Ярлыки

Memories ( 25 ) Unix ( 14 ) FreeBSD ( 8 ) www ( 4 ) Scripts ( 3 ) GEOM ( 2 ) PART ( 2 ) smtp ( 2 ) Cacti ( 1 ) Jabber ( 1 ) KVM ( 1 ) Kohana ( 1 ) RAID ( 1 ) Sip ( 1 ) Ubuntu ( 1 ) Zyxel ( 1 ) nginx ( 1 ) php-fpm ( 1 ) portwfd ( 1 ) rewrite ( 1 ) security ( 1 )

Поиск по этому блогу

четверг, 18 ноября 2010 г.

Generate a Certificate Signing Request (CSR) for Apache + Mod SSL + OpenSSL

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to RapidSSL.com in order to be generated into a SSL Security Certificate.



OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.
1. Install OpenSSL, if not found on your server.
2. Create a RSA key for your Apache server:
cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)
NOTE: If you have a different path, cd to your server’s private key directory...
3. Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver. Warning: If you lose or forget the passphrase, you must purchase another certificate.
openssl genrsa -des3 -out domainname.key 1024
You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:
openssl genrsa -out domainname.key 1024
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key
4. Type the following command to create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key domainname.key -out domainname.csr
* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.

5. When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&


DN Field

Explanation

Example

Common NameThe fully qualified domain name for your web server. This must be an exact match.If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com.
OrganizationThe exact legal name of your organization. Do not abbreviate your organization name.RapidSSL.com
Organization UnitSection of the organizationMarketing
City or LocalityThe city where your organization is legally located.Wellesley Hills
State or ProvinceThe state or province where your organization is legally located. Can not be abbreviated.Massachusetts
CountryThe two-letter ISO abbreviation for your country.US



6. Do not enter extra attributes at the prompt. Warning: Leave the challenge password blank (press enter)
Note: If you would like to verify the contents of the CSR, use the following command:

openssl req -noout -text -in domainname.csr

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO13985
http://slacksite.com/apache/certificate.php

Комментариев нет :

Отправить комментарий