ssl

Stuart Jansen sjansen at buscaluz.org
Tue Mar 16 11:29:21 MDT 2010


On Tue, 2010-03-16 at 11:13 -0600, Merrill Oveson wrote:
> After poking around, I learned how to generate both the key and csr
> file.  I can tell godaddy the contents of the csr file.
> 
> Now how do I get a new crt file.  I do need a new one, correct?
> I called tech support @ godaddy but the guy was clueless.

key = private key (keep it secret, keep it safe)
csr = certificate signing request
crt = certificate

SSL/TLS is based on public/private key pairs. A certificate is basically
a fancy public key. When you send godaddy a csr file, you're basically
sending them a copy of your public key plus metadata like the server's
fully qualified domain name (FQDN) and your company's contact
information.

The certificate authority (CA, godaddy) is responsible for verifying
this metadata. Some companies are more thorough than others. At the high
end they may require documents to be faxed, call back numbers to be
called, etc. At the low end, they may merely require proof that you have
control of a specific email address.

Once the CA is satisfied they sign your csr, thereby turning it into a
certificate. They'll then email you your certificate, or provide you a
URL to download it, or some such.

There are multiple certificate file formats. I haven't ever worked with
godaddy, but they I expect they'll provide the certificate in the exact
format required for a crt file. If not, it isn't hard to convert
formats.

Note that it is safe for this entire process to take place over an
insecure channel like email. The certificate is not sensitive. Only the
private key is sensitive. Your private key should never leave your
server or be readable by regular users.

-- 
"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden



More information about the PLUG mailing list