aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
 Posted: Sun Dec 24, 2006 1:09 pm Post subject: Re: SSL Certificate |
 |
|
| dbonni wrote: | (Generate a CSR >>
The CSR is a string of text generated by your server software. You provide his string of text to VeriSign during the enrollment process. To generate a CSR, you will need to know what kind of server software is running on your Web server to choose the correct instructions.) |
If you are going to use STunnel with Abyss Web Server, the type of the server is not important (you can choose Apache or OpenSSL-based server).
The CSR is usually generated using external tools which do not come with web servers.
Here is the procedure to follow:
To buy an SSL certificate you must first generate a CSR (Certificate signing request).
Below are detailed steps to generate a CSR:
* Download OpenSSL from http://www.slproweb.com/download/Win32OpenSSL-v0.9.8b.exe and install it in C:\OpenSSL. OpenSSL will be used to generate the CSR.
* Open a Windows Command Line window (Start > Run, then type cmd and press Return)
* Type in the displayed Window the following command and press Return to execute it:
cd C:\OpenSSL\bin
* Type the following command and press Return to execute it (it will generate your private key in myhost.key):
openssl genrsa -out myhost.key 1024
* Type the following command and press Return to execute it:
openssl req -new -key myhost.key -out myhost.csr
* You will be prompted to enter the information about the requested certificate: please read carefully https://certificates.starfieldtech.com/CSRgeneration.go to know what to enter for each field. When openssl asks you to enter extra attributes (challenge password and optional company name), do not enter anything and simply press Return for each of these field. These are not used for Web certificates.
* Note that if you want to have people access your site using https://www.myhost.com, you'll need to enter www.myhost.com in the COMMON NAME field (also referred to as CN).
* After entering all the requested information, openssl will generate the CSR file myhost.csr which is what GoDaddy (or the certificate issuer) needs to generate your signed certificate (the file will be inside the directory C:\OpenSSL\bin). You may need to open this file with a text editor (such as Windows Notepad) and copy and paste its contents in GoDaddy's certificate enrollment form if it does not accept file uploading. Note that you can verify the information in the CSR by running the command:
openssl req -noout -text -in myhost.csr
* Backup and save the myhost.key file (IT IS THE MOST IMPORTANT FILE). Without it your certificate will not work and will be void. myhost.key will also be needed by STunnel when installing and using the signed certificate.
When you will receive the signed certificate from GoDaddy (or any certificate issuer), you'll have to assemble it with the key in a single file using a text editor as explained in http://www.aprelium.com/forum/viewtopic.php?p=48328#48328 and http://www.stunnel.org/faq/stunnel.html#certificates . If you have any problem with this step, please let us know and we'll assist you as usual.
Note that you can now uninstall OpenSSL now as you no more need it.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
