| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 | <!DOCTYPE html><html lang="en"><head>    <title>SSL</title>        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">    <meta charset="utf-8">    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">    <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">    <meta name="description" content="GoAhead web server">    <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700|Open+Sans:300italic,400,300,700' rel='stylesheet' type='text/css'>    <link href='https://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>        <link href="../images/favicon.ico" rel="shortcut icon">    <link href="../lib/semantic-ui/semantic.min.css" rel="stylesheet" type="text/css">    <link href="../css/all.min.css" rel="stylesheet" type="text/css">    <link href="../css/api.min.css" rel="stylesheet" type="text/css">    </head><body class="show-sidebar">    <div class="sidebar">        <div class="ui large left vertical inverted labeled menu">            <div class="item">                <a href="../" class="logo">GoAhead Docs</a>            </div>            <div class="item">                <a href="../">                    <b>General</b>                </a>                <div class="menu">                    <a class="item" href="../">GoAhead Overview</a>                    <a class="item" href="../users/features.html">GoAhead Features</a>                    <a class="item" href="https://embedthis.com/goahead/download.html">Download</a>                    <a class="item" href="../licensing/">Licensing</a>                </div>            </div>            <div class="item">                <a href="../start/">                    <b>Getting Started</b>                </a>                <div class="menu">                    <a class="item" href="../start/quick.html">Quick Start</a>                    <a class="item" href="../start/installing.html">Installing GoAhead</a>                    <a class="item" href="../start/running.html">Running GoAhead</a>                    <a class="item" href="../start/releaseNotes.html">Release Notes</a>                    <a class="item" href="../start/faq.html">GoAhead FAQ</a>                    <a class="item" href="../start/source.html">Building from Source</a>                </div>            </div>            <div class="item">                <a href="../users/"><b>User's Guide</b></a>                <div class="menu">                    <a class="item" href="../users/ports.html">Ports and Binding</a>                    <a class="item" href="../users/routing.html">Routing Requests</a>                    <a class="item" href="../users/handlers.html">Request Handlers</a>                    <a class="item" href="../users/js.html">Embedded Javascript</a>                    <a class="item" href="../users/jst.html">Javascript Templates</a>                    <a class="item" href="../users/goactions.html">GoActions</a>                    <a class="item" href="../users/cgi.html">CGI Programs</a>                    <a class="item" href="../users/authentication.html">User Authentication</a>                    <a class="item" href="../users/logFiles.html">Log Files</a>                    <a class="item" href="../users/ssl.html">Secure Sockets (SSL)</a>                    <a class="item" href="../users/security.html">Security Considerations</a>                    <a class="item" href="../users/man.html">Man Pages</a>                </div>            </div>            <div class="item">                <a href="../developers/">Developer's Guide</a>                <div class="menu">                    <a class="item" href="../developers/embedding.html">Embedding GoAhead</a>                    <a class="item" href="../developers/handlers.html">Creating GoAhead Handlers</a>                    <a class="item" href="../developers/authstore.html">Creating Password Verifiers</a>                    <a class="item" href="../developers/migrating.html">Migrating to GoAhead 3/4</a>                    <a class="item" href="../developers/rom.html">Serving Pages from ROM</a>                </div>            </div>            <div class="item">                <a href="../ref/">Reference Guide</a>                <div class="menu">                    <a class="item" href="../ref/compatibility.html">Compatibility</a>                    <a class="item" href="../ref/native.html">API Library</a>                    <a class="item" href="../ref/architecture.html">GoAhead Architecture</a>                    <a class="item" href="../standards/http.html">HTTP References</a>                </div>            </div>            <div class="item">                <a href="../developers/project.html">Project Resources</a>                <div class="menu">                    <a class="item" href="https://embedthis.com/blog/categories/GoAhead/">GoAhead News</a>                    <a class="item" href="https://embedthis.com/goahead/">GoAhead Web Site</a>                    <a class="item" href="https://github.com/embedthis/goahead">Source Code Repository</a>                    <a class="item" href="https://github.com/embedthis/goahead/issues/99">GoAhead Security Alerts</a>                    <a class="item" href="https://github.com/embedthis/goahead/issues">Project Issue Database</a>                    <a class="item" href="https://github.com/embedthis/goahead/releases">Change Log</a>                    <a class="item" href="https://github.com/embedthis/goahead/milestones">Roadmap</a>                    <a class="item" href="https://embedthis.com/developers/contributors.html">Contributors Agreement</a>                </div>            </div>            <div class="item">                <b>Links</b>                <div class="menu">                    <a class="item" href="https://embedthis.com/">Embedthis Web Site</a>                    <a class="item" href="https://embedthis.com/blog/">Embedthis Blog</a>                    <a class="item" href="http://twitter.com/embedthat">Twitter</a>                </div>            </div>        </div>    </div>    <div class="ui inverted masthead">        <div class="ui fixed inverted menu">            <div class="ui sidebar-launch button">                <i class="icon list layout"></i>            </div>            <div