首页>技术支持>SSL证书安装指南 - Roxen

SSL证书安装指南 - Roxen

Configuring Roxen Challenger

When you have received your certificate, you have to tell Roxen to use it.

Copy the secret key and the certificate into the roxen tree, for example as roxen/server/certificates/my_cert.cert and roxen/server/certificates/my_key.rsa.

Still, the secret key must be protected. You probably want to run roxen as root, and have the secret key file readable by root only.

There are two Roxen modules for SSL. If you have working threads, use the one called ssleay, otherwise the one called ssl. Choose which one to run in the configuration interface under Server Variables -> Listen Ports.

Both protocol modules are configured the same way. You have to enter the file names of your secret key and your certificate, relative to roxen/server, like this:

cert-file certificates/my_cert.cert

key-file certificates/my_key.rsa

At last, to maintain security at your server, beware of security holes that may expose your secret key to an attacker. Don't run any unnecessary services, and install all security patches from your OS vendor.

As for your web server, be very careful when you decide which modules you install. Do not allow untrusted people to use pike scripts or the -tag. Avoid CGI-programs if possible, as it is too easy to introduce security holes there.