmetric keys), digital signatures, ciphers, and certificate chains.
• mod_ssl Directives: Instructions on configuring SSL functionality through directives in the HTTPD.CONF file (via MOD_SSL.CONF) for global, per-server, or per-directory settings.
• Understanding Certificates: A deep dive into the structure of X.509 digital certificates, including distinguished names (DNs), and differentiating between server, client, and Certificate Authority (CA) certificates.
• OpenSSL Certificate Tool: A dedicated utility for managing certificates, allowing users to view existing certificates and requests, create new certificate requests, generate self-signed certificates, establish a Certificate Authority, sign client certificate requests, and hash certificate authorities/revocation lists.
• Certificate Usage and Deployment: Practical guidance on installing certificates (including self-signed and commercial CA certificates like Verisign Global Server IDs), enforcing secure page access using SSLRequireSSL and SSLVerifyClient directives, distributing client certificates, and performing command-line OpenSSL operations like generating Certificate Revocation Lists (CRLs) and converting certificate formats.

The guide serves as a comprehensive resource for administrators to set up, configure, and maintain SSL security for their HP Secure Web Server environment on OpenVMS.