ssl

William Attwood wattwood at gmail.com
Tue Mar 16 11:46:02 MDT 2010


Merrill--

   What system are you installing these on? If it's Linux and Apache, you'll
need to reference the files in the following way in your <VirtualHost
xxx.xxx.xxx.xxx:443> directive:

        SSLEngine On
        SSLCertificateFile /etc/httpd/ssl/domain.com.crt
        SSLCertificateKeyFile /etc/httpd/ssl/server.key
        SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt

On Tue, Mar 16, 2010 at 11:37 AM, Merrill Oveson <moveson at gmail.com> wrote:

> OK, thanks a million!
>
> Just a couple of other questions...
>
> Is there anything magic about where the key, csr and crt files are stored?
> Does the website look for these files on my server (if so how or
> where), or does it rely on godaddy.com?
>
>
> On Tue, Mar 16, 2010 at 11:29 AM, Stuart Jansen <sjansen at buscaluz.org>
> wrote:
> > On Tue, 2010-03-16 at 11:13 -0600, Merrill Oveson wrote:
> >> After poking around, I learned how to generate both the key and csr
> >> file.  I can tell godaddy the contents of the csr file.
> >>
> >> Now how do I get a new crt file.  I do need a new one, correct?
> >> I called tech support @ godaddy but the guy was clueless.
> >
> > key = private key (keep it secret, keep it safe)
> > csr = certificate signing request
> > crt = certificate
> >
> > SSL/TLS is based on public/private key pairs. A certificate is basically
> > a fancy public key. When you send godaddy a csr file, you're basically
> > sending them a copy of your public key plus metadata like the server's
> > fully qualified domain name (FQDN) and your company's contact
> > information.
> >
> > The certificate authority (CA, godaddy) is responsible for verifying
> > this metadata. Some companies are more thorough than others. At the high
> > end they may require documents to be faxed, call back numbers to be
> > called, etc. At the low end, they may merely require proof that you have
> > control of a specific email address.
> >
> > Once the CA is satisfied they sign your csr, thereby turning it into a
> > certificate. They'll then email you your certificate, or provide you a
> > URL to download it, or some such.
> >
> > There are multiple certificate file formats. I haven't ever worked with
> > godaddy, but they I expect they'll provide the certificate in the exact
> > format required for a crt file. If not, it isn't hard to convert
> > formats.
> >
> > Note that it is safe for this entire process to take place over an
> > insecure channel like email. The certificate is not sensitive. Only the
> > private key is sensitive. Your private key should never leave your
> > server or be readable by regular users.
> >
> > --
> > "XML is like violence: if it doesn't solve your problem, you aren't
> > using enough of it." - Chris Maden
> >
> >
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> >
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>



-- 
Take care,
William Attwood
Idea Extraordinaire
wattwood at gmail.com


More information about the PLUG mailing list