jalyn.com Non nobis Domine, non nobis, sed nomine tuo, da gloriam

Domains, DialUp, Hosting, Design, Services, Administration
Good Evening 		Send Link  
Print Page  
  Home   Reminders   Domains   Shopping   Postcards   Toolbox   Contact   Policies   
 


The first step is to generate a Private Key. For that, feed a file of random text (randfile) to the key generation routine provided with the SSLeay libary.

To generate a key, type:

openssl genrsa -rand randfile -out key.pem 1024

This command sequence will generate a 1024-bit RSA private key and store it in the file key.pem. This key file should be copied to the config directory of the Sambar Server. The key should look like: 

-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
-----END RSA PRIVATE KEY-----

Obtaining a certificate (Digital ID)

Next you must generate a Certificate Signing Request (CSR). The CSR is what contains the name information for the certificate (Country, State/Province, City, Organization, Division, Web Server Domain Name, etc). It also contains your public key.

The formats of certificate and CSR used by the Sambar Server are the same as those used by Apache-SSL (both servers use SSLeay for their SSL implementations). CSR should be sent for verification to Certificate Authority (CA).

To generate your CSR, run:

openssl req -new -key key.pem -out req.pem -config ..\config\openssl.cnf

This command sequence will prompt you for the attributes of your certificate. Remember to give the secure server domain name when you would be prompted for "Common Name".

The request should look like: 

-----BEGIN CERTIFICATE REQUEST-----
MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
-----END CERTIFICATE REQUEST-----

You will now have a private key file (key.pem) and a CSR file (req.pem). Finally, send the req.pem file to the Certificate Authority.

Upon reception of a signed certificate from CA, name the certification cert.pem and place it in the config directory along with the key.pem file.

The certificate should look like: 

-----BEGIN CERTIFICATE-----                                     
MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==                
-----END CERTIFICATE-----

Top of Page
  © 1992-2009 jalyn trust int'l, et.al.