Description
Prerequisites
Included Software
Installation
Server Certificate
Configuration
Meeting Notes |
Creating a Server Key
- cd /etc/httpd/conf
- make genkey
/usr/sbin/ssleay genrsa -des3 -rand /dev/urandom 1024 >
httpsd.key
1049776 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.......+++++
....................+++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
- Notes:
- the first time I ran this command I got an 'unable to load random state' error
- if you don't want to supply a password when starting the web
server execute:
/usr/sbin/ssleay genrsa -rand /dev/urandom 1024 >
httpsd.key
- copy the keyfile /etc/httpd/conf/httpsd.key to multiple safe
locations, this is the unique key that will be certified by the Certificate Authority
Create a Certificate Signing Request
- make certreq
/usr/sbin/ssleay req -new -key httpsd.key > httpsd.csr
Using configuration from /etc/ssl/lib/ssleay.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name []:YourState
Locality (City) Name []:YourCity
Company (Organization) Name []:YourOrganization
Department Name []:YourDepartment
Server Host Name []:www.domain.com
Administrators Email Address []:user@domain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
- Notes:
- both 'extra' attributes can be ignored
Buying a Certificate from Thawte
- Required Documentation for Organizational Certificate
- Proof of Organizational Name
- Proof of the Right to use Domain Name
(not necessary for .com, .edu, org, .net or .se)
|
