Creating a Certificate Signing Request

Previous page
Table of content
Next page

# ./usr/local/ssl/bin/openssl req -new -key www.example.com.key -out www.example.com.csr


To get a certificate issued by a CA, you must first submit what is called a certificate signing request. As explained earlier, the request contains data about the entity requesting the certificate and the public key. This command creates such a request. You will be prompted to provide several pieces of information, as shown in Listing 7.1.

Listing 7.1. Using openssl to Generate a Certificate Request

Using configuration from /usr/local/ssl/openssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) []: San Francisco Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:www.example.com Email Address []:administrator@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

It is important that the Common Name field entry matches the address that visitors to your website will type in their browsers. This is one of the checks that the browser will perform for the remote server certificate. If the names differ, a warning indicating the mismatch will be issued to the user.

You can now submit the certificate signing request file with a CA for processing. The exact process will vary for each entity. You can find an extensive list of CAs at http://www.pki-page.org/. Verisign, Thawte, GeoTrust, and Equifax are well-known commercial CAs. There are also a number of community CAs, such as http://www.cacert.org/.



Previous page
Table of content
Next page
Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254
Authors: Daniel Lopez, Jesus Blanco
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Image Processing with LabVIEW and IMAQ Vision
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
MySQL Clustering
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy