|
|
|
Security
Questions:
Is Roxen CMS affected by the CVS remote vulnerability described in
http://security.e-matters.de/advisories/012003.txt?
No, Roxen does not run cvs as a server. It is only the cvs
pserver functionality that is vulnerable.
How do I get a Signed certificate for use with HTTPS (SSL)?
-
Use a wizard that creates a my-componay.key (the private key file) and
a my-componay.csr (Certificate Signing Request file). The "Generate a
Certificate Signing Request and an RSA key.." - wizard
under SSL under Maintainance in Roxen administration interface can do that but there
are other tools that can do the same - the procedure does not differ
that much.
-
Send the CSR file to VeriSign or other authorized vendor.
-
The vendor will return a signed certificate, a public key file, which
we could call my-componay.pem.
-
The two files - my-componay.key and my-componay.pub - should be placed in
the roxen/local/ directory.
-
Under the Ports tab, in the site that should use the SSL key you will
find two fields under the HTTPS enabled port
SSL certificate file: my-componay.pem
SSL key file: my-componay.key
|
|