FITZPATRICK,THOM (Non-HP-Roseville,ex1) wrote:
>
>
> VeriSign sez to use a command called "getca" with my new certificate as an
> argument. This assumes you're using SSLeay, which I'm not, I'm using
> OpenSSL.
>
I think 'getca' is part of a commerical package. It certainly wasn't
part of SSLeay.
>
> How do I get this damn cert installed? Is there any reference out there on
> the whole SSL sturcture and implementation? I don't want the math, or white
> papers on how cool RSA is; I need somehting that sez "this is how it works,
> and these are the pieces you need to get it going on your machine"
>
You're probably best asking on the mod_ssl mailing list. Basically you
copy your private key and certificate to a directory and point various
directives at them in the mod_ssl config file.
You might need to convert the certificate you got from verisign into a
format OpenSSL will tolerate. Verisign sends them in various forms so
without seeing what they sent I can't comment on exactly which options
to use to convert it. If you send me the certificate in private mail
I'll have a look. There's no security risk in sending me your
certificate because I don't have the corresponding private key.
You might also need to include one or more CA certificates if Verisign
hasn't included them. Some of these are in OpenSSL and others can be
extacted from browsers. IE5 is rather good for this, you can export them
directly to a file.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
