Overview
-------
For new SSL servers:
1. Generate new server key
2. Generate CSR
3. Have key signed
4. Install signed key
For existing SSL servers:
1. Generate CSR
2. Have key signed
3. Install signed key
Generate new server key
-----------------------
This creates a new 1024 bit server key named website.key:
# openssl genrsa -out website.key 1024
Generating RSA private key, 1024 bit long modulus
...........................................++++++
................................++++++
e is 65537 (0x10001)
Generate CSR
------------
This creates a certificate signing request (CSR) from a key called website.key
and puts the request in website.csr:
# openssl req -new -key website.key -out website.csr
Using configuration from /etc/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [Colorado]:Colorado
Locality Name (eg, city) [Denver]:Denver
Organization Name (eg, company) []:The Tech Diary
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:www.tech-diary.com
Email Address []:admin@tech-diary.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Have key signed
---------------
Send website.csr to a Certificate Authority (GeoTrust, Thawte, etc.) for
signing.
Install signed key
------------------
Your CA will return a signed key. Put this in website.crt.
