Hi! Even if I'm not the OP, this is a good guide... Cool.
On Sat, Jun 14, 2008 at 10:42:37AM -0700, Dustin Lundquist wrote: >[...] >The process of setting up signed cert is as follows: >1. Generate your private key and secure file permissions (you want to do >this in a secure fashion, i.e. on the box directly as a root or a >private user). Guard this file: if it is compromised the security SSL >provides is compromised.: >openssl genrsa -out secure.example.com.key 4096 >chmod 400 secure.example.com.key Before all that: umask 077, so there'll be no window of time when the key will be group/world readable. >[...] >3. Send the CSR (you can open the file and copy and paste the contents >into an email, or the certificate authority's website) to the >certificate authority along with what ever other documentation they >require (there job is to verify you are who you are requesting a >certificate for before signing the key, they usally require some proof >of domain ownership and everything else you entered in step 2). >4. You will then receive your signed certificate, you can either keep >the certificate in a separate file from your private key, or cat them >together to make a .pem file: cat secure.example.com.key >secure.example.com.cert > secure.example.com.pem; chmod 400 >secure.example.com.pem >Configure apache to use your new cert and key: >SSLCertificateFile /etc/ssl/secure.example.com.cert >SSLCertificateKeyFile /etc/ssl/secure.example.com.key > - or - >SSLCertificateFile /etc/ssl/secure.example.com.key Again, before the cat, use umask 077, for the same reason. >Since apache is chrooted, have to restart it to read the new key and >certificate. >Dustin Lundquist Again, thanks for the cool explanations and step-by-step kind of guide. Will probably be helpful for more than the original poster. Kind regards, Hannah.
