5,576
edits
Changes
Jump to navigation
Jump to search
Line 10:
Line 10: + + + + + + + + + + + + + + + + +
→Description
see that [[Certificates_Concepts|wiki page]] for more informations on how to set it manually
see that [[Certificates_Concepts|wiki page]] for more informations on how to set it manually
On SME Server by default, all services that require an SSL certificate using the same self-signed and re-generate every year (valid for one year). It is often useful to replace it with another certificate. This contrib give easier the procedure, which is valid both for an official certificate (purchased from Verisign or equivalent), an independent authority as CAcert, or private authority (eg, managed by PHPki).
The first step is of course to obtain a certificate. If it signed by a private CA, you should generate it with a wildcard (ie which will be valid for all subdomains of the main domain). It should be given by a '''*.domain.tld''' as the common name.. Then we need to get this certificate and the associated private key in a PEM format.
If you want to buy a commercial ssl certificate, you may need to do a 'csr' (certificate request), this is how to do that. [http://wiki.gandi.net/en/ssl/csr Here an example with Gandi]
* Generating an RSA key:
openssl genrsa -out mondomaine.com-key.pem 2048
* Generate the CSR
openssl req -new -key mondomaine.com-key.pem -out mondomaine.com.csr
You will need to answer to many questions, think about it before you type.
=== Requirements ===
=== Requirements ===