Hello,
Here is a README I typed up to help me remember what to do:
Once a client has generated a key file on their desktop PC
they should up load it to the server by http://domain.com.
The key file can be generated by running:
openssl genrsa -out filename.key 1024
The file will be called host.domain.com.key ... then the server admin
will run:
openssl req -new -key host.domain.com.key -out host.domain.com.csr -config
openssl.cnf
This will produce a certificate request, now we must sign the request. First it
is important to remember that the openssl.cnf file is a template. It must be
changed for each person or you can run the script "./sign". (Example ./sign
host.domain.com.key)
openssl.cnf
--snip--
RANDFILE = $ENV::HOME/.rnd
[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
[ req_distinguished_name ]
C = CA
ST = Alberta
L = Calgary
O = Domain Corp
OU = Domain MIS ACCESS
CN = host.domain.com
emailAddress = netops@domain.com
[ req_attributes ]
--snip--
You should look into configuring your own cnf file, as mine is missing some
settings. As I do not want them.
Michael.
On Thu, 18 Mar 2004 14:12:18 +0100 (CET)
Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Thu, 18 Mar 2004, Rakesh Kumar wrote:
>
> > Now I need to load a certificate signed by authorized people like Thawte. My
> > question which file (private.pem or cert.pem) to be sent to them. On their
> > site they talk about file with CSR extension. How can I generate CSR format
> > file from PEM format. Also will CSR format be loaded on Squid proxy???/
>
> A CSR is a certificate request, generated by the openssl req command.
>
> Thawte has a very good guide on how to request OpenSSL certificates. Look
> for their Apache mod_ssl documentation.
>
> Regards
> Henrik
>
>
>
>
>
-- Michael Gale Network Administrator Utilitran CorporationReceived on Thu Mar 18 2004 - 10:02:28 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST