SSL cert

Posted At: 9/6/2007 5:36 PM
Subject:
ssl cert
Text:
basically, you
1 use openssl 0.9.8d to create a key (thawte says 1024 bit max)
2 use the key to create a request file
3 paste that file into thawte website to get back a real cert(yes must pay them first)
4 paste that into (filename).crt
5 put key+cert into openssl-0.9.8d/ssl/certs
6 check that apache config matches the names you chose
7 fully shut down apache (not kill HUP), and start apache



on tecate /www/apache/openssl/newcerts

1+2: ssl key
/www/apache/openssl-0.9.8d/bin/openssl genrsa -out privkey.pem 1024
(results in privkey.pem)

3+4+5: create request file to send to thawte
/www/apache/openssl-0.9.8d/bin/openssl req -new -key privkey.pem -out cert.csr (paste 'cat cert.csr' in Thawte webpage's box, then get resulting temp cert on next page; create new file on linux box, and paste temp cert info, results in from_thawte_temp.crt(yes I chose that goofy name)) (results in: from_thawte_temp.crt)
PS: www.dev1.blah.net was needed because dev1.blah.net wouldn't work

6+7: lines in /www/apache/2.0.59/conf.qa5/httpd.conf

SSLCertificateFile /www/apache/openssl-0.9.8d/ssl/certs/qa5-5cert.pem (moved to ".old, replaced with renamed new cert file from thawte)

SSLCertificateKeyFile /www/apache/openssl-0.9.8d/ssl/certs/qa5-5nopwdkey.pem (moved to ".old, replaced with renamed new key file)

completely shut down httpd for qa5
start httpd (use history for switches etc.)
done


movielink defaults on tecate when creating cert request:

Country Name (2 letter code) [US]:
State or Province Name (Full name) [California]:
Locality Name (eg, city) [Santa Monica]:
Organization Name (eg, company) [blah]:
Organizational Unit Name (eg, section) [Operations]:
Common Name (eg, YOUR name) [*.blah.com]:
Email Address [domain.administrator@blah.com]: