 |
 |
 |
Building Apache |  |
 |
|
|
|
Building Apache | |
|
Now that a private key for the server has been saved, the next step is to generate a certificate request that one may send to any Certificate Authority, or CA. If there is no need for a CA to sign the certificate, please read the next section on Generating a Self-Signed certificate.
One will be asked a series of questions which contribute to the X.509 attributes of the certificate.
# openssl req -new -key server.key -x509 -days 365 -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. --Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Illinois Locality Name (eg, city) []:Chicago Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company Organizational Unit Name (eg, section) []:IT Department Common Name (eg, YOUR name) []:www.servername.com Email Address []:admin@servername.com ---
It is absolutely essential that one specifies the domain name that the certificate is being created for under Common Name (eg. YOUR name) (for example, www.servername.com).
The challenge password need not be entered - this is entirely optional.
Once completed, the file which has been created, server.csr should be sent to any Certificate Authority. Their websites will provide the details on how to do so.
The CA will then send you a file back, which should be saved as server.crt. It takes an average of a week or two for the CA to complete their process. In the meantime, one can generate a self-signed certificate for testing. Do not lose the file that the CA returns! Keep all keys on safe media.
|
|
|
Building Apache | |
|