Installing a Secure Site Pro Server ID & Commerce Site Pro Server ID on a Netscape Enterprise Server

This document provides the instructions for installing a Secure Site Server ID & Commerce Site Server ID.  VeriSign recommends that you contact the Server vendor for additional information.

Installing the Intermediate CA Certificate

Pick up the Intermediate CA by clicking on the image below:

Get Intermediate CA Here

Installing a Secure Site Pro Server ID & Commerce Site Pro Server ID

When VeriSign has completed authenticating your enrollment, we will send you instructions for picking up your Server ID.

To install a Server ID and associate it with an alias:
  1. In the Server Administration page, choose Keys & Certificates|Install Certificate.
  2. Check the type of certificate you are installing: Choose This Server
  3. Paste the email text in the field called Message text. Be sure to include the headers "Begin Certificate" and "End Certificate." Make sure you check the corresponding radio button for either the file or the text.
  4. From the drop-down list, select the alias you used when you requested the certificate. If you choose the incorrect alias, the certificate won't install.
  5. Click OK. Another form appears asking if you want to add the certificate. Click the Add button. The certificate is stored in the directory <server_root>/alias. The filename will be <alias>-cert.db. For example, if your alias is mail, the file will be mail-cert.db.
Below are instructions on how to install the Intermediate root Ca on a Netscape Enterprise web
server.
- First start by entering the administrator console/interface.
- Next select Key & Certificates under General Administration.
- From here select install certificate.
- You will be presented with a series of options and you need
   to select the radio button labeled Certificate for: server certificate
   chain.
- You will need to either copy and paste the text of the
   Intermediate root CA or you can place the text into a file and
   read the file into the server.

Configure your Server to Do SSL
Activating SSL encryption

After you have generated a key-pair file and installed your certificate, you can activate SSL for your administration server. See the documentation for individual servers if you want to enable encryption in them.
  1. In the Server Manager, choose Admin Preferences|Encryption On/Off. The Encryption On/Off form appears.
  2. Check the On radio button.
  3. In the drop-down list, choose the alias for the key-pair file and certificate file that you want to use. You must know the password for the key-pair file referenced by this alias--it's the password you must enter before starting or stopping a server that uses SSL encryption.
  4. Set any security preferences you want.
  5. Stop your server, then restart it, from the command-line or NT control panel. You'll be prompted to enter the password for the key-pair alias you used.
    URLs to an SSL-enabled administration server are constructed using https instead of simply http. URLs that point to documents on an SSL-enabled server have this format:
    https://<servername.[domain.[dom]]:[port#]>
    For example, https://admin.mozilla.com:443. If you use the default secure http port number (443), you don't have to use the port number in the URL.

Setting security (SSL) preferences

You can set preferences for using SSL encryption on the administration server.
  1. Go to the Server Manager and choose Server Preferences|Encryption Preferences.
  2. Check the SSL versions you want your server to communicate with. The latest and most secure version is SSL version 3, but many older clients use only SSL version 2. You will probably want to enable your server to use both versions.
  3. Check the ciphers you want your server to use. The ciphers are listed for each version of SSL. A cipher is the algorithm used in encryption. Some ciphers are more secure, or stronger, than others. Generally speaking, the more bits a cipher uses during encryption, the harder it is to decrypt the data. Ciphers are described after this list.
  4. Click OK. Make sure you restart your server.
    When a navigator initiates an SSL connection with a server, it lets the server know what ciphers it prefers to use to encrypt information. In any two-way encryption process, both parties must use the same ciphers. Since there are a number of ciphers available, you should consider enabling all ciphers.
  5. You can choose ciphers from both the SSL 2 and SSL 3 protocols. Unless you have a compelling reason why you don't want to use a specific cipher, you should check them all.
Additional Q & A from Netscape




Copyright © 1999, VeriSign, Inc. All Rights Reserved