| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 |
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <title>SSL</title>
- <!-- Copyright Embedthis Software. All Rights Reserved. -->
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <meta charset="utf-8" />
- <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
- <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
- <meta name="description" content="Simple, fast, secure embedded web server" />
- <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700|Open+Sans:300italic,400,300,700'
- rel='stylesheet' type='text/css'>
- <link href='https://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
-
- <link href="../images/favicon.ico" rel="shortcut icon" />
- <link href="../lib/semantic-ui/semantic.min.css" rel="stylesheet" type="text/css" />
- <link href="../css/all.min.css" rel="stylesheet" type="text/css" />
- <link href="../css/api.min.css" rel="stylesheet" type="text/css" />
-
- </head>
- <body class="show-sidebar">
- <div class="sidebar">
- <div class="ui large left vertical inverted labeled menu">
- <div class="item">
- <a href="../" class="logo">GoAhead Docs</a>
- </div>
- <div class="item">
- <a href="../">
- <b>General</b>
- </a>
- <div class="menu">
- <a class="item" href="../">GoAhead Overview</a>
- <a class="item" href="../users/features.html">GoAhead Features</a>
- <a class="item" href="https://embedthis.com/goahead/download.html">Download</a>
- <a class="item" href="../licensing/">Licensing</a>
- </div>
- </div>
- <div class="item">
- <a href="../start/">
- <b>Getting Started</b>
- </a>
- <div class="menu">
- <a class="item" href="../start/quick.html">Quick Start</a>
- <a class="item" href="../start/installing.html">Installing GoAhead</a>
- <a class="item" href="../start/running.html">Running GoAhead</a>
- <a class="item" href="../start/releaseNotes.html">Release Notes</a>
- <a class="item" href="../start/faq.html">GoAhead FAQ</a>
- <a class="item" href="../start/source.html">Building from Source</a>
- </div>
- </div>
- <div class="item">
- <a href="../users/"><b>User's Guide</b></a>
- <div class="menu">
- <a class="item" href="../users/ports.html">Ports and Binding</a>
- <a class="item" href="../users/routing.html">Routing Requests</a>
- <a class="item" href="../users/handlers.html">Request Handlers</a>
- <a class="item" href="../users/js.html">Embedded Javascript</a>
- <a class="item" href="../users/jst.html">Javascript Templates</a>
- <a class="item" href="../users/goactions.html">GoActions</a>
- <a class="item" href="../users/cgi.html">CGI Programs</a>
- <a class="item" href="../users/authentication.html">User Authentication</a>
- <a class="item" href="../users/logFiles.html">Log Files</a>
- <a class="item" href="../users/ssl.html">Secure Sockets (SSL)</a>
- <a class="item" href="../users/security.html">Security Considerations</a>
- <a class="item" href="../users/man.html">Man Pages</a>
- </div>
- </div>
- <div class="item">
- <a href="../developers/">Developer's Guide</a>
- <div class="menu">
- <a class="item" href="../developers/embedding.html">Embedding GoAhead</a>
- <a class="item" href="../developers/handlers.html">Creating GoAhead Handlers</a>
- <a class="item" href="../developers/authstore.html">Creating Password Verifiers</a>
- <a class="item" href="../developers/migrating.html">Migrating to GoAhead 3</a>
- <a class="item" href="../developers/rom.html">Serving Pages from ROM</a>
- </div>
- </div>
- <div class="item">
- <a href="../ref/">Reference Guide</a>
- <div class="menu">
- <a class="item" href="../ref/compatibility.html">Compatibility</a>
- <a class="item" href="../ref/native.html">API Library</a>
- <a class="item" href="../ref/architecture.html">GoAhead Architecture</a>
- <a class="item" href="../standards/http.html">HTTP References</a>
- </div>
- </div>
- <div class="item">
- <a href="../developers/project.html">Project Resources</a>
- <div class="menu">
- <a class="item" href="http://goo.gl/IGbiio">Official GoAhead News</a>
- <a class="item" href="https://embedthis.com/goahead/">GoAhead Web Site</a>
- <a class="item" href="https://github.com/embedthis/goahead">Source Code Repository</a>
- <a class="item" href="https://github.com/embedthis/goahead/issues/99">GoAhead Security Alerts</a>
- <a class="item" href="https://github.com/embedthis/goahead/issues">Project Issue Database</a>
- <a class="item" href="https://github.com/embedthis/goahead/releases">Change Log</a>
- <a class="item" href="https://github.com/embedthis/goahead/milestones">Roadmap</a>
- <a class="item" href="https://embedthis.com/developers/contributors.html">Contributors Agreement</a>
- </div>
- </div>
- <div class="item">
- <b>Links</b>
- <div class="menu">
- <a class="item" href="https://embedthis.com/">Embedthis Web Site</a>
- <a class="item" href="https://embedthis.com/blog/">Embedthis Blog</a>
- <a class="item" href="http://twitter.com/embedthat">Twitter</a>
- </div>
- </div>
- </div>
- </div>
- <div class="ui inverted masthead">
- <div class="ui fixed inverted menu">
- <div class="ui sidebar-launch button">
- <i class="icon list layout"></i>
- </div>
- <div class="right menu">
- <a class="item" href="https://embedthis.com/">Embedthis</a>
- <a class="item" href="https://embedthis.com/goahead/">GoAhead Site</a>
- <span class="desktop-only">
- <a class="item" href="http://goo.gl/9bL9rM">GoAhead News</a>
- <a class="item" href="https://github.com/embedthis/goahead">Repository</a>
- <a class="item" href="https://embedthis.com/blog/">Blog</a>
- <a class="item" href="https://twitter.com/embedthat">Twitter</a>
- </span>
- </div>
- </div>
-
- <div class="ui breadcrumb">
- <a class="section" href="../">Home</a>
-
- <div class="divider">/</div>
- <a class="section" href="../users/">
- User's Guide
- </a>
-
-
- <div class="divider">/</div>
- <a class="active section" href="ssl.html">SSL</a>
-
- </div>
-
- <iframe class="version desktop-only" src="../version.html"></iframe>
- </div>
- <div class="content">
- <h1>Configuring SSL</h1>
- <p>GoAhead supports the Secure Sockets Layer (SSL) protocol for authenticating systems and encrypting data.
- Use of this protocol enables secure data transmission to and from clients in a standards-based manner.</p>
- <p>This document provides step-by-step instructions for configuring SSL in GoAhead. If you are unfamiliar
- with SSL, please read the <a href="sslOverview.html">SSL Overview</a> first.</p><a id="sslQuickStart"></a>
- <p>Except for the MbedTLS stack which is integrated, GoAhead includes only the interface to the SSL
- stack and not the SSL library itself. You need to build your required SSL stack and then configure
- GoAhead to use that SSL stack. See
- <a href="http://l:5000/start/source.html">Building From Source</a> for details on configuring GoAhead to
- use SSL.</p>
- <h2 >SSL Quick Start</h2>
- <p>The default build of GoAhead will support SSL on port 443 for all network interfaces. You
- can immediately test SSL access to documents by using the <b>https://</b> scheme and <b>443</b> as the
- port. For example, to access the home page using SSL, use this URL in your browser:</p>
- <pre class="ui code segment">
- https://127.0.0.1
- </pre>
- <h2>Self-Signed Certificate</h2>
- <p>GoAhead is shipped with a self-signed certificate to identify the web server. This certificate is
- suitable for testing purposes only and your browser will issue a warning when you access the server. For
- production use, you should obtain your own service certificate from signing authorities such as <a href=
- "http://www.verisign.com">Verisign</a>.</p><a id="sslConfigurationDirectives"></a>
- <h2 >Build-time SSL Configuration Directives</h2>
- <p>GoAhead uses several <i>main.bit</i> configuration directives to control SSL and manage secure access to the
- server.
- <p>The relevant SSL directives are:</p>
- <ul>
- <li>key — SSL public key</li>
- <li>certificate — SSL certificate</li>
- <li>ciphers — Cipher suite to use for openssl</li>
- <li>caFile — File of certificates if verifying client certificates</li>
- <li>caPath — Directory of certificates if verifying client certificates</li>
- </ul>
-
- <a id="sslConfigurationExample"></a>
-
- <a id="generatingKeys"></a>
- <h2 >Generating Keys and Certificates</h2>
- <p>To generate a request file that you can send to a certificate issuing authority such as <a href=
- "http://www.verisign.com">Verisign</a>, use the following openssl command or equivalent command from your
- SSL provider:</p>
- <pre class="ui code segment">
- openssl genrsa -des3 -out server.key 1024
- openssl req -new -key server.key -out server.csr
- </pre>
- <p>This will generate a server key in the file "server.key" and will generate a certificate request in the
- file "server.csr" that you can send to the issuing authority. The issuing authority will generate a server
- certificate for your server and they will sign it with their private key. Subsequently, clients will be
- able to use the signing authorities public key to decrypt your server certificate and thus verify the
- identity of your server when negotiating a SSL session. When running these commands, you will be prompted
- to enter a pass-phrase password to decrypt the server private key. REMEMBER this password.</p>
- <p><b>SECURITY WARNING</b>: Safeguard the "server.key" private key jealously. If this falls into malicious
- hands, then your server identity may be hijacked by another site.</p>
- <h2 >SSL Providers</h2>
- <p>GoAhead employs an open architecture SSL Provider interface so that customers can select the ideal SSL
- provider for their needs. Different SSL implementations excel in various ways. Some are compact, others are
- fast and some are extensive in their cipher support.</p>
- <p>The MbedTLS SSL stack and interface are included with GoAhead. Other SSL interfaces are installed using the
- <a href="https://embedthis.com/pak/">Pak Package manager</a>.</p>
- <ul>
- <li>MbedTLS — designed for embedded use. See
- <a href="https://embedthis.com/catalog/#/?keywords=goahead-mbedtls">goahead-mbedtls</a>.
- Integrated with GoAhead and enabled by default</em>.</li>
- <li>OpenSSL — large and complete. Designed for enterprise use.
- See <a href= "http://www.openssl.org">http://www.openssl.org</a>.</li>
- <li>MatrixSSL — designed for embedded use. See
- <a href="https://embedthis.com/catalog/#/?keywords=goahead-matrixssl">goahead-matrixssl</a>.
- Install via <em>pak install goahead-matrixssl</em>.</li>
- <li>Mocana NanoSSL — designed for embedded use. See
- <a href="https://embedthis.com/catalog/#/?keywords=goahead-nanossl">goahead-nanossl</a>.
- Install via <em>pak install goahead-nanossl</em>.</li>
- </ul>
- </div>
- <div class="terms ui basic center aligned segment">
- <p>© Embedthis Software, 2003-2015. All rights reserved.</p>
- </div>
- <script src="../lib/jquery/jquery.min.js"></script>
- <script src="../lib/semantic-ui/semantic.min.js"></script>
- <script src="../scripts/sidebar.min.js"></script>
-
-
- </body>
- </html>
|
