ssl

Tod Hansmann tod at todandlorna.com
Tue Mar 16 11:38:08 MDT 2010



On 3/16/2010 11:13 AM, Merrill Oveson wrote:
> pluggers:
>
> I'm new to ssl.
>
> Here's my situation....
>
> We're using godaddy.com
>
> I need to renew my csr file with them, apparently it's not 2048 bit encryted.
>
> I've located three files on my linux box (running apache)
> e.g.
>
> www.x.com.crt
> www.x.com.csr
> www.x.com.key
>
> After poking around, I learned how to generate both the key and csr
> file.  I can tell godaddy the contents of the csr file.
>
> Now how do I get a new crt file.  I do need a new one, correct?
> I called tech support @ godaddy but the guy was clueless.
>
> Thanks in advance.
>
> Merrill
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
>    

You generate the key first, and that's where you specify how many bits 
it is, so specify 2048 in that step.  It's ok if you have to generate a 
new key for this as long as you configure your HTTP server to use the 
correct key.

Next you generate the CSR (as you seem to already have done) off of the 
key.  If you haven't done this on a 2048 bit key, you will have to redo 
this.

Last, you give the CSR, and only the CSR, to godaddy.  They get back to 
you in a few hours (could be a day) with the crt and their crt.  With 
godaddy you will have to include their intermediate crt for browser 
support not yelling about an untrusted crt.  Godaddy specifically has 
instructions for many popular web servers on how to use the crts and 
whatnot.

-Tod Hansmann


More information about the PLUG mailing list