Changes

From SME Server
Jump to navigationJump to search
no edit summary
Line 9: Line 9:  
I suggest  a file manager like Winscp (http://winscp.net/eng/index.php)  to make file functions easier. I also suggest putty for your terminal client.
 
I suggest  a file manager like Winscp (http://winscp.net/eng/index.php)  to make file functions easier. I also suggest putty for your terminal client.
   −
1.  Preparation
+
* Preparation
   −
·  Start Winscp and create a session with your SME.
+
:*Start Winscp and create a session with your SME.
   −
·  Use root and your password to log in with Winscp
+
:*Use root and your password to log in with Winscp
   −
·  You will see that you are now in the root directory
+
:*You will see that you are now in the root directory
   −
·  Create a new directory called cacert
+
:*Create a new directory called cacert
   −
2.  Start a terminal session with putty and log in as root
+
* Start a terminal session with putty and log in as root
   −
3.  Change to the cacert directory we created above
+
* Change to the cacert directory we created above
   −
4.  First you have to know the Fully Qualified Domain Name (FQDN) of the website for which you want to request a certificate. When you want to access your website  
+
* First you have to know the Fully Qualified Domain Name (FQDN) of the website for which you want to request a certificate. When you want to access your website through https://www.yourdomain-example.com then the FQDN of your website is www.yourdomain-example.com;
   −
through https://www.yourdomain-example.com then the FQDN of your website is  www.yourdomain-example.com; therefore, your common name will be  www.yourdomain-example.com.
+
therefore, your common name will be  www.yourdomain-example.com.
   −
5.  Generate the Key with the following command: openssl genrsa -des3 -out www.yourdomain-example.com.key 2048 This command will generate a 2048 bit RSA Private Key
+
* Generate the Key with the following command:
 +
openssl genrsa -des3 -out www.yourdomain-example.com.key 2048  
   −
and stores it in the file www.yourdomain-example.com.key  in the current directory which is cacert.
+
This command will generate a 2048 bit RSA Private Key and stores it in the file www.yourdomain-example.com.key  in the current directory which is cacert.
   −
6.  It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key  
+
* It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key  
   −
with a pass phrase (only if you absolutely trust that server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave  
+
with a pass phrase (only if you absolutely trust that server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above. Generate the CSR with the following command:
 +
openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr 
   −
out the -des3 option above. Generate the CSR with the following command: openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr  This
+
This command will prompt you for the X.509 attributes of your certificate. Remember to give the name www.yourdomain-example.com when prompted for 'Common Name (eg, www.yourdomain-example.com)'. Do not enter your personal name here. We are requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website (a requirement of the browsers).
   −
command will prompt you for the X.509 attributes of your certificate. Remember to give the name www.yourdomain-example.com when prompted for 'Common Name (eg,
+
* You will now have a RSA Private Key in www.yourdomain-example.com.key and a Certificate Signing Request in  www.yourdomain-example.com.csr. Both of which are in the current directory which is cacert.
   −
www.yourdomain-example.com)'. Do not enter your personal name here. We are requesting a certificate for a webserver, so the Common Name has to match the FQDN of your
+
* Go back to your winscp session and refresh. You will now see the new files we have created.
   −
website (a requirement of the browsers).
+
* Choose to edit the www.yourdomain-example.com.csr  and do a copy of the contents to your clipboard.
   −
7.  You will now have a RSA Private Key in www.yourdomain-example.com.key and a Certificate Signing Request in  www.yourdomain-example.com.csr. Both of which are in
+
* Go to the Thawte Website and choose the type of certificate you need (a simple ssl123 is good enough for most uses)
   −
the current directory which is cacert.
+
* Follow their instructions and when you get to the prompt for your csr information, Paste the contents of the clipboard contents from step nine
   −
8.  Go back to your winscp session and refresh. You will now see the new files we have created.
+
* Continue on until finished and Thawte will e-mail your certificate file.
   −
9.  Choose to edit the www.yourdomain-example.com.csr  and do a copy of the contents to your clipboard.
+
* While you are on their site you will need to download a ca bundle file pack form this location
 +
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1372
   −
10.   Go to the Thawte Website and choose the type of certificate you need (a simple ssl123 is good enough for most uses)
+
* Look for this heading, Apache, Plesk & Cpanel, and right click and save choice #1. (remember where you saved it)
   −
11.  Follow their instructions and when you get to the prompt for your csr information, Paste the contents of the clipboard contents from step nine
+
* Change the name of the above file to www.yourdomain-example.com.pem
   −
12.  Continue on until finished and Thawte will e-mail your certificate file.
+
* Use Winscp and copy the above file to the cacert directory. Refresh the view and you should now have three files:
   −
13.   While you are on their site you will need to download a ca bundle file pack form this location https://search.thawte.com/support/ssl-digital-certificates
+
:*www.yourdomain-example.com.pem 
 +
:*www.yourdomain-example.com.csr           
 +
:*www.yourdomain-example.com.key.
   −
/index?page=content&actp=CROSSLINK&id=AR1372
+
* After receiving you certificate file from Thawte you will use Winscp to go the cacert directory and create a new file called www.yourdomain-example.com.crt
   −
14.  Look for this heading, Apache, Plesk & Cpanel, and right click and save choice #1. (remember where you saved it)
+
* Edit the file and paste the contents from the crt file you received from Thawte and save it. This should now make 4 files in the cacert directory.
   −
15.  Change the name of the above file to www.yourdomain-example.com.pem
+
* Copy the file www.yourdomain-example.com.key  to /home/e-smith/ssl.key directory on the SME server.
   −
16.  Use Winscp and copy the above file to the cacert directory. Refresh the view and you should now have three files: 1. www.yourdomain-example.com.pem 2.  
+
* Copy the file www.yourdomain-example.com.pem to /home/e-smith/ssl.pem directory on the SME server.
   −
www.yourdomain-example.com.csr            3. www.yourdomain-example.com.key.
+
* Copy the file www.yourdomain-example.com.crt to /home/e-smith/ssl.crt directory on the SME server
   −
17.  After receiving you certificate file from Thawte you will use Winscp to go the cacert directory and create a new file called www.yourdomain-example.com.crt
+
* Enter this command from the command line using putty:
 +
config setprop modSSL crt /home/e-smith/ssl.crt/www.yourdomain-example.com.crt
   −
18.  Edit the file and paste the contents from the crt file you received from Thawte and save it. This should now make 4 files in the cacert directory.
+
* Enter this command from the command line using putty:
 +
config setprop modSSL key /home/e-smith/ssl.key/www.yourdomain-example.com.key
   −
19.  Copy the file www.yourdomain-example.com.key to /home/e-smith/ssl.key directory on the SME server.
+
* Enter this command from the command line using putty:
 +
  config setprop modSSL CertificateChainFile /home/e-smith/ssl.pem/www.yourdomain-example.com.pem
   −
20.  Copy the file www.yourdomain-example.com.pem to /home/e-smith/ssl.pem directory on the SME server.
+
* Enter this command from the command line using putty:
 +
signal-event post-upgrade
   −
21.  Copy the file www.yourdomain-example.com.crt to /home/e-smith/ssl.crt directory on the SME server
+
* Enter this command from the command line using putty:
 +
signal-event reboot
   −
22.  Enter this command from the command line using putty:  config setprop modSSL crt /home/e-smith/ssl.crt/www.yourdomain-example.com.crt
+
* This step may not be necessary but it worked for me. After rebooting log in and choose the  reconfigure option and let it reboot one more time.
 
  −
23.  Enter this command from the command line using putty: config setprop modSSL key /home/e-smith/ssl.key/www.yourdomain-example.com.key
  −
 
  −
24.  Enter this command from the command line using putty:  config setprop modSSL CertificateChainFile /home/e-smith/ssl.pem/www.yourdomain-example.com.pem
  −
 
  −
25.  Enter this command from the command line using putty: signal-event post-upgrade
  −
 
  −
26.  Enter this command from the command line using putty: signal-event reboot
  −
 
  −
27.  This step may not be necessary but it worked for me. After rebooting log in and choose the  reconfigure option and let it reboot one more time.
      
[[Category: Howto]]
 
[[Category: Howto]]
 
[[Category: Administration:Certificates]]
 
[[Category: Administration:Certificates]]
 
----
 
----

Navigation menu