class="right menu">                <a class="item" href="https://embedthis.com/">Embedthis</a>                    <a class="item" href="https://embedthis.com/goahead/">GoAhead Site</a>                    <span class="desktop-only">                        <a class="item" href="https://embedthis.com/blog/categories/GoAhead/">GoAhead News</a>                        <a class="item" href="https://github.com/embedthis/goahead">Repository</a>                        <a class="item" href="https://embedthis.com/blog/">Blog</a>                        <a class="item" href="https://twitter.com/embedthat">Twitter</a>                    </span>            </div>        </div>                <div class="ui breadcrumb">            <a class="section" href="../">Home</a>                        <div class="divider">/</div>            <a class="section" href="../users/">                User's Guide            </a>                                    <div class="divider">/</div>            <a class="active section" href="ssl.html">SSL</a>                    </div>                <iframe class="version desktop-only" src="../version.html"></iframe>    </div>    <div class="content">            <h1>Configuring SSL</h1>            <p>GoAhead supports the Secure Sockets Layer (SSL) protocol for authenticating systems and encrypting data.            Use of this protocol enables secure data transmission to and from clients in a standards-based manner.</p>            <p>This document provides step-by-step instructions for configuring SSL in GoAhead. If you are unfamiliar            with SSL, please read the <a href="sslOverview.html">SSL Overview</a> first.</p><a id="sslQuickStart"></a>            <p>Except for the MbedTLS stack which is integrated, GoAhead includes only the interface to the SSL            stack and not the SSL library itself. You need to build your required SSL stack and then configure            GoAhead to use that SSL stack. See            <a href="http://l:5000/start/source.html">Building From Source</a> for details on configuring GoAhead to            use SSL.</p>            <h2>SSL Quick Start</h2>            <p>The default build of GoAhead will support SSL on port 443 for all network interfaces. You            can immediately test SSL access to documents by using the <b>https://</b> scheme and <b>443</b> as the            port. For example, to access the home page using SSL, use this URL in your browser:</p>            <pre class="ui code segment">https://127.0.0.1</pre>            <h2>Self-Signed Certificate</h2>            <p>GoAhead is shipped with a self-signed certificate to identify the web server. This certificate is            suitable for testing purposes only and your browser will issue a warning when you access the server. For            production use, you should obtain your own service certificate from signing authorities such as <a href="http://www.verisign.com">Verisign</a>.</p><a id="sslConfigurationDirectives"></a>            <h2>Build-time SSL Configuration Directives</h2>            <p>GoAhead uses several <i>main.bit</i> configuration directives to control SSL and manage secure access to the            server.            <p>The relevant SSL directives are:</p>            <ul>                <li>key — SSL public key</li>                <li>certificate — SSL certificate</li>                <li>ciphers — Cipher suite to use for openssl</li>                <li>caFile — File of certificates if verifying client certificates</li>                <li>caPath — Directory of certificates if verifying client certificates</li>            </ul>            <a id="sslConfigurationExample"></a>            <a id="generatingKeys"></a>            <h2>Generating Keys and Certificates</h2>            <p>To generate a request file that you can send to a certificate issuing authority such as <a href="http://www.verisign.com">Verisign</a>, use the following openssl command or equivalent command from your            SSL provider:</p>            <pre class="ui code segment">openssl genrsa -des3 -out server.key 1024openssl req -new -key server.key -out server.csr</pre>            <p>This will generate a server key in the file "server.key" and will generate a certificate request in the            file "server.csr" that you can send to the issuing authority. The issuing authority will generate a server            certificate for your server and they will sign it with their private key. Subsequently, clients will be            able to use the signing authorities public key to decrypt your server certificate and thus verify the            identity of your server when negotiating a SSL session. When running these commands, you will be prompted            to enter a pass-phrase password to decrypt the server private key. REMEMBER this password.</p>            <p><b>SECURITY WARNING</b>: Safeguard the "server.key" private key jealously. If this falls into malicious            hands, then your server identity may be hijacked by another site.</p>            <h2>SSL Providers</h2>            <p>GoAhead employs an open architecture SSL Provider interface so that customers can select the ideal SSL            provider for their needs. Different SSL implementations excel in various ways. Some are compact, others are            fast and some are extensive in their cipher support.</p>            <p>The MbedTLS SSL stack and interface are included with GoAhead. Other SSL interfaces are installed using the            <a href="https://embedthis.com/pak/">Pak Package manager</a>.</p>            <ul>                <li>MbedTLS — designed for embedded use. See                    <a href="https://embedthis.com/catalog/#/?keywords=goahead-mbedtls">goahead-mbedtls</a>.                    Integrated with GoAhead and enabled by default.</li>                <li>OpenSSL — large and complete. Designed for enterprise use.                    See <a href="http://www.openssl.org">http://www.openssl.org</a>.</li>                            </ul>    </div>    <div class="terms ui basic center aligned segment">        <p>© Embedthis Software. All rights reserved.</p>    </div>    <script src="../lib/jquery/jquery.min.js"></script>    <script src="../lib/semantic-ui/semantic.min.js"></script>    <script src="../scripts/sidebar.min.js"></script>         
 |