SSL Certificates Installation Instruction - Roxen
Configuring Roxen Challenger
When you have received your certificate, you have to tell Roxen to use it.
Copy the secret key and the certificate into the roxen tree, for example as roxen/server/certificates/my_cert.cert and roxen/server/certificates/my_key.rsa.
Still, the secret key must be protected. You probably want to run roxen as root, and have the secret key file readable by root only.
There are two Roxen modules for SSL. If you have working threads, use the one called ssleay, otherwise the one called ssl. Choose which one to run in the configuration interface under Server Variables -> Listen Ports.
Both protocol modules are configured the same way. You have to enter the file names of your secret key and your certificate, relative to roxen/server, like this:
cert-file certificates/my_cert.cert
key-file certificates/my_key.rsa
At last, to maintain security at your server, beware of security holes that may expose your secret key to an attacker. Don't run any unnecessary services, and install all security patches from your OS vendor.
As for your web server, be very careful when you decide which modules you install. Do not allow untrusted people to use pike scripts or the <pike>-tag. Avoid CGI-programs if possible, as it is too easy to introduce security holes there.