Changes between Version 14 and Version 15 of faq/security/get-certificate


Ignore:
Timestamp:
Apr 9, 2014, 8:51:38 AM (10 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/get-certificate

    v14 v15  
    11[[TranslatedPages]]
    22[[PageOutline]]
     3
     4Please note: the [http://heartbleed.org heart bleed vulnerability] discovered April 7, 2014 affects May First/People Link members. We encourage all members who generated a key and obtained an x509 certificate prior to this date to generate a new key and obtain a new certificate. If you need assistance generating a new key, please submit a [/newticket ticket] and include the domain name of the web site that you are running.
    35
    46= How do I get a x509 (aka SSL) Certificate for my Web site? =
     
    1517 * The certificate signing request is the non-confidential file generated based on your private key that you submit to a certificate authority
    1618
    17 Then, you will need to submit your certificate signing request to a certificate authority, such as [http://cheapssls.com CheapSSLs] or [http://cacert.org cacert]. RapidSSL costs $79 per certificate and can generate a certificate for you that will be accepted by nearly all browsers on the planet. cacert will generate a certificate for free but users will need to import the cacert root certificate or they will get errors. We have a [ticket:1706 raging debate] about which approach is the best to take.
     19Then, you will need to submit your certificate signing request to a certificate authority, such as [https://www.ssls.com SSLs.com] or [http://cacert.org cacert]. SSLs.com costs as little as $4.99 per certificate per year and can generate a certificate for you that will be accepted by nearly all browsers on the planet. cacert will generate a certificate for free but users will need to import the cacert root certificate or they will get errors. We have a [ticket:1706 raging debate] about which approach is the best to take.
    1820 
    1921In these examples domain.csr and domain.key are the file names provided. These filenames are arbitrary and can be anything you want (for example, I would recommend replacing domain with your actual domain, e.g. mayfirst.org.key and mayfirst.org.csr, so it is easier to keep track of the domains for which they are being generated.
    2022
    21 === Generating a key and signing request for the first time ===
     23=== Generating a key and signing request for the first time or to replace a vulnerable key===
    2224
    2325To generate a private key and a certificate signing request, [wiki:secure_shell ssh] into your primary host and run:
     
    8385== Next steps ==
    8486
    85 This file and your domain.key file can be used to [wiki:faq/security/setup-certificate setup your web site to use a security certificate].
     87This file and your domain.key file can be used to [wiki:faq/security/setup-certificate setup your web site to use a security certificate or replace an existing one].