During installation you are asked questions about how you want
to set up security.
- Keystore password: you must provide a password for the keystore.
It is used both for enabling secure login (credentials encryption)
and as a starting point for enabling HTTPS/SSL.
- Certificates: you are given the option of installing a personal
certificate or importing a certificate that you already have.
- Secure HTTP: you are asked whether you want to install the Apache
server enabled for HTTPS/SSL. The certificate you choose is used.
If you need to use a port number other than the default of 443, you
need to enter the port number at that time.
Using the provided personal certificate
The
provided certificate has the following attributes set:
- Subject DN: "CN=hostname", where hostname is the
fully qualified name of the host where you are performing the installation.
- Expiration period: 10 years (expressed as 3650 days). You can
change this value. Expiration periods of one to two years are typical.
Expiration periods longer than that increase vulnerability to security
attacks that attempt to guess the key.
You are given the opportunity to modify the provided certificate.
If you do modify the certificate, the following fields can be specified.
- Common Name (required)
- Locality
- State/Province
- Organization Name
- Country/Region Name (required)
- Street Address
The Common Name and Country/Region Name are concatenated into
an X500Principal type Subject DN to be specified during certificate
creation.
You are prompted for a password to use for the keystore
that the installer creates. Record this password. It is required to
complete setup of HTTPS/SSL.
Important: Changing the password
later is possible but a fairly long process. Use a strong password
that meets your local requirements for complexity.
Using your own certificate
If you have a certificate,
you can import it for use by all components and connections in the
system that use SSL: