Difference between revisions of "Certificate Integration startssl.com Server Certificate/de"
Perelandra (talk | contribs) |
Perelandra (talk | contribs) m (Überschriften übersetzt) |
||
Line 3: | Line 3: | ||
{{Note box|Übersetzung derzeit in Arbeit!}} | {{Note box|Übersetzung derzeit in Arbeit!}} | ||
− | === | + | === Einleitung === |
This document describes how to integrate a free SSL-Server Certificate from [http://www.startssl.com www.startssl.com]. The purpose is the use of your SME-Webserver with modern webbrowsers and mail (and/or groupware) clients which normally do complain about the self signed certificates from a standard SME-Server installation. Certificates from Startcom (or Startssl) are widely accepted by most webclients. | This document describes how to integrate a free SSL-Server Certificate from [http://www.startssl.com www.startssl.com]. The purpose is the use of your SME-Webserver with modern webbrowsers and mail (and/or groupware) clients which normally do complain about the self signed certificates from a standard SME-Server installation. Certificates from Startcom (or Startssl) are widely accepted by most webclients. | ||
− | === | + | === Vorbereitung === |
Go to [http://www.startssl.com www.startssl.com], and sign up under [https://www.startssl.com/?app=11&action=regform https://www.startssl.com/?app=11&action=regform] to get a free account and to install a SingleSignOn-Certificate in your browser (btw: with this certificate you are also ready to sign your emails for one or more email addresses with S/MIME) to authenticate against their configuration panel @ https://auth.startssl.com/. Validate your account as described in the signup process, and then you're ready to get your SSL Server Certificate for your SME-Server. | Go to [http://www.startssl.com www.startssl.com], and sign up under [https://www.startssl.com/?app=11&action=regform https://www.startssl.com/?app=11&action=regform] to get a free account and to install a SingleSignOn-Certificate in your browser (btw: with this certificate you are also ready to sign your emails for one or more email addresses with S/MIME) to authenticate against their configuration panel @ https://auth.startssl.com/. Validate your account as described in the signup process, and then you're ready to get your SSL Server Certificate for your SME-Server. | ||
{{Note box|You won't be able to access the login page with the configuration pannel until you sign up '''AND''' install the first certificate in your browser!}} | {{Note box|You won't be able to access the login page with the configuration pannel until you sign up '''AND''' install the first certificate in your browser!}} | ||
− | === | + | === Schlüsselerstellung === |
Assumed you gave your server a FQDN like "''mysmeserver.com''" and chose to call your server "''www''" then you will first set up your new SSL-Certificate in the Startcom panel with your FQDN and in one of the following steps add the server name. Your certificate will then be assigned for | Assumed you gave your server a FQDN like "''mysmeserver.com''" and chose to call your server "''www''" then you will first set up your new SSL-Certificate in the Startcom panel with your FQDN and in one of the following steps add the server name. Your certificate will then be assigned for | ||
Line 19: | Line 19: | ||
The confirmation email from Startcom will be sent to the user "postmaster", "hostmaster" oder "webmaster"@ your server to be validated by the server admin. To receive this mail be sure to either login at webmail with your admin account or to create a pseudonym for on of these users which will be forwarded to your mainly used account. | The confirmation email from Startcom will be sent to the user "postmaster", "hostmaster" oder "webmaster"@ your server to be validated by the server admin. To receive this mail be sure to either login at webmail with your admin account or to create a pseudonym for on of these users which will be forwarded to your mainly used account. | ||
− | === | + | === Nötige Modifikationen === |
Follow the process in the Startcom panel till the end and until you're ready to directly copy&paste the certificate into a locally created ASCII text file wich you may call ''ssl.key''. Do the same with your ''ssl.crt''. Also make sure, you downloaded the two CertificateChainFile(s) and save them to your desktop: | Follow the process in the Startcom panel till the end and until you're ready to directly copy&paste the certificate into a locally created ASCII text file wich you may call ''ssl.key''. Do the same with your ''ssl.crt''. Also make sure, you downloaded the two CertificateChainFile(s) and save them to your desktop: | ||
Line 54: | Line 54: | ||
signal-event post-upgrade; signal-event reboot | signal-event post-upgrade; signal-event reboot | ||
− | ''' | + | '''Fertig!''' |
Latest revision as of 12:37, 3 January 2011
Einleitung
This document describes how to integrate a free SSL-Server Certificate from www.startssl.com. The purpose is the use of your SME-Webserver with modern webbrowsers and mail (and/or groupware) clients which normally do complain about the self signed certificates from a standard SME-Server installation. Certificates from Startcom (or Startssl) are widely accepted by most webclients.
Vorbereitung
Go to www.startssl.com, and sign up under https://www.startssl.com/?app=11&action=regform to get a free account and to install a SingleSignOn-Certificate in your browser (btw: with this certificate you are also ready to sign your emails for one or more email addresses with S/MIME) to authenticate against their configuration panel @ https://auth.startssl.com/. Validate your account as described in the signup process, and then you're ready to get your SSL Server Certificate for your SME-Server.
Schlüsselerstellung
Assumed you gave your server a FQDN like "mysmeserver.com" and chose to call your server "www" then you will first set up your new SSL-Certificate in the Startcom panel with your FQDN and in one of the following steps add the server name. Your certificate will then be assigned for
- mysmeserver.com
- www.mysmeserver.com
The confirmation email from Startcom will be sent to the user "postmaster", "hostmaster" oder "webmaster"@ your server to be validated by the server admin. To receive this mail be sure to either login at webmail with your admin account or to create a pseudonym for on of these users which will be forwarded to your mainly used account.
Nötige Modifikationen
Follow the process in the Startcom panel till the end and until you're ready to directly copy&paste the certificate into a locally created ASCII text file wich you may call ssl.key. Do the same with your ssl.crt. Also make sure, you downloaded the two CertificateChainFile(s) and save them to your desktop:
These two pem-files need to be merged into on single file which you may call bundle.pem: first, paste the content of sub.class1.server.ca.pem and below it, paste the conent of ca.pem Save the file to your desktop and upload the three files via sftp to your server in a directory (e.g. startssl) in /home/e-smith:
- ssl.key
- ssl.crt
- bundle.pem
Your key is secured with a password which needs to be deleted before the key is integrated into the server db.
This done by a simple command inside the directory (e.g. startssl) where you stored the three files:
openssl rsa -in ssl.key -out www.mysmeserver.com.key
Type in your password, hit Enter and you're almost done.
Finally, rename the remaining files:
- ssl.crt --> www.mysmeserver.com.crt
- bundle.pem --> www.mysmeserver.com.pem
Integration
In the terminal type in (as root)
config setprop modSSL crt /home/e-smith/startssl/www.mysmeserver.com.crt config setprop modSSL key /home/e-smith/startssl/www.mysmeserver.com.key config setprop modSSL CertificateChainFile /home/e-smith/startssl/www.mysmeserver.com.pem signal-event console-save signal-event post-upgrade; signal-event reboot
Fertig!