SSL Certificates Installation Instruction for 4D WebSTAR 5.x Server

WebSTAR 5.x requires the certificate and the signing certificate (Root Certificate) to be included in a text file with a .pem extension. Download your certificate and the thawte Premium Server CA Root certificate and copy the certificates to a Notepad file or another text editor. Copy and paste the signing certificate below your issued certificate in the following order: yourCertificate > thawtePremiumServerCA root certificate. Save the file with a .pem extension (i.e mycertfile.pem)

a. Fetch your WoSign certificate

1.You will receive an email when your certificate is issued.
2.Copy and Paste your thawte issued certificate to Notepad or other text editor.(append it to the .pem file)
3.Copy and Paste the WoTrust Intermediate Root Certificate to Notepad or other text editor.(append it to the .pem file)
4. Once you have both certificates, open Notepad or other text editor and copy and paste the certificates and save as .pem.(i.e mycertfile.pem) E.g of what it should look like: -----BEGIN CERTIFICATE-----
Your Certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
WoSign Root certificate
-----END CERTIFICATE-----

b. Install your thawte c ertificate

Make sure that your web server has SSL capabilities. It should say "SSL" in the Status window on the server, and have an SSL Security item in the list of Settings in WebSTAR Admin. To install an SSL server, you may need to install WebSTAR from the distribution CD. Make sure the Status window is open on the server machine. In WebSTAR Admin, Settings window (on any machine), select SSL Security. The top area lists the IP addresses you have set using the IP Secondary Addresses file. The lower area sets your security options, including certificate and private key data. The checkboxes set your policy regarding incoming connections. Each IP address uses a different certificate. You can have certificates for several of these addresses, but one IP address can only have a single certificate. Select the item for the IP address which corresponds to the host name of the current Certificate. On the Security popup menu, select SSL 2 and SSL 3. Use the Certificate Choose button to select the certificate file you have saved in your host root folder.(mycertfile.pem) Use the Private Key File Choose button to select the private key file saved in your host root folder. Type or paste your Private Key Password into the appropriate field. Click the Save button. Look at the server Status window. You should see a message confirming that the SSL certificate was accepted. SSL context for xxx.xxx.xxx.xxx:443 created.

Encryption Ciphers

The cipher checkboxes indicate which encryption algorithms you will support. The client can connect only if they support at least one of the cipher you enable, and they negotiate to find the best fit.

• Very high-security sites will just enable 3DES and RC4-128.
• Some U.S. government sites require DES only, so if you are in that situation, do not enable the RC4 options.
• If you decide that your server does not require DES as the primary method, consider whether to allow your server to negotiate DES (which is more computationally intensive), or to allow only RC4.
• Most sites that want to allow overseas users will need to turn on DES, DES-40 and RC4-40. RC4-40 is the only supported encryption method that can be exported from the United States to other countries.
• MAC is a little different, and should only be used if you need to allow users to connect to your SSL server in an unsecure mode. There are a few countries where authentication is allowed but encryption is not, and the MAC cipher is sometimes used by clients in these countries. The MAC cipher will send your certificate to the client and ensure the integrity of the data you send, but it won't encrypt the data.

When you have chosen your cipher settings, click Save again to send the information to the server.