Changes between Version 14 and Version 15 of faq/security/get-certificate
- Timestamp:
- Apr 9, 2014, 8:51:38 AM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
faq/security/get-certificate
v14 v15 1 1 [[TranslatedPages]] 2 2 [[PageOutline]] 3 4 Please note: the [http://heartbleed.org heart bleed vulnerability] discovered April 7, 2014 affects May First/People Link members. We encourage all members who generated a key and obtained an x509 certificate prior to this date to generate a new key and obtain a new certificate. If you need assistance generating a new key, please submit a [/newticket ticket] and include the domain name of the web site that you are running. 3 5 4 6 = How do I get a x509 (aka SSL) Certificate for my Web site? = … … 15 17 * The certificate signing request is the non-confidential file generated based on your private key that you submit to a certificate authority 16 18 17 Then, you will need to submit your certificate signing request to a certificate authority, such as [http ://cheapssls.com CheapSSLs] or [http://cacert.org cacert]. RapidSSL costs $79 per certificateand can generate a certificate for you that will be accepted by nearly all browsers on the planet. cacert will generate a certificate for free but users will need to import the cacert root certificate or they will get errors. We have a [ticket:1706 raging debate] about which approach is the best to take.19 Then, you will need to submit your certificate signing request to a certificate authority, such as [https://www.ssls.com SSLs.com] or [http://cacert.org cacert]. SSLs.com costs as little as $4.99 per certificate per year and can generate a certificate for you that will be accepted by nearly all browsers on the planet. cacert will generate a certificate for free but users will need to import the cacert root certificate or they will get errors. We have a [ticket:1706 raging debate] about which approach is the best to take. 18 20 19 21 In these examples domain.csr and domain.key are the file names provided. These filenames are arbitrary and can be anything you want (for example, I would recommend replacing domain with your actual domain, e.g. mayfirst.org.key and mayfirst.org.csr, so it is easier to keep track of the domains for which they are being generated. 20 22 21 === Generating a key and signing request for the first time ===23 === Generating a key and signing request for the first time or to replace a vulnerable key=== 22 24 23 25 To generate a private key and a certificate signing request, [wiki:secure_shell ssh] into your primary host and run: … … 83 85 == Next steps == 84 86 85 This file and your domain.key file can be used to [wiki:faq/security/setup-certificate setup your web site to use a security certificate ].87 This file and your domain.key file can be used to [wiki:faq/security/setup-certificate setup your web site to use a security certificate or replace an existing one].