Difference between revisions of "Internet Security, Certificates, SSL"
(→Using SSL for opentaps Security) |
(→Configuring Your opentaps Server with an SSL Certificate) |
||
| Line 22: | Line 22: | ||
To Be Continued... | To Be Continued... | ||
| + | |||
| + | ___TOC___ | ||
| + | |||
| + | ==Introduction to Using SSL Certificates and Use Cases== | ||
| + | |||
| + | |||
==Configuring Your opentaps Server with an SSL Certificate== | ==Configuring Your opentaps Server with an SSL Certificate== | ||
| + | |||
| + | There are several possible operational configurations for the '''opentaps''' server software, and the one you choose to implement will determine how the secure socket layer (SSL) Certificate will need to be installed. | ||
| + | |||
| + | We will begin by describing how to install your unique Certificate for '''opentaps''' simplest installation, which involves using the imbedded web server supplied in '''opentaps'''' pre-compiled, downloadable form for Linux. | ||
| + | |||
| + | Then, we will discuss some tips about how to handle the Certificates obtained in various formats from the authorities who sell "signed" and verified certificates. Finally, we will consider other possible '''opentaps''' installations and related Certificate issues. | ||
| + | |||
| + | ===Installing Your Certificate for Basic Installations=== | ||
| + | |||
| + | ===Certificate and File Format Tips=== | ||
| + | |||
| + | ===Installing the Certificate for a Combined httpd (Apache) and Tomcat Installation=== | ||
Revision as of 21:19, 24 March 2010
_
Contents
_
Introduction to Preparing Your Operational Environment
Before you configure your opentaps system with any of your business data, or your company's confidential information, or your company employee's data, it will be prudent to consider the security of your opentaps system servers and the related internet network security. Best practices with respect to this topic suggest the following partial list of salient points:
- Your server should be protected by a properly configured firewall to allow only the required forms of network access, as defined by your management and their technical system administrative staff.
- Any internet access to the opentaps server should probably be limited to SSL (secure socket layer) internet transmission layer security, as determined by your management and their technical system administrative staff. Consider both the public internet and any in-house local internets in this topic.
- You should secure all of the opentaps IDs that are active on the system, using a strong and unique password having properly limited distribution to users with a business need for them, and you should disable all other IDs on opentaps.
- You should make sure that your technical system administrator has secured all of the opentaps host server software components and related ports of every kind, so that no unintended routes of access are possible on your system.
- You should make sure that your opentaps server has physical security that is practiced 100% of the time, and that is robust enough to meet your management's requirements.
- Before you put any of your opentaps system functions into a production mode of operation, you should develop, test, and deploy your methods for system data backup and for system data restoration. You should actually practice the system data restoration periodically to make sure that it actually does work.
- Consider whether you will need a server for testing data restoration, migration, or new software component releases that is separate from the production servers that you use. (Usually, production servers are off limits for testing purposes.)
- Included in this preparation, you should include a determination of when backup will be collected, by whom, and where it will be stored so that if your operational facility is breached or destroyed there will still be a copy of your system backup data available, somewhere else.
- Make your own list adding all items to this topic which your company deems essential to your own best practices, and complete working your list. When making your own complete list, you may wish to consider what you would do if the internet access suffers an outage, either on the public internet or on your own local internets, or if the physical opentaps server computer suffers an outage.
If you do not need to attach your server to the internets while you are doing preliminary configuration, and preparing your environment then you may be able to phase some of the steps to make progress while other steps are still being completed.
Using SSL for opentaps Security
opentaps can be configured to permit access only by the secure SSL-enabled ports, if this is required by your organization.
To Be Continued...
__
Introduction to Using SSL Certificates and Use Cases
Configuring Your opentaps Server with an SSL Certificate
There are several possible operational configurations for the opentaps server software, and the one you choose to implement will determine how the secure socket layer (SSL) Certificate will need to be installed.
We will begin by describing how to install your unique Certificate for opentaps simplest installation, which involves using the imbedded web server supplied in opentaps' pre-compiled, downloadable form for Linux.
Then, we will discuss some tips about how to handle the Certificates obtained in various formats from the authorities who sell "signed" and verified certificates. Finally, we will consider other possible opentaps installations and related Certificate issues.
