Changes

From SME Server
Jump to navigationJump to search

Custom CA Certificate (view source)

Revision as of 11:17, 12 December 2013

1,001 bytes added ,  11:17, 12 December 2013
m
add some info/formatting
Line 1: Line 1: −
Extracted from: http://forums.contribs.org/index.php?topic=34624.0
+
== Introduction ==
 +
From [http://en.wikipedia.org/wiki/CAcert.org wikipedia]
   −
Author: slords
     −
updated: unnilennium (http://bugs.contribs.org/show_bug.cgi?id=1370)
+
<nowiki>
 +
CAcert.org is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates). CAcert has over 200,000 verified users and has issued nearly 800,000 certificates as of January 2012. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet. Any application that supports the Secure Socket Layer (SSL) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.
 +
</nowiki>
 +
 
 +
== Prerequisites ==
 +
* An account on cacert.org
 +
** Your domain(s) registered on your CAcert.org account
 +
 
    
== creating .csr and .key files ==
 
== creating .csr and .key files ==
Line 11: Line 18:  
  cd ~/cacert  
 
  cd ~/cacert  
   −
Make a file named <b>cacert_csr_request</b>
+
* Create a file named cacert_csr_request
 +
 
 +
nano -w cacert_csr_request
    
  #!/usr/bin/perl
 
  #!/usr/bin/perl
Line 115: Line 124:     
== obtain .crt file from cacert==
 
== obtain .crt file from cacert==
*Paste the output into the cacert.org website and get your certificate
+
*Log into you account on the cacert.org and Add your FQDN under domains
 +
*and paste the output of the belowcommand under new server certificate
 
  cat {domain}.csr
 
  cat {domain}.csr
   Line 139: Line 149:  
  signal-event reboot
 
  signal-event reboot
   −
or alternatively, this should works:
+
or if you do not want to reboot your server:
 
  signal-event domain-modify
 
  signal-event domain-modify
 
  signal-event email-update
 
  signal-event email-update
    
Once you have created/installed this certificate then if the client has the cacert.org root certificate installed then they should be able to go to any domain on your box and not get a warning.
 
Once you have created/installed this certificate then if the client has the cacert.org root certificate installed then they should be able to go to any domain on your box and not get a warning.
 +
 +
== References ==
 +
* Extracted from: http://forums.contribs.org/index.php?topic=34624.0 (slords)
 +
* http://bugs.contribs.org/show_bug.cgi?id=1370 (unnilennium)
    
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration:Certificates]]
 
[[Category:Administration:Certificates]]
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/22686"

Navigation menu