ssl

Ryan Byrd ryanbyrd at gmail.com
Tue Mar 16 11:44:00 MDT 2010


in your apache virtualhost container in your conf file, you specify the
paths to your key and crt and intermediate crt files. apache doesn't care
about your csr file.

On Tue, Mar 16, 2010 at 11:37 AM, Merrill Oveson <moveson at gmail.com> wrote:

> OK, thanks a million!
>
> Just a couple of other questions...
>
> Is there anything magic about where the key, csr and crt files are stored?
> Does the website look for these files on my server (if so how or
> where), or does it rely on godaddy.com?
>
>
> On Tue, Mar 16, 2010 at 11:29 AM, Stuart Jansen <sjansen at buscaluz.org>
> wrote:
> > On Tue, 2010-03-16 at 11:13 -0600, Merrill Oveson wrote:
> >> After poking around, I learned how to generate both the key and csr
> >> file.  I can tell godaddy the contents of the csr file.
> >>
> >> Now how do I get a new crt file.  I do need a new one, correct?
> >> I called tech support @ godaddy but the guy was clueless.
> >
> > key = private key (keep it secret, keep it safe)
> > csr = certificate signing request
> > crt = certificate
> >
> > SSL/TLS is based on public/private key pairs. A certificate is basically
> > a fancy public key. When you send godaddy a csr file, you're basically
> > sending them a copy of your public key plus metadata like the server's
> > fully qualified domain name (FQDN) and your company's contact
> > information.
> >
> > The certificate authority (CA, godaddy) is responsible for verifying
> > this metadata. Some companies are more thorough than others. At the high
> > end they may require documents to be faxed, call back numbers to be
> > called, etc. At the low end, they may merely require proof that you have
> > control of a specific email address.
> >
> > Once the CA is satisfied they sign your csr, thereby turning it into a
> > certificate. They'll then email you your certificate, or provide you a
> > URL to download it, or some such.
> >
> > There are multiple certificate file formats. I haven't ever worked with
> > godaddy, but they I expect they'll provide the certificate in the exact
> > format required for a crt file. If not, it isn't hard to convert
> > formats.
> >
> > Note that it is safe for this entire process to take place over an
> > insecure channel like email. The certificate is not sensitive. Only the
> > private key is sensitive. Your private key should never leave your
> > server or be readable by regular users.
> >
> > --
> > "XML is like violence: if it doesn't solve your problem, you aren't
> > using enough of it." - Chris Maden
> >
> >
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> >
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list