Changes between Version 2 and Version 3 of faq/security/get-certificate


Ignore:
Timestamp:
Jul 11, 2010, 7:23:53 PM (15 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • faq/security/get-certificate

    v2 v3  
     1[[PageOutline]]
     2
    13= How do I get a Security Certificate for my Web site? =
    24
     
    46
    57The purpose of a security certificate is to provide proof to the world that your web site is indeed operated by you (and not an impostor). For more information about security certificates, please see our [wiki:what_is_an_ssl_certificate certificate faq].
     8
     9== Generating the key and signing request ==
    610
    711Before you can get a security certificate attesting that you are who you say you are, you will need to generate two files:
     
    2832You must type the exact domain name that will be used for your site (e.g. members.mayfirst.org).
    2933
    30 When the command has completed you should have two files: domain.csr (which can be submitted to the certificate authority) an domain.key which you should keep private.
     34When the command has completed you should have two files: a private key file that you should ''not'' share with anyone (domain.key) and a certificate signing request (domain.csr) that is based on your key that can be shared with anyone and should be provided to a certificate authority if you would like to get a certificate for your private key..
    3135
    32 The certificate authority will respond with a certificate file. This file and your domain.key file can be used to [wiki:setup_security_certificate setup your web site to use a security certificate].
     36== Getting a certificate file ==
     37
     38There are dozens of corporate certificate authorities that can take your certificate signing request and return a certificate that will only work with your private key. The cost is typically about $80 - $200. You only need to provide your contact information, your certificate signing request and a credit card to be charged. After a short verification period, they will return a certificate to you (also a text file).
     39
     40== Testing your certificate file ==
     41
     42If you want to test to ensure that your certificatre is valid and works with your key file, you can run this command:
     43
     44{{{
     45openssl s_server -cert domain.crt -key domain.key -www
     46}}}
     47
     48You should get something like this:
     49
     50{{{
     510 jamie@chicken:~$ openssl s_server -cert domain.crt -key domain.key
     52Using default temp DH parameters
     53Using default temp ECDH parameters
     54ACCEPT
     55^C
     56130 jamie@chicken:~$
     57}}}
     58
     59Hit ctl-c to cancel.
     60
     61If you are prompted for a password, then it means you created your key file with a password, which will cause problems if try to use it for your web site.
     62
     63
     64== Next steps ==
     65
     66This file and your domain.key file can be used to [wiki:setup_security_certificate setup your web site to use a security certificate].