1. How do I get SSL and how much does it cost?
2. How do I configure SSL with a default certificate?
3. How can I give my virtual Web sites access to my main SSL certificate?
4. Where can I find more information about Certificate Authorities (CAs)?

Where can I find and purchase SSL for my Cobalt? 

Cobalt's Web site is the only location where you can purchase a ready-to-install ".pkg" file that will almost immediately configure SSL to work on your RaQ or RaQ2 server.

The URL for this and more information is: http://www.cobalt.com

How do I configure SSL with a default certificate? 

The following is taken from the "Red Hat Secure Web Server 3.0 - Developer Edition for Cobalt Networks Servers" (PDF) manual.

In order to successfully start your secure server, you must first generate a certificate.

1. Telnet to the server, and become "root".
2. Change directories to the web server configuration directory by typing:
   cd /etc/httpd/conf
3. Make an SSL key by typing "make genkey". You will need to type in a passphrase that will be used when generating certificates and when starting the secure web server. Do not forget this passphrase!
4. Make a certificate request by typing "make certreq". You will need to specify some information about the web site and the exact server name to be used.

Country Name: the two-letter code for your country.
State of Province: the state or province name spelled out completely (ex. California)
Locality Name: the name of your city spelled out completely.
Organization Name: your company or organization's name.
Organization Unit: your department or company section.
Server Host Name: (also called "common name") your hostname and domain name  of the server to be secured (ex. secure.cobaltnet.com)
Email Address: the webmaster's email contact address.

If you are only generating a test certificate, not a production (registered) certificate, you may jump to the next paragraph. The certificate request file is placed in /etc/httpd/conf/ssl.csr/server.csr. The contents of this file must be submitted to a certificate authority such as Thawte or Verisign. The certificate generated and returned to you by the certificate authority must be placed in the file: /etc/httpd/conf/ssl.crt/server.crt. If you need to change the server name, then you will have to re-generate the certificate request and re-register the secure server certificate with the certificate authority.

You may generate a test certificate to test your server while waiting for a real certificate from a CA (certificate authority). If you choose to generate a test certificate yourself, type "make cert". This will place the temporary (unregistered) certificate in the file: /etc/httpd/conf/ssl.crt/server.crt. You will need to replace the contents of this file once you obtain the registered certificate from the certificate authority.

For more information, please see our Docs index for SSL links and documentation. The manuals are well worth the trouble to download and print out as a hard-copy reference when going through the initial setup and configuration steps of using SSL.

How can I give my virtual Web sites access to my main SSL certificate? 

Instructions for configuring virtual Web sites under your server's SSL server:

1. Telnet into your server and become "root".
2. Create a directory for the virtual site secure area. Something like this:
   /home/sites/site1/secure
   (i.e at the same level as the virtual site's "web" directory)
3. Create a "cgi-bin" directory in the secure directory:
   /home/sites/site1/secure/cgi-bin
4. Now edit the following file:
   /etc/httpd/conf/srm-ssl.conf
5. Insert the following line in the file for the virtual site:
   ScriptAlias /cgi-secure/ /home/sites/site1/secure/cgi-bin/
   Alias /vsite /home/sites/site1/secure/

   Save the file.

6. Restart SSL:
   /etc/rc.d/init.d/httpsd restart

That's it! You can now access the virtual site from your secure server. Note that CGI scripts *must* be run from the secure/cgi-bin directory and nowhere else.

NOTE: This has not been tested and is not supported.

Where can I find out more information about Certificate Authorities (CAs)?