Home Explore Help
Register Sign In
lusa
/
gd32450i-eval
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
gd32450i-eval
/
app
/
goahead-5.1.0
/
doc
/
contents
/
users
/
ssl.html

ssl.html 5.5 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. {
    2. 

  2.     title:  'SSL',
    3. 

  3.     crumbs: [
    4. 

  4.         { "User's Guide": '../users/' },
    5. 

  5.     ],
    6. 

  6. }
    7. 

  7. 

  8.             <h1>Configuring SSL</h1>
    9. 

  9.             <p>GoAhead supports the Secure Sockets Layer (SSL) protocol for authenticating systems and encrypting data.
    10. 

  10.             Use of this protocol enables secure data transmission to and from clients in a standards-based manner.</p>
    11. 

  11.             <p>This document provides step-by-step instructions for configuring SSL in GoAhead. If you are unfamiliar
    12. 

  12.             with SSL, please read the <a href="sslOverview.html">SSL Overview</a> first.</p><a id="sslQuickStart"></a>
    13. 

  13. 

  14.             <p>Except for the MbedTLS stack which is integrated, GoAhead includes only the interface to the SSL
    15. 

  15.             stack and not the SSL library itself. You need to build your required SSL stack and then configure
    16. 

  16.             GoAhead to use that SSL stack. See
    17. 

  17.             <a href="http://l:5000/start/source.html">Building From Source</a> for details on configuring GoAhead to
    18. 

  18.             use SSL.</p>
    19. 

  19. 

  20.             <h2 >SSL Quick Start</h2>
    21. 

  21.             <p>The default build of GoAhead will support SSL on port 443 for all network interfaces. You
    22. 

  22.             can immediately test SSL access to documents by using the <b>https://</b> scheme and <b>443</b> as the
    23. 

  23.             port. For example, to access the home page using SSL, use this URL in your browser:</p>
    24. 

  24.             <pre class="ui code segment">
    25. 

  25. https://127.0.0.1
    26. 

  26. </pre>
    27. 

  27.             <h2>Self-Signed Certificate</h2>
    28. 

  28.             <p>GoAhead is shipped with a self-signed certificate to identify the web server. This certificate is
    29. 

  29.             suitable for testing purposes only and your browser will issue a warning when you access the server. For
    30. 

  30.             production use, you should obtain your own service certificate from signing authorities such as <a href=
    31. 

  31.             "http://www.verisign.com">Verisign</a>.</p><a id="sslConfigurationDirectives"></a>
    32. 

  32.             <h2 >Build-time SSL Configuration Directives</h2>
    33. 

  33.             <p>GoAhead uses several <i>main.bit</i> configuration directives to control SSL and manage secure access to the
    34. 

  34.             server.
    35. 

  35.             <p>The relevant SSL directives are:</p>
    36. 

  36.             <ul>
    37. 

  37.                 <li>key &mdash; SSL public key</li>
    38. 

  38.                 <li>certificate &mdash; SSL certificate</li>
    39. 

  39.                 <li>ciphers &mdash; Cipher suite to use for openssl</li>
    40. 

  40.                 <li>caFile &mdash; File of certificates if verifying client certificates</li>
    41. 

  41.                 <li>caPath &mdash; Directory of certificates if verifying client certificates</li>
    42. 

  42.             </ul>
    43. 

  43. 

  44.             <a id="sslConfigurationExample"></a>
    45. 

  45. 

  46.             <a id="generatingKeys"></a>
    47. 

  47.             <h2 >Generating Keys and Certificates</h2>
    48. 

  48.             <p>To generate a request file that you can send to a certificate issuing authority such as <a href=
    49. 

  49.             "http://www.verisign.com">Verisign</a>, use the following openssl command or equivalent command from your
    50. 

  50.             SSL provider:</p>
    51. 

  51.             <pre class="ui code segment">
    52. 

  52. openssl genrsa -des3 -out server.key 1024
    53. 

  53. openssl req -new -key server.key -out server.csr
    54. 

  54. </pre>
    55. 

  55.             <p>This will generate a server key in the file "server.key" and will generate a certificate request in the
    56. 

  56.             file "server.csr" that you can send to the issuing authority. The issuing authority will generate a server
    57. 

  57.             certificate for your server and they will sign it with their private key. Subsequently, clients will be
    58. 

  58.             able to use the signing authorities public key to decrypt your server certificate and thus verify the
    59. 

  59.             identity of your server when negotiating a SSL session. When running these commands, you will be prompted
    60. 

  60.             to enter a pass-phrase password to decrypt the server private key. REMEMBER this password.</p>
    61. 

  61.             <p><b>SECURITY WARNING</b>: Safeguard the "server.key" private key jealously. If this falls into malicious
    62. 

  62.             hands, then your server identity may be hijacked by another site.</p>
    63. 

  63. 

  64.             <h2 >SSL Providers</h2>
    65. 

  65.             <p>GoAhead employs an open architecture SSL Provider interface so that customers can select the ideal SSL
    66. 

  66.             provider for their needs. Different SSL implementations excel in various ways. Some are compact, others are
    67. 

  67.             fast and some are extensive in their cipher support.</p>
    68. 

  68. 

  69.             <p>The MbedTLS SSL stack and interface are included with GoAhead. Other SSL interfaces are installed using the
    70. 

  70.             <a href="https://embedthis.com/pak/">Pak Package manager</a>.</p>
    71. 

  71. 

  72.             <ul>
    73. 

  73.                 <li>MbedTLS &mdash; designed for embedded use. See
    74. 

  74.                     <a href="https://embedthis.com/catalog/#/?keywords=goahead-mbedtls">goahead-mbedtls</a>.
    75. 

  75.                     Integrated with GoAhead and enabled by default</em>.</li>
    76. 

  76.                 <li>OpenSSL &mdash; large and complete. Designed for enterprise use.
    77. 

  77.                     See <a href= "http://www.openssl.org">http://www.openssl.org</a>.</li>
    78. 

  78.                 <!--
    79. 

  79.                 <li>MatrixSSL &mdash; designed for embedded use. See
    80. 

  80.                     <a href="https://embedthis.com/catalog/#/?keywords=goahead-matrixssl">goahead-matrixssl</a>.
    81. 

  81.                     Install via <em>pak install goahead-matrixssl</em>.</li>
    82. 

  82.                 <li>Mocana NanoSSL &mdash; designed for embedded use. See
    83. 

  83.                     <a href="https://embedthis.com/catalog/#/?keywords=goahead-nanossl">goahead-nanossl</a>.
    84. 

  84.                     Install via <em>pak install goahead-nanossl</em>.</li>
    85. 

  85.                 -->
    86. 

  86.             </ul>
    87.