Security

Questions:

• Is Roxen CMS affected by the CVS remote vulnerability described in http://security.e-matters.de/advisories/012003.txt?
• How do I get a Signed certificate for use with HTTPS (SSL)?

Is Roxen CMS affected by the CVS remote vulnerability described in http://security.e-matters.de/advisories/012003.txt?

No, Roxen does not run cvs as a server. It is only the cvs pserver functionality that is vulnerable.

How do I get a Signed certificate for use with HTTPS (SSL)?

1. Use a wizard that creates a my-componay.key (the private key file) and a my-componay.csr (Certificate Signing Request file). The "Generate a Certificate Signing Request and an RSA key.." - wizard under SSL under Maintainance in Roxen administration interface can do that but there are other tools that can do the same - the procedure does not differ that much.

2. Send the CSR file to VeriSign or other authorized vendor.

3. The vendor will return a signed certificate, a public key file, which we could call my-componay.pem.

4. The two files - my-componay.key and my-componay.pub - should be placed in the roxen/local/ directory.

5. Under the Ports tab, in the site that should use the SSL key you will find two fields under the HTTPS enabled port
   SSL certificate file: my-componay.pem
   SSL key file: my-componay.